Ducktoes Wins Against the Worst Virus Ever: Cryptolocker

 

[ad name=”new”]

A red mean looking virus chases a scared looking computer tower.

A Law office client of ours got Cryptolocker, the worst virus ever, earlier this week.  Luckily they let me know before it encrypted all their files.  The lawyer stopped in the office and said something strange was happening to the files, that they were locked and said they were encrypted.

I immediately grabbed my laptop and went out the door and literally ran down the street to his office.  The lawyer yelled after me, “Where are you going?”  “To your office!” I said.

Luckily it had only encrypted one user’s files on the server.  Often it encrypts everything on the network because it is really contagious and moves quickly.  They were lucky they had us as their IT support and that we reacted immediately or they would have lost all their documents which would devastating and expensive beyond belief for a law office.

What I did:

  • I reacted immediately. Since it was late on a Friday afternoon the it support techs were already on their way home after a really long and busy day so I went myself.
  • Upon arrival, I disconnected all network drives and started virus removal on all desktops.
  • I backed up any documents not yet encrypted.
  • I took the two infected computers back to the office and quarantined them, then did advanced virus removal. (You have to quarantine Cryptolocker or it will infect all your computers.)
  • I put better protection on their computers, AVG Cloud and Malwarebytes Pro. Before they had a different free antivirus which we don’t recommend but they liked it and until then it had served them well.  AVG Cloud is good because it is alerts us of viruses by email and Malwarebytes Pro prevents the encryption virus.

I love saving clients from catastrophic outcomes.  We can help your company too with our Calgary IT support services.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Emergency Weekend Virus Removal at Birthday Party

[ad name=”new”]

Yesterday, like most Saturdays, I worked at the Ducktoes Computer Repair shop. It was still bitterly cold out, so I thought it would be a slow day. It turned out not so slow after all.  We got in a few computers and answered a lot of phone calls.

ducktoesshop

A man visiting from out of town called and said he had a virus on his laptop that had locked his screen. The virus interface, which began as soon as he logged into Windows, wouldn’t let him do anything else but stay on the page, which was the virus’s Interpol version, see below. There was no way to get around it. The text on the page said it was placed there by Interpol for crimes committed on my client’s computer. To unlock it, he was supposed to buy a gift card from Shoppers or Canadian Tire and send it to the “police.” Then they would unlock his screen. My client didn’t buy the card, he knew it was a scam, but he had only overnight before he had to fly out of YYC today for a business meeting.

Screenshot of Interpol Virus

At the computer repair shop, we’ve fixed the Cybercrime virus many times so I agreed to do it quickly. Usually we boot into safe mode with command prompt and then navigate to the flash drive from there. On the flash drive we have our most potent virus tools. Yet the Cybercrime virus had changed as it frequently does. When I tried to boot into safe mode with command prompt, the laptop rebooted immediately. Uh-oh, I said to myself. I had to think of a new solution asap. I tried Kaspersky Rescue Disk but it wouldn’t run for some reason and Avast Rescue disk, but the definitions were too old to catch the virus.

Also last night was our extended family party for my son’s 18th birthday. We were having the family over to celebrate with take-out Indian food, presents, and cake. I was under pressure.

party

What I did: I removed the hard drive, putting the tiny hard drive screws in a safe place, then put drive in a 2.5 enclosure. Then I connected it to my laptop and ran Malwarebytes Pro on it and Avast. It was not finished before the birthday party began so I let the scans run during the party. They both caught many infections. Between the meal, which was delicious by the way, and opening presents, I put the hard drive back into the laptop and it booted without the fraudulent Interpol page coming up on the desktop. Hurray!! The computer was still infected but now I had cracked the virus enough to really work on it. I ran Combofix which caught many infections in System32 deep within Windows and many other tools until the scans started running clean and then I started speeding it up. I knew it was almost fixed by the time the party was over. I wanted to dance a jig. I do love the challenge of removing a difficult virus.

This morning I’m speeding the laptop up and repairing the registry before giving it back to my client just in time for him to catch his flight.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

How to Remove New Skype Virus

I saw a new Skype virus this week. It was sending a series of numbers out on Skype messaging to a contact my client didn’t recognize. My client and I were worried they were credit card or bank account numbers but couldn’t match them. Whatever they were, we didn’t want that going on. To remove it I used our Ducktoes anti-virus cocktail which is our trade secret at Ducktoes. It thoroughly removes almost any virus. Those it can’t remove, we remove by hand.

 

This shows what the Skype virus message looks like. The Skype message interface with numbers in it.

The virus was sending messages like this. I made up these numbers.

But here is a series of scanners that should get the Skype virus out of your computer.

Eset Online Scanner

Malwarebytes

Superantispyware

F-secure Online Scanner

These are all wonderful malware and virus removers. I recently bought Malwarebytes Pro for my family since it protects against the encryption virus.

If you live near Calgary and need virus removal bring your infected computer to our virus lab. Alternatively, we can remote into your computer anywhere to remove viruses.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

No Encryption Virus Yet

[ad name=”new”]

Notebook Security

Luckily we haven’t seen the encryption virus Crytolocker on a client computer in our Calgary repair shop yet. I hope we never do. This ransomware will encrypt your entire hard drive so you lose all your photos, data, and documents if you don’t pay the criminals the unencryption fee. I think the fee is $300.

Everyday we are still seeing the Cybercrime virus and Optimizer Pro and are expert in removing it. I think we could remove these two in our sleep. The Cybercrime virus is another ransomware that locks your computer until you send a gift card to the criminals. Really. The information on your locked computer says you are sending it to the RCMP or FBI or other law enforcement agency. Even if you pay your computer will stay “locked” until you bring it to a repair shop and get the virus removed. So don’t pay.

As far as the encryption virus goes, this is what you should do as a precaution: backup your drive and then disconnect your external backup from your computer so if you get the virus, the backup drive doesn’t get encrypted too. Then youcan transfer the data back to your computer if it gets encrypted. Problem solved. Also don’t open any attachments on emails especially if the emails are “phishy”, meaning if they purport to be from a reputable company but are not addressed to you but to a generic user. They might seem to be from a bank or shipping service such a Fed Ex or UPS. Do not open the attachment.

Click here if you’d like more information on the encryption virus and what you should do to prevent it.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

The Worst Virus Ever: Cryptolocker

[ad name=”new”]

Be aware there is a new virus called Cryptolocker that usually comes in through an executable attached to an email, usually about a parcel delivery. Do not open the attachment. It can come in other ways too, through a botnet if you’re already infected with another virus.

The virus will encrypt your files and unless you pay the $300 to the criminal virus creators.

Here is a video showing the virus in action by Sophos.

Here is an excellent article about the infection. Bleeping Computer (always my heros) does a have a partial solution.

An action to protect yourself: please make a backup or image of your computer now and then remove the external hard drive. Make sure you then detach the hard drive from your computer. Ducktoes can do this for you if you bring a computer in to our Calgary Computer Repair lab.

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather