HomeGroup Encryption of Files

G

Goldfish101

New member
Local time
1:25 AM
Messages
1
I read somewhere that once a file is encrypted using EFS, it can only be accessed by the Windows login that encrypted the file. Although other users on the same computer might be able to see your files, they will be unable to open them – including Administrators.
The question I would have is it possible that a virus such as a Crypto type could hacks a pc and use the PCs encryption system via Homegroup, sort of tricking the pc that there is a group when in fact there is only one PC.
The reason I ask is that my pc has been hacked by a virus and a Homegroup account has been set up along with an Everyone user plus two others which was hidden with files encrypted and file user permissions set up which prove difficult to change. if I undo all the virus set up rubbish and get back to Owner only what will happen the encrypted files.
 

My Computer My Computer

At a glance

Windows 7
Computer type
PC/Desktop
OS
Windows 7
EFS doesn't protects at all against those kind of viruses, at all. It's not even designed to do so. The reason of that is included in your own post:

once a file is encrypted using EFS, it can only be accessed by the Windows login that encrypted the file
Click to expand...

If you encrypt files with your user account, only that account will have the decryption key, so you logically can use the files. Problem is that the vast majority of viruses will also run with your own user account too, as they usually are run though a web site or though a downloaded file. Hence, the virus will also have the very same access as yourself, including the encrypted files (this is also the reason why running with an admin account is so bad, the virus get access to everything).

The homegroup thing seems to be unrelated to anything like ransomware, it's not needed at all to capture all your data. It could be used however to further spread infection or to create a backdoor for more things to enter or re-infect the affected system.
That's why the usual recommendation after a system has been found infected is to simply reformat it. It's impossible to know for sure what the malware has been done exactly, and most important how to revert those changes.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Core i7-740QM8 GB DDR3NVIDIA GeForce 330GT
Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba Sattelite A665-S6092
OS
Windows 7 Ultimate x64
CPU
Intel Core i7-740QM
Memory
8 GB DDR3
Graphics Card(s)
NVIDIA GeForce 330GT
Screen Resolution
1366x768
Hard Drives
Samsung 840 SSD 500GB
1TB USB3 external HD
Cooling
Coolermaster Notepal U3 notebook cooling pad
Internet Speed
3mbps ASDL
Antivirus
ClamWin 0.98.7
Browser
Opera 12.17 x86 (main), Firefox 38 (sec), IE11 (last resort)
You must log in or register to reply here.

Similar threads

Solved External Hard drive encryption
Replies
3
Views
26K
mbones57
M
Solved Encryption of firefox favorites with a password!
Replies
9
Views
3K
file3456
F
Denied Access to files after encryption, and cannot read private key
Replies
11
Views
7K
DarthDankSaber
D
RDP shpws Error - encryption oracle remediation needed
Replies
12
Views
2K
farhaj
F
Solved Encryption Panic
Replies
6
Views
2K
TDKMate
T
Back
Top