Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: will EMET block Cryptolocker?

04 Dec 2013   #1

windows 7 professional x64
 
 
will EMET block Cryptolocker?

hello to all,

I'm running Windows 7 Professional x64, Service Pack 1
I have a third-party AV installed: Webroot SecureAnywhere v8.0.4.42
EMET is v4.0.4913.26122

I have EMET running for IE, Firefox and Microsoft Outlook.

Will EMET be able to block the Cryptolocker malware?

Thanks for your thoughts.
Regards, Tom

My System SpecsSystem Spec
.

04 Dec 2013   #2

Windows 7 Home Premium
 
 
EMET - probably not.

EMET is an anti exploit kit. That means it protects against zero-day attacks focused on internet-facing applications that have been correctly configured in EMET by the user where a vulnerability exists but is yet to be patched by the software manufacturer or where the user has not applied the latest available patch.

EMET does not stop a user from clicking on the password protected email attachment that will run the executable.

CryptoLocker: Please Kindly Find Our New PO - F-Secure Weblog : News from the Lab

CryptoLocker in action (Video):

https://www.youtube.com/watch?v=Gz2kmmsMpMI

You'll notice that following user action (clicks on file) a random named executable file runs and can be seen in Task manager. EMET is unlikely to prevent this.

Personally I use software that will prompt a user for action (or block) if a digitally unsigned file attempts to run or when a digitally signed file attempts to run without the signature existing in the Trusted Certificate list.


Attached Images
  
My System SpecsSystem Spec
05 Dec 2013   #3

windows 7 professional x64
 
 

Thanks for the response Callender. I'm already taking weekly backups with an external hard drive (which I disengage from my laptop when completed). Webroot forums claim that CryptoLocker is blocked, but I'll explore other options from your reply and from other posts on this forum. Thanks again.
Tom
My System SpecsSystem Spec
.


06 Dec 2013   #4

Windows 7 Ultimate x64
 
 

I do not think so, last time i heard a kapersky report said none of antivirus present can settle this virus. Only decent anti-virus could prevent this virus infection.
Another tough virus
My System SpecsSystem Spec
06 Dec 2013   #5

Windows 7 Professional 64bit
 
 

Quote   Quote: Originally Posted by thomas1004 View Post
hello to all,

I'm running Windows 7 Professional x64, Service Pack 1
I have a third-party AV installed: Webroot SecureAnywhere v8.0.4.42
EMET is v4.0.4913.26122
You forgot "I have cloned my HDD and have all important files backed up on separate storage media (not connected to the computer/network)."
My System SpecsSystem Spec
06 Dec 2013   #6

windows 7 professional x64
 
 

Thanks Havoc, I am taking weekly data backups as well as
System image backups to an external hard drive. I disconnect
The xHD when it's finished. The ability of this malware to seek out
Attached devices and networks makes this particularly nasty.
My System SpecsSystem Spec
Reply

 will EMET block Cryptolocker?





Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:01 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33