Steam installieren
Anmelden
|
Sprache
简体中文 (Vereinfachtes Chinesisch)
繁體中文 (Traditionelles Chinesisch)
日本語 (Japanisch)
한국어 (Koreanisch)
ไทย (Thai)
Български (Bulgarisch)
Čeština (Tschechisch)
Dansk (Dänisch)
English (Englisch)
Español – España (Spanisch – Spanien)
Español – Latinoamérica (Lateinamerikanisches Spanisch)
Ελληνικά (Griechisch)
Français (Französisch)
Italiano (Italienisch)
Bahasa Indonesia (Indonesisch)
Magyar (Ungarisch)
Nederlands (Niederländisch)
Norsk (Norwegisch)
Polski (Polnisch)
Português – Portugal (Portugiesisch – Portugal)
Português – Brasil (Portugiesisch – Brasilien)
Română (Rumänisch)
Русский (Russisch)
Suomi (Finnisch)
Svenska (Schwedisch)
Türkçe (Türkisch)
Tiếng Việt (Vietnamesisch)
Українська (Ukrainisch)
Ein Übersetzungsproblem melden
As Moreau Jr has stated, you can't remove the virus just by "normal" usage.
First, I'd recommend you Google for CryptoLocker solutions specifically, but generally, you need to download MalwareBytes and CCleaner for good measure.
Once you've done that and installed them, start your PC in Safe mode (normally by hitting F8 while it boots up). Then run them both, preferably MalwareBytes first.
Once they've done their thing, they'll normally restart the system where you can carry on as normal. However, this CryptoLocker nasty is pretty intensive so I wouldn't be surprised if this is useless - so I emphasise Googling for precise help.
Oh and by the way, it DIDN'T come through Steam. CryptoLocker by nature will sit dormant for some time, probably days before activating - is it so surprising they've been activating over Christmas?
As I said Google specifically for CryptoLocker - it was verified on the BBC News website a few days ago that millions have been affected in recent days with this.
You're doing the right procedure, but I will repeat that one of the reasons this is so notable in the news is because it's affected so many and because it hooks into some Microsoft established code, making it a real bastard to get rid of, so you might need some unusually specific procedure to go through.
And for whoever might be interested, I took another look at that irritating window and it says the following:
"Your computer is LOCKED. All files with extensions *.exe, *.doc, *.xml, *.docx, *.rar, *.zip are ENCRYPTED. Trying to bypass this will make them unRECOVERABLE!
To UNLOCK your computer and decrypt files you must do SURVEY.
Tip: SMS Surveys unlock faster."
Below there's a hyperlink says "Open Survey" and below that is a input box with a "Unlock" button to its right. This window doesn't appear until the desktop and taskbar etc. are loaded. Then it hides everything but I could still open web browser by pressing the physical button on the keyboard. I was also able to open the Ctrl-Alt-Del screen (Windows 7 SP1) but the malware disabled the task manager button in the registry table. While in Safe Mode, I located and deleted this file called svhost .exe in User/AppData… I also deleted the corresponding entry in registry table. However, when I boot up back in normal mode, the malware was able to recover itself. Previously I did a full scan in Safe Mode with MSE and it detected no threat. I haven't been able to find an exactly matched profile for this malware on the Internet, obviously it's not as popular.
I visited nfscars.net before, since someone asked.
It could possibly be a variant of CryptoLocker - that's the problem with these bloody viruses. Plenty of arseholes out there to modify them.
The only other thing I would do is have a good look through the usual antivirus people's sites (mcAfee, Avira, MS, Norton et al) and see what the latest is.
Sorry I can't be of more specific help.
That's not strictly true.
It is possible to remove the majority (if not all) of it. However, some files can remain encrypted, and it is indeed a real bastard.
That's precisely why I've adived to keep a close eye on the security professionals for data.
Although I would also add, as you say, it might be better all-round to reformat/reinstall.
As I understand it there's no evidence to show that anything's being stolen, just the ransom seems to be the point. However, if this has crept in, then it's highly likely other stuff may have.
I know what option I'd go for, personally - reformat.
The virus itself is easy to remove but, as far as I am aware, the files are impossible to retrieve other than by paying. This is simply because the algorithm is unique to the infected machine, and the passkey generated is also unique. This is only stored server-side and it is non-retrievable (other than by paying, as indicated).
I suppose it could technically be possible to decrypt the files but it would require a brilliant mind and a lot of patience.
If you are aware of anything new though do share, as to my knowledge this is one of the most destructive viruses in the last few years.
I don't disagree with you at all.
I was just trying to fully explain the situation (to avoid the usual scaremongering). As far as anything new, no I have nothing to share, but it does depend on what's going on - the version of Crypt Locker, and more importantly what stage it's all at.
I certainly agree and emphasise that once those files are encrypted, they're as good as gone. It is a pure bastard.
This is why I emphasised the keeping an eye on the professional's sites - they're always the best source of info, and what (and if) it does get cracked, that's the way you're going to find out first.
However, I will reiterate that in the long run the OP should do two things:
(1) Reformat and reinstall. Give up the ghost.
(2) Review their browsing habits and check their security setups. It got in somehow, and there's no record of it coming from anywhere "reputable".