Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Question About Cryptolocker or Cryptowall

07 Apr 2015   #1
Brucex64

Windows 7 Pro SP1
 
 
Question About Cryptolocker or Cryptowall

I am not sure if I have this ransomware. I've looked at a few of my files and they open ok.

I was browsing the web and came to a bad page which redirected to a screen - I did not take the time to read all of it but it said something about the FBI and I saw the words "your files are being encrypted". I immediately closed all browsers.

I should mention that I have MS Security Essentials active. My files are backed up on the cloud with CrashPlan. I did a scan with Security Essentials, it did not find anything. I installed Malwarebytes & Spybot with the latest updates and ran full scans - nothing unusual was found. I had to reboot a couple times, but still nothing. No warning screen came up saying I had to pay etc.

So the thing is, I am not sure if it actually installed itself or if the AV program blocked it. One question is, how long after one of these viruses infect your system do you see the signs of its damage? Would I have seen something by now if I had it? And 2nd question, is there a program I can use to analyze the system and tell me if I have it? Do MS Security, Malwarebytes, and Spybot S&D catch these ransomwares, or is there something else I should scan with?


My System SpecsSystem Spec
.
07 Apr 2015   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Run a scan with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
08 Apr 2015   #3
Brucex64

Windows 7 Pro SP1
 
 

Ok, here is what ESet found after 17 hours!

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\ProgramData\{0159ba11-68c4-b6d9-0159-9ba1168ce845}\Intuit TurboTax Deluxe _ Home.rar.exe a variant of Win32/Adware.MultiPlug.FQ application
C:\Users\All Users\{0159ba11-68c4-b6d9-0159-9ba1168ce845}\Intuit TurboTax Deluxe _ Home.rar.exe a variant of Win32/Adware.MultiPlug.FQ application
C:\Windows\Installer\11f4d697.msi a variant of Win32/Systweak.L potentially unwanted application
D:\Software\Installed\Extracted\Winzip\WinZip Pro 19.0 Build 11293 (x64) + Key\winzip190-64.msi a variant of Win32/Systweak.L potentially unwanted application
D:\Software\Old Stuff\WinZip Pro 18.0 Build 11023 Final.zip a variant of Win32/Systweak.L potentially unwanted application
My System SpecsSystem Spec
.

09 Apr 2015   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Looks like a 'crack' .... WinZip Pro 19.0 Build 11293 (x64) + Key
My System SpecsSystem Spec
Reply

 Question About Cryptolocker or Cryptowall




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
CryptoWall Ransomware, Please Help To Decrypt Files.
Hello There, I am not sure if this is the right section to Post my problem, I Got a CryptoWall Virus, So they Encrypted all my files and blackmail me to Decrypt them back, So Does anyone knows any way to Decrypt this ? Please anyone can help, It's Excel and Word Work Files. Once they do this...
System Security
Attacked by cryptowall 2.0 - now attempting rebuild
It started Halloween is my guess looking for pic to carve a pumpkin with. Win 7 was out of memory - I have 24 gb so that was not right. In msconfig startup was ba025.exe file two places. Removed and rebooted. Seemed ok until I opend outlook and my email pst files were encrypted with instructions...
Backup and Restore


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:59.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App