Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: What's Microsoft doing about Cryptolocker?

13 Jan 2014   #1
rufford155

Windows 7 Home Premium x64
 
 
What's Microsoft doing about Cryptolocker?

Why doesn't MS issue a patch or update to prevent Cryptolocker?
Couldn't they provide a permanent solution along the lines of CryptoPrevent?
Is the latter utility safe? - and any good?

Apologies if this is old hat, couldn't find thsi specific query anywhere.


My System SpecsSystem Spec
.

13 Jan 2014   #2
marsmimar

Microsoft Community Contributor Award Recipient

 
 

According to Microsoft, their security software detects and removes this threat.

Trojan:Win32/Crilock.A

Virus:Win32/Crypto.C.dr

Presumably it's easier to update the signatures and heuristics for anti-malware software than to keep issuing patches or updates to an operating system.
My System SpecsSystem Spec
13 Jan 2014   #3
strollin

W7 Ult desktop, W8.1 laptop, W7 Home netbook, W8.1 tablet, Win 10 TP VM
 
 

Detecting and removing the Crypto software after your computer is infected is too little, too late as your files will already have been encrypted. Cryptorevent is an attempt to prevent the infection in the first place which is what rufford18 is asking about.

As far as I know, CryptoPrevent is safe and recommended. I have it installed but can't say how effective it is. The best defense seems to be to have backups on drives that are not kept attached to your network.
My System SpecsSystem Spec
.


13 Jan 2014   #4
Computer0304

Windows 7 Professional 32-bit/Windows 8 64-bit/Win7 Pro64-bit
 
 

Once it infects your pc though, no software could decrypt your files.
My System SpecsSystem Spec
13 Jan 2014   #5
COMPUTIAC

Windows 8.1.1 64bit
 
 

Quote   Quote: Originally Posted by strollin View Post
Detecting and removing the Crypto software after your computer is infected is too little, too late as your files will already have been encrypted. Cryptorevent is an attempt to prevent the infection in the first place which is what rufford18 is asking about.

As far as I know, CryptoPrevent is safe and recommended. I have it installed but can't say how effective it is. The best defense seems to be to have backups on drives that are not kept attached to your network.
Is this the one you are referring to : Download CryptoPrevent - MajorGeeks
My System SpecsSystem Spec
13 Jan 2014   #6
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Microsoft? Don't know.

I don't know what Microsoft is doing about Cryptolocker but whatever they do the guys that created it will probably try to find a way around any solution that's put in place.

As far as I can work out you can create your own Group Policy rules to prevent executable files from running in the locations that Cryptolocker uses as shown in the link below.


Cryptolocker: How to avoid getting infected and what to do if you are.


The problem with that approach and the "Cryptoprevent" approach is that it can also prevent some legitimate apps from running. I suppose that for most users it's better to have protection in place although they'd need to understand how to whitelist apps that get blocked.

I've tried two approaches:

1). Used Bitdefender Anti-Crypto.

2). Used application whitelisting software that detects when an unsigned file attempts to run and can be set to prompt the user for action. Additionally if a signed file's signature is not in the list of trusted certificates a user can be asked to either block or allow execution.

So far method 2). has been the best solution for me.




Attached Images
 
My System SpecsSystem Spec
13 Jan 2014   #7
strollin

W7 Ult desktop, W8.1 laptop, W7 Home netbook, W8.1 tablet, Win 10 TP VM
 
 

Quote   Quote: Originally Posted by COMPUTIAC View Post
Quote   Quote: Originally Posted by strollin View Post
Detecting and removing the Crypto software after your computer is infected is too little, too late as your files will already have been encrypted. Cryptorevent is an attempt to prevent the infection in the first place which is what rufford18 is asking about.

As far as I know, CryptoPrevent is safe and recommended. I have it installed but can't say how effective it is. The best defense seems to be to have backups on drives that are not kept attached to your network.
Is this the one you are referring to : Download CryptoPrevent - MajorGeeks
Yes, that's CryptoPrevent
My System SpecsSystem Spec
14 Jan 2014   #8
logicearth

Windows 8.1 Pro (x64)
 
 

Im not sure what you are asking Microsoft to do. There is no security vulnerability in Windows that is being exploited, no holes to patch. Cryptolocker is merely an application that does something awful. But nothing a patch or update is going to solve. Unless you disable applications running all togeather.
My System SpecsSystem Spec
21 Feb 2014   #9
rufford155

Windows 7 Home Premium x64
 
 
Thanks

Thanks for all replies.
Sorry I've been away awhile.
Found some other useful thread on here too.
My System SpecsSystem Spec
21 Feb 2014   #10
Computer0304

Windows 7 Professional 32-bit/Windows 8 64-bit/Win7 Pro64-bit
 
 

Microsoft could just block cryptolocker-like files from running.
My System SpecsSystem Spec
Reply

 What's Microsoft doing about Cryptolocker?




Thread Tools





Similar help and support threads
Thread Forum
Behind the CryptoLocker Disruption
Source A Guy
Security News
CryptoLocker Ransomware Moves to Android
Source A Guy
Security News
CryptoLocker creeps lure victims with fake Adobe, Microsoft activation
Source A Guy
Security News
Cryptolocker: Menace of 2013
Read more at: Cryptolocker: Menace of 2013 | ZDNet
Security News
will EMET block Cryptolocker?
hello to all, I'm running Windows 7 Professional x64, Service Pack 1 I have a third-party AV installed: Webroot SecureAnywhere v8.0.4.42 EMET is v4.0.4913.26122 I have EMET running for IE, Firefox and Microsoft Outlook. Will EMET be able to block the Cryptolocker malware?
System Security
Cryptolocker protection
Hello Folks. My periodical 'Computer Active' is advising the installation of this prevention kit: CryptoPrevent | Computer Technician - PC Repair Software |Foolish IT LLC Does anyone have any comments to make on this course of action?
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 20:02.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App