will EMET block Cryptolocker?

T

thomas1004

New member
Local time
3:49 AM
Messages
12
hello to all,

I'm running Windows 7 Professional x64, Service Pack 1
I have a third-party AV installed: Webroot SecureAnywhere v8.0.4.42
EMET is v4.0.4913.26122

I have EMET running for IE, Firefox and Microsoft Outlook.

Will EMET be able to block the Cryptolocker malware?

Thanks for your thoughts.
Regards, Tom
 

My Computer

Computer Manufacturer/Model Number
honeywell pavilion dv7
OS
windows 7 professional x64
EMET - probably not.

EMET is an anti exploit kit. That means it protects against zero-day attacks focused on internet-facing applications that have been correctly configured in EMET by the user where a vulnerability exists but is yet to be patched by the software manufacturer or where the user has not applied the latest available patch.

EMET does not stop a user from clicking on the password protected email attachment that will run the executable.

CryptoLocker: Please Kindly Find Our New PO - F-Secure Weblog : News from the Lab

CryptoLocker in action (Video):

https://www.youtube.com/watch?v=Gz2kmmsMpMI

You'll notice that following user action (clicks on file) a random named executable file runs and can be seen in Task manager. EMET is unlikely to prevent this.

Personally I use software that will prompt a user for action (or block) if a digitally unsigned file attempts to run or when a digitally signed file attempts to run without the signature existing in the Trusted Certificate list.
 

Attachments

  • Application Whitelisting.jpg
    Application Whitelisting.jpg
    60 KB · Views: 32
  • Application Whitelisting 2.jpg
    Application Whitelisting 2.jpg
    32.1 KB · Views: 32
Last edited:

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
ASUS
OS
Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
CPU
AMD C-60 APU with Radeon(tm) HD Graphics
Motherboard
ASUSTeK COMPUTER INC. X501U
Memory
4.00 GB
Graphics Card(s)
AMD Radeon HD 6290 Graphics
Sound Card
(1) AMD High Definition Audio Device (2) Realtek High Defi
Screen Resolution
1366 x 768 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
Hitachi HTS545050A7E380 SATA Disk Device
Antivirus
Comodo CIS & FW, SecureAplus App Whitelisting, Threatfire
Browser
Cyberfox 64bit, Opera 64bit, Airfox
Other Info
Spy-The-Spy, HitmanPro.Alert, Norton Connect Safe, MJRegWatcher, BitDefender TrafficLight, Voodoo Shield, Zemana AntiMalware
Thanks for the response Callender. I'm already taking weekly backups with an external hard drive (which I disengage from my laptop when completed). Webroot forums claim that CryptoLocker is blocked, but I'll explore other options from your reply and from other posts on this forum. Thanks again.
Tom
 

My Computer

Computer Manufacturer/Model Number
honeywell pavilion dv7
OS
windows 7 professional x64
I do not think so, last time i heard a kapersky report said none of antivirus present can settle this virus. Only decent anti-virus could prevent this virus infection.
Another tough virus :o
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
hp
OS
Windows 7 Ultimate x64
CPU
i3
Motherboard
asus
Memory
4gb
thomas1004 said:
hello to all,

I'm running Windows 7 Professional x64, Service Pack 1
I have a third-party AV installed: Webroot SecureAnywhere v8.0.4.42
EMET is v4.0.4913.26122
Click to expand...

You forgot "I have cloned my HDD and have all important files backed up on separate storage media (not connected to the computer/network)."
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
custom build
OS
Windows 7 Professional 64bit
CPU
Intel i7-5960X
Motherboard
EVGA X99 Classified
Memory
64GB Corsair Dominator 2400MHz
Graphics Card(s)
3 EVGA GTX980's
Sound Card
on board
Monitor(s) Displays
3 Dell E2715H 27"
Screen Resolution
1920x1080 (5760x1080)
Hard Drives
Samsung 950 Pro 1TB M.2 SSD,
Western Digital Black 2TB HDD's x5
Western Digital Black 1TB HDD's x3
PSU
Corsair AX1200i
Case
Corsair 750D
Cooling
Corsair H110i GT
Keyboard
Corsair K70
Mouse
Corsair M45
Internet Speed
250 down/10 up
Antivirus
Microsoft Security Essentials
Browser
IE 11, Google Chrome
Thanks Havoc, I am taking weekly data backups as well as
System image backups to an external hard drive. I disconnect
The xHD when it's finished. The ability of this malware to seek out
Attached devices and networks makes this particularly nasty.
 

My Computer

Computer Manufacturer/Model Number
honeywell pavilion dv7
OS
windows 7 professional x64
You must log in or register to reply here.

Similar threads

this is the end. driver, where are you taking us?
Replies
9
Views
1K
file3456
F
KB4571729 Security Monthly Quality Rollup ESU for Windows 7 - Aug. 11
Replies
0
Views
3K
Brink
Brink
Error Message: KB 4074096 missing; no registry in Default Programs
Replies
1
Views
977
torchwood
torchwood
Windows: Moving Beyond Enhanced Mitigation Experience Toolkit (EMET)
Replies
0
Views
3K
Brink
Brink
Firefox Now Available with Enhanced Tracking Protection by Default
Replies
0
Views
847
Brink
Brink
Back
Top