Forums

Virus & Spyware

Virus & Spyware
Perspectives on PC security, including antivirus, anti-spyware and firewall solutions.

CryptoLocker, CryptoPrevent

  • Dale,

    Yes, MBAM PRO should automatically protect you against CryptoLocker.   Likewise, CryptoPrevent should also protect you.

    But one needs to keep in mind that malware can (and does) change, always trying to outsmart the anti-malware blockers.   So if/when a new "variation" of CryptoLocker first begins circulating, it may be able to infect systems until the anti-malware programs learn about it and revise their protection to include the latest "morph".

    As we know, the MBAM team is highly vigilant, and will likely become aware of the new malware --- and then offer updated detection/prevention to PRO users --- within just hours.   That's about the best one can hope for.   CryptoPrevent seems to be offering a "fair" number of updates so far... but keep in mind, that unless users monitor their site (or sites like this) to discover, download, and apply the latest updates when new updates become available, they will not be protected against the newest variant(s).

    As for the matter of installing/uninstalling:   The CryptoPrevent site offers two versions of its program.   The one, labeled "Download CryptoPrevent", offers a .ZIP file, from which the program must then be extracted.   The extracted progam, CryptoPrevent.exe , can be run directly without any "installation".   The alternative version, "Download CryptoPrevent Installer", offers a "setup" file which "installs" CryptoPrevent on your system.   I would speculate that the installer will overwrite the existing/older version.   But if you want to be 100% sure, just uninstall the old one.   And perhaps give thought to using the .ZIP-based version in the future, to avoid this question.   [If you go for .ZIP, you have to remember where you placed the file, to manually locate it again... the installer places an entry in your START-MENU list.]

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • Dale,

    re: uninstalling, here is a quote I just "rediscovered" from the program's website:

    "After [an] update, it is then necessary to re-apply the protection to your system.  It is not necessary to undo the previous protection in place before doing this, (n)or even to uninstall the app before updating.  If you have an older version of the app before the update functionality was introduced, simply download and install the latest version, then re-apply protection".

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • v4.1.5 – Misc changes to whitelisting functionality

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • Thanks David!  Wink

  • v4.2 – Added "Start Menu > All Programs > Startup folder" protection.  

             Added reboot prompt after automatic update / re-application of protection.

    ---------------

    Comment:   Since this program seems to be getting updated almost daily, I don't know that we'll continue to cite all its many updates here.   Users are encouraged to check for updates, either by going to the program's home page http://www.foolishit.com/vb6-projects/cryptoprevent/ , or by using the program's internal updater (Updates! / Check for updates).

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • I have the free version-CryptoPrevent- installed on one of my Windows 7 machines.  I would like to completely uninstall this free version however it does not show up in the Control Panel under the Programs.  How can I uninstall this program? 

    Forum Memeber Since 2001

  • If you can't find the Uninstall, the developer has a forum here: http://foolishtech.com/viewforum.php?f=5


     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

  • Annie,

    As pointed out in an earlier reply to Dale, there are two versions of the program available from its website:   a ZIP/extractable version which is self-contained [i.e., no need to install/uninstall], and an installer version [which can be installed/uninstalled].   Only the second version --- which actually performs an installation --- will appear in your Control Panel for uninstalling.  

    If you used the ZIP/extractable version, all you have to do is delete the files --- the ZIPped archive, and the extracted executable --- from your computer to "completely" remove them from your system.   HOWEVER:   If you applied the protection, simply deleting the executable file will leave the protection intact.   If you [also] want to remove the protection (from your registry), you should use CryptoPrevent to  UNDO  its protection, before you delete the program!

    Remark:  If you used the installer --- which apparently you didn't --- I'm not sure whether or not a formal "uninstall" will automatically remove the protection.   The safer approach here too would be to UNDO the protection before uninstalling (--- assuming that's what you want to do).

    Question:   Did you have a problem with the program? --- Given the potential protection it offers (free, and with no noticeable impact on one's system), I'm wondering why you feel the need to "completely uninstall" it?

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • ky331,  When I installed this CryptoPrevent on my first computer I used the zip file.  I misunderstood  how the free vs. the paid version worked. I wanted the paid version.   I wanted to completely uninstall/remove the zip version.

    When the zip version was installed it left files on my desktop and I wanted this program to go to my Programs.  I now have this program installed properly.  There was really nothing I found wrong with the program.  If it does what it says it is going to do then it is well worth the money.  I should have used the installer version the first time around. I have since gotten this program installed with the installer and removed the zip version. Also it is a real plus that CryptoPrevent can be used on multiple computers. Thanks for the help.  Yes

    Forum Memeber Since 2001

  • As always, glad to be of help.

    Just a thought... if you want to splurge on a paid program, personally, I'd say the money is better spent on MBAM PRO.   First off, MBAM PRO will protect you against CryptoLocker, so you'll be getting that important coverage.   But more significantly, MBAM PRO protects you against so many other varieties of malware --- so the comparative "bang for your buck" is just awesome.

    While I don't want to minimize the danger of CryptoLocker... if you "catch" it, your system will be devastated... I also have to wonder just how long the malware writers intend on keeping it alive --- I think that, at some point, they'll conclude there are enough protection vehicles readily available, that it's no longer worth their time to focus on this one entry vector.   Instead, they [or other malware writers] will create a completely new vehicle for malicious system penetration.   If I'm correct, then at that [future] point, CryptoPrevent's value will become muted, and the program may cease to be supported.   In contrast, MBAM should continue to adapt to all forms of significant malware that are created many years into the future.  

    You are correct in the statement that a single purchase of CryptoPrevent Premium is valid for ALL your home computers, so that's a definite plus for CryptoPrevent.

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • I have had Malwarebytes Pro for several years and it is a wonderful program.  It is on several of my computers.  I wanted to try the paid version vs. the free CryptoLocker to have the automatic updates.  Maybe that isn't the best way to go.  I hope the program is around for awhile so I get my money's worth. 

    Forum Memeber Since 2001

  • CryptoLocker may be around much longer than I've speculated.

    If CryptoPrevent blocks CryptoLocker on even one of your systems, you will have gotten (more than) your money's worth.

    And even if you never catch CryptoLocker, you can't put a price on "the peace-of-mind" CryptoPrevent offers you Smile .

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • BillP (WinPatrol) posted the following on Facebook, in response to the question:  [Can] WinPatrol can block the CryptoLocker viruses?

    "At this time, I wouldn't feel comfortable  saying WinPatrol will protect you against this kind of threat.  WinPatrol's protection by design is focused on a program infiltrating your computer so it can hide and mess with your system on a regular basis.

    Crypto style programs aren't really sophisticated in the way they remain on your system. In fact, if you remove the Trojan part of the threat it could prevent you from seeing the instructions on how to save your files. While I highly recommend daily backups over paying an extortionist it would be possible to restore their files via our History button.

    I'm currently spending  a lot of time researching this threat so I do have a bit of experience.  Using WinPatrol PLUS I have been able to detect the infiltration in time before any damage was done. Using the free version some files were compromised. However, this was under lab conditions and not by a typical user who would have allowed CryptoLocker to run in the first place. My experience is that typical users could fall prey to the download but instinct would kick in the moment they clicked.

    I'm pleased to note I have not received any reports of attacks by WinPatrol users.  That either means WinPatrol users are very careful or Scotty has alerted them in time.  I still wouldn't try it unless I knew everything was backed up or I was running in a virtual sandbox. The target audience for CrytoLocker may not be the same as those using WinPatrol.
    If your files have already been encrypted WinPatrol will not be able to help at this time.

    I am actually been looking at a solution to Cryptolocker and other attacks I expect to see in the future. Using some older code from WinPatrol. I believe it would possible to provide a solution for CryptoLocker however it uses the same technology common in root kits. I'm not sure if most users would find that acceptable. I do have an idea for a better solution but need some funding before I can make this happen.

    For now, use extra care and if you own a business train your users and keep a firewall between your employees."

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • CryptoPrevent v4.3.2 (11 April 2014) – added support for redirected %appdata% directories (Windows folder redirection typically only used on larger networks.)

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • v4.3.3 (May 16, 2014) – updated digital signature on CryptoPrevent executables.

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]