Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

snowshine

2 Intern

 • 

1.1K Posts

13120

June 2nd, 2014 12:00

Russian malware?

Hello, Just on the Channel 4 news here in UK (TV) informs of a major Russian based computer malware causing over half a billion pounds either stolen or taken away as ransom after taking over control of computers either home or businesses. I am naturally very concerned after listening to the following. Cyber crime expert Don Smith shows Channel 4 News how criminals remotely get into your computer ("they almost certainly have better access to your computer than you do") in order to steal "hard cash. I do not know if you could watch the above from out side UK. However as I understood from the news discussion that an e-mail with attachment arrives and when open the attachment the computer opened on will be under the control of this gang. It goes on to inform how they ask ransom to access to folders on that computer, able to watch the user by remotely accessing their camera ect. I have not opened any such e-mails or attachments. But naturally very concerned if I am a victim? I am running my free version of the Malwarebytes Anti-Malware. I have regularly updated MS Security Essentials. Is there any other techniques I need to do to see if mine is infected or free from an attack? Thank you for your input, in advance I wish to say. Regards

ky331

3 Apprentice

 • 

15.3K Posts

June 2nd, 2014 19:00

"an e-mail with attachment arrives and when open the attachment the computer opened on will be under the control of this gang...  I have not opened any such e-mails or attachments".

Using "common sense" ("safe surfing") goes a long way toward prevention.  Never open up a suspicious attachment.   In fact, even attachments from known friends/relatives have the potential for danger, in that their e-mail could have been hacked or even forged!   So we always need to be on our toes... even when opening "friendly" e-mails.

One thing that could help:   Opening attachments inside Sandboxie.   In theory, if anything malicious is opened and run, it should be trapped inside the sandbox, and then easily discarded simply by closing the sandbox.

------------------------------

As for ransomware, one of the most dangerous is CryptoLocker.   Fortunately, there's a program I've been following in this forum called CryptoPrevent, which easily blocks known versions of Cryptolocker.   If you haven't looked into it, you should read my long/ongoing thread here:  http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19530796.aspx

The [FREE] program can be downloaded from CryptoPrevent   http://www.foolishit.com/vb6-projects/cryptoprevent/ 

(scroll to the bottom of the page for the download links).   Manually check for updates "occasionally".

-----------------------------------------------------------------------------

As for how to test your system for these infections [other than saying, if CryptoLocker had completed its task, you'd definitely know, as it would prompt you for a ransom], I don't have a definitive answer... perhaps someone else might be able to tackle that.

ky331

3 Apprentice

 • 

15.3K Posts

June 3rd, 2014 06:00

Snow,

Thank you for appreciating my answer.

For the sake of completeness, I'd like to add a few more comments:

1) re: Sandboxie

The program is now under (relatively) "new" management, who have chosen to completely re-code the program (using a different "computer language").   Any such REVOLUTIONARY (as opposed to a gradual, EVOLUTIONARY) change leads us to take pause, as while their intent may be for the best, there's no guarantee that the results will be.  http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19580964.aspx

Now, I'm NOT saying this major change is necessarily bad... only that we have to proceed with caution.

The current Sandboxie release is 4.12.   I believe Iroc9555 has updated to 4.10 (which includes the new code) without having any issues.  http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19586358.aspx 

I am still using Sandboxie 4.08 on my Win7 system, and Beta 4.09-01 on my XP.   I have no current plans to update either, as they're working well for me.

(Fortunately, Sandboxie keeps all its old [non-Beta] versions available, for anyone who wants/needs to back-track to one of them http://www.sandboxie.com/index.php?AllVersions )

Lastly, let me stress that for the Free version of Sandboxie, users must actively choose to run their browser [or other program] inside of Sandboxie.   If you want to set your browser to default to running sandboxed automatically --- which would be nice for friends/relatives who might not think to do this --- you'll need to opt for the paid version.   [This is called "forcing" Sandboxie.]

2) re: MBAM

You indicated using the free version of MBAM.   It's a top-of-the line scanner/remover... but the free version doesn't offer realtime protection, which could prevent a lot of the "meanies" from infecting your system in the first place.  ["An ounce of prevention is worth a pound of cure".]   Again, if you wish to gain realtime protection, you'll have to opt for MBAM's paid/premium version.

Now, I have long been an advocate of MBAM Premium.   It catches a lot of the "bad stuff" that can slip-through just about ANY anti-virus program.   Indeed, it was the one paid program I felt was absolutely worth it.   However, I must point out two key recent developments here:

a) MBAM has switched from a lifetime (buy-once) license to an annual (must renew each year) subscription fee.

b) MBAM has recently released version 2.x.   While I applaud MBAM for its desire to enhance its product (e.g., by adding the anti-rootkit module, and for allegedly more-powerful web-blocking)... and while they DID test the product for many months... I believe they offered their public (non-beta) release too quickly.   Many of the complaints they're now forced to address had been reported by beta-testers in their forum.   Had they listened then... had they offered another Release Candidate or two... I believe they would have been better served and received.

There are MANY reports of problems, both at the MBAM forum https://forums.malwarebytes.org/index.php?showforum=41

and an ongoing 27-PAGE thread at Wilder's forum http://www.wilderssecurity.com/threads/malwarebytes-anti-malware-2-released.361805/ 

And while it's likely that SOME of these reports are the result of user error, there are just too many to dismiss them all as such.

Accordingly, while I myself am successfully running MBAM PRO on both Win7 and XP, I am very skittish about recommending it at present.  

--------------------------------------------

You should now have the necessary information (caveats) to make an informed decision for yourself.

snowshine

2 Intern

 • 

1.1K Posts

June 3rd, 2014 00:00

ky331 you are helpful as ever. Thanking you. It is reassuring to know few more steps I could follow to help prevent a debacle.. Must inform my family members.. I will go to read "Sandboxie" now Regards

joe53

5.8K Posts

June 3rd, 2014 13:00

Lastly, let me stress that for the Free version of Sandboxie, users must actively choose to run their browser [or other program] inside of Sandboxie.   If you want to set your browser to default to running sandboxed automatically --- which would be nice for friends/relatives who might not think to do this --- you'll need to opt for the paid version.   [This is called "forcing" Sandboxie.]

When I installed the free version of Sandboxie some years ago, it created a shortcut icon that opens my default browser sandboxed automatically. It works still. Have things changed?

ky331

3 Apprentice

 • 

15.3K Posts

June 3rd, 2014 15:00

Joe wrote:  "When I installed the free version of Sandboxie some years ago, it created a shortcut icon that opens my default browser sandboxed automatically".

Yes, that has not changed.   And I apologize for any confusion.   The point being, users must realize that they have to click on that particular shortcut icon for sandboxie, rather than the standard browser icon that they're used to.   If they click on the standard icon, the browser opens unsandboxed.

I don't have the paid version, but my understanding is that it allows you to "force" :emotion-30: any program(s) that you specify to automatically open inside Sandboxie.   So, if you are preparing a system for friends [and Snow mentioned sharing a system with family members], you can "instruct" the paid version to automatically open up IE, FF, Opera, Chrome, AND any other program(s) you wish in sandboxed mode... even when the users clicks on the normal icon for those programs.   That would be the best way to go, when other [less-careful] people are involved.

------------------------------------------

:emotion-30::   RIGHT-click on the sandboxie icon in your system tray, select Show Window, Sandbox, Default Box, Sandboxie settings, Program Start, Forced Programs.  ("If any of the following programs start unsandboxed, it will be forced to run in this sandbox".)

joe53

5.8K Posts

June 3rd, 2014 15:00

Thanks for the clarifications, Hernan and ky.

I'm still using the free version 4.08.

iroc9555

1K Posts

June 3rd, 2014 15:00

Hi Joe.

If you mean this: http://www.sandboxie.com/?GettingStartedPartTwo

Yes, Sandboxie free 4.10 still places the shortcut icon on the desktop.

snowshine

2 Intern

 • 

1.1K Posts

June 4th, 2014 13:00

Hello KY331, What an eye opener and very concise and to the point. Extremely essential information I was looking for. Wonderful. On another note.. just about this Russian Ransom-Ware is the talk in town. Every UK main-stream NEWS media- such as BBC & ITV(Channel 4) talking about this. All these media directing individuals to go to a UK government sponsored site (ie:GetSafeOnline.org) to learn to identify what actions one could take to prevent this attack. This goes on to suggest that there is a window of 2 weeks opportunity for us the innocent computer users to act to protect against such malicious infestation. BUT the site is just hopeless..to say the least. Your advice/suggestions are so much worthy of acknowledgement and I despair who is advising the UK sponsored site!! So lack of guidance as it purported to be!! I know I am not as yet a victim to this dreaded & despicable infection after having checked using knowledge that I acquired from your discussion (As well as Joe53 & Iiroc9555) Regards

ky331

3 Apprentice

 • 

15.3K Posts

June 4th, 2014 14:00

Snow,

Thanks for the complement.

While I like and use ALL of the security software cited in my signature... there's one I'd like to especially give mention to, particularly fitting the context of this topic --- and that's Zemana AntiLogger Free:

 
Zemana is an ANTI-Keylogger.    You download and install the program, it's always running in the background, and there's nothing more to do with it.
 
Zemana scrambles all the strokes you enter at your keyboard, so that, IF you have a (software) keylogger installed on your system (unbeknownst to you), all it will "see"/intercept is a bunch of "gobbledygook".   [Stress that Zemana does NOT examine your system for the presence of keyloggers, it does NOT advise you about their presence, but it should successfully defeat them if they're there.]
 
Much of the recent talk is about crooks stealing information ("your identity") from you.   Typically, this happens by them secretly installing a keylogger, which captures your keystrokes while you're typing, and then it "phones home" to tell the crooks what it's finding.   If the keylogger is fed "gibberish", then that's what it will pass on to the crooks.   You can read more about this here:   http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19565341.aspx
 
 

View More

View All

No Events found!

Top