Classic British Flight Sim

I have no idea where it came from or when but my PC has been attacked by the Cryptowall virus. Essentially all my document, text, picture and video files have been trashed. I have been promising myself an offline hard drive but didn't get around to buying one I have some backups but nothing like the amount that I have lost. Apparently I can buy a decryption key for $500 in bit coin. Yeah, and I believe in Santa Claus too!

I assume that there is no known way of retrieving Cryptowall encrypted files so my question is, which is the best anti-virus to beat threats like this one? I use Malwarebytes to find and remove viruses and it removed this one. Is it worth buying the full package to protect my PC or is there something better? What do you think guys?

Andy

Ah, sorry to the hear that, Andy - must be a real sod.

I use MBAM, too, and I repeatedly see it recommended around the net, when people hit real problems.

If I had the money, I would have the pro version, no hesitation. Apart from the standard Windows stuff, it's the only anti-malware prog I use and I've not had an 'invasion' for many years. My friends all have, though - and MBAM always sorted them! (They used 'usuals' such as Norton, AntiVir and AVG, which got them into trouble).

I'm not suggesting it's the answer to everything, but I would strongly recommend it.

Yes.. it's difficult to describe or pigeon-hole exactly what MWB actually is. It should be a program to stop and/or remove 'Malware' rather than being 'Anti Virus' but what constitutes a virus these days is very blurred I have the trial version of it on this pc and the Pro version on my XP pc (single license I'm afraid). If you let the Pro version run all the time.. it will stop a lot of stuff going on and question some installs (bonafide ones!). I had an incident with the QW146.. the install for which appeared to go perfectly but I couldn't see the landing gear on the external model. I eventually found that MWB didn't like the look of the QW dll and had quarantined it
I got by a nasty browser 'thing' on this pc which sidestepped MSE.. whether it was classified as malware or a virus, I still don't know but it caused havoc. SpyHunter4 came up as a removal tool for it (which it successfully found but wouldn't remove until I paid £29 for the full version ) and if I let this run 'full time'.. it will act like MWB and question a lot of things you do.. like having a double layer UCP I suppose. Needless to say.. that level of security does my head in so I've set it to not auto start.. I run it once a week then close it down again. It always finds tracker cookies.. it found 57 this morning!

Ultimately.. what would I recommend? I honestly don't know. AV progs covered a multitude of sins once upon a time so all you needed as a decent AV prog to keep you safe. These days, hackers and writers of malicious cr@p seem clever enough to circumnavigate AV spawning a new industry in the so called 'Malware' market For my part.. I have MSE installed and running all the time but have additional backup in SpyHunter4 (plus the trail version of MWB). I don't think I'd be confident to run either SpyHunter or MWB alone and have no AV running but both are capable programs

ATB
DaveB

Hi Andy,
Malwarebytes is constantly running on my system.
I also permanently run MWB Anti-Exploit Premium, which is supposed to stop problems before they try to load, rather than finding and quarantining them after the event.
Microsoft Security Essentials is always constantly running.
I have no trouble with this combination stopping legitimate downloads, or with them fighting each other.
MSE was free, and the MWBs must have been pretty cheap because I don't part with my money easily.
Good luck. Thinking of you.

Hi Andy,

I only use MWB pro, no problems at all and a great website comes with it covering the weeks virus and phishing news. See here about cryptowall; https://blog.malwarebytes.org/malvertis ... g-attacks/

Nev

Best removal tool is Spyhunter which will do it automatically, it can be done manually but it is only for the expert. Your system can be recovered.

Nev

Thanks for all of your advice guys Sorry it took so long to respond but the internet here on the island was running slower than dialup yesterday.

I already use MSE and I think that I'll go for a full MWB licence. I use Private Firewall on my XP system but it was the W7 system that was attacked. Unfortunately both are in one PC and everything was infected. I now no longer have a working FS9 or FSX

Nev, you say that the situation can be recovered. Do you know how because all I read suggests that there is no recovery from Cryptowall apart from paying the barstewards ransom (which I certainly don't intend)?

Andy

Andy,
I assume when you say both are on one PC you mean that you are running dual boot type arrangement. If this is the case its highly likely the infection came via the XP machine, but wrote itself into the win 7 files on your disk, assuming that from the xp machine its possible to see the win7 system files? The win 7 machine would not need to be running for this to happen and it would bypass all of the security you have on the win 7 machine.

Andy,
I may be wrong, but it looks like Spyhunter fixes your Windows encryption, but the final couple of lines indicate that your FILES will have to be recovered from an external source.
From the Spyhunter website:



Fake Updates and Spam Emails may Bring the CryptoWall Ransomware to Your Computer

The CryptoWall Ransomware is distributed as a fake update for applications such as Adobe Reader, Flash Player or the Java Runtime Environment. These types of updates may be offered in pop-up windows when you visit unsafe websites or when a Potentially Unwanted Program is installed on your computer. The CryptoWall Ransomware also may be distributed using spam email attachments and other typical threat delivery methods. Apart from encrypting your software, the CryptoWall Ransomware will also drop the files DECRYPT_INSTRUCTION.txt,



DECRYPT_INSTRUCTION.html and DECRYPT_INSTRUCTION.url into directories where the CryptoWall Ransomware has encrypted data. The CryptoWall Ransomware uses the following ransom message to demand payment:

Decrypt service
Your files are encrypted.
To get the key to decrypt files you have to pay 500 USD/EUR. If payments is not made before [date] the cost of decrypting files will increase 2 times and will be 1000 USD/EUR Prior to increasing the amount left: [count down timer]
We are present a special software - CryptoWall Decrypter - which is allow to decrypt and return control to all your encrypted files. How to buy CryptoWall decrypter?
1.You should register Bitcoin waller
2. Purchasing Bitcoins - Although it's not yet easy to buy bit coins, it's getting simpler every day.
3. Send 1.22 BTC to Bitcoin address: 1BhLzCZGY6dwQYgX4B6NR5sjDebBPNapvv
4. Enter the Transaction ID and select amount.
5. Please check the payment information and click 'PAY'.

Avoid paying this ransom. Instead remove the CryptoWall Ransomware using a reliable, fully updated security program and then recover your files from an external back-up.

This should be a warning to us all when receiving offers of updates as highlighted above.

Mike..

I think Andy is stuck between a rock and a hard place here.. especially as SpyHunter is the nominated 'fixer'. As I found myself, although SpyHunter will find the virus.. when you hit the 'remove' or 'Fix threats' button as it's called on the SH window.. it won't fix or remove anything until you buy the software. This made me very annoyed (to put it mildly). You want it gone.. you cough up the money first!! If I remember right.. the cost worked out at £29
You could look at it another way though.. £29 is a lot less than $500.

Unless you're some sort of computer wiz Andy.. this little episode is going to cost you a 1 year subscription to SpyHunter

ATB
DaveB