Ransomware “cryptorbit” attack on my pc
August 3rd, 2016
HELP ME,I’M RUNNING OUT OF TIME,’COZ MORE NO. OF FILES ARE GETTING ENCRYPTED I GUESS!! PLEASE!!!
Please don't double-post, use the edit button instead. Members are allowed to double or triple post only if their previous post has exceeded the maximum characters limit.
Kindly visit our rules:
www..org/rules
I am not sure if this is the same virus ive seen on the news (but doing the same thing). Your options are to restore from a restore point, or pay the ransom unfortunately. I hope it isnt the one attacking small businesses ive seen and heard about, or you have a recent restore point.
try booting from safe mode and put it for scanning using Spybot, Avast etc
thanx a lot but none of them working!!
few things more you can try is disable the item from startup tab in MSCONFIG. Then disable the service by pressing ctrl+alt+del, navigating to the processes tab and then clicking end process.
Deleting associated files from here:
%AllUsersProfile%\Application Data\temp\Cryptobit.dll
%AllUsersProfile%\Application Data\roaming\Cryptobit.exe
then delete relevant entries from registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Cryptobit \"[RANDOM CHARACTERISTIC]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Unistall Cryptobit ransomware \Run "[RANDOM CHARACTERISTIC].exe"
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\Unistall Cryptobit \Run "[RANDOM CHARACTERISTIC].exe"
Removing it WILL NOT restore your files!
If you have no backup and the data is important – Paying the ransom is the only way to get it back!
You may want to read up on it here….
http://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/
You may want to read up on it here....
http://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/
Interesting that existing malware can make it easier for it to infect your pc,got me worried i have not done a scan for a couple of weeks so started a full scan with spyhunter 4 go 351 threats so far most low level 19 medium level threats.
Don’t forget to Google “get rid of cryptorbit”
A fair bit of stuff there..
Sounds like I should do a Spyhunter 4 scan too !
please…y’all genius minds should help me,i.e how to curb this existing problem instead your posts are making me feel even more insecure.. Help please… And thank you for devoting y’all precious time searching for my problem..THANK YOU.. But please help..
If you’re expecting a miracle, You’re not gonna get any!
Again, You’ll be able to re-gain access to your files only IF YOU PAY the ransom, There’s simply no other way around it.
It’s not possible to break encryption within seconds (Like seen on TV shows). In real life, Encryption is very strong and cannot be easily broken. Best way to get rid of the actual infection would be to make a clean OS reinstall (But clearly, This won’t get you your data back!)
please...y'all genius minds should help me,i.e how to curb this existing problem instead your posts are making me feel even more insecure.. Help please... And thank you for devoting y'all precious time searching for my problem..THANK YOU.. But please help..
I have not heard of this recent Cryptorbit attack, but it sounds worrysome :/ ? I guess? You might want to view this guys You Tube vid on the intrusion CryptoLocker Ransomware What You Need To Know
https://www.youtube.com/watch?v=FoNTXTyly-s
It’s a fairly current vid.
I hope it helps? Do you mind if we ask how you got said infection?
System restore or new OS install is all you can do.
it came after one of my family members opened a mail and then double clicked a Zip file and then nothing happened i.e it consisted of no files and this was probably the way Crytorbit came
Did you try the removal process that’s featured in the You Tube vid I posted?
and then use this:
http://www.google.com?t=19472696
First of all do NOT pay the ransom…odds are it will not “unlock” the files if you do anway. Also, most programs don’t actually encrypt anything they just make changes to registry to make their prompt pop up whenever you click on a predefined area. 1. Boot into safe mode with networking
2. Download Malwarebytes free, UPDATE it, and run a full scan. Remove any items it finds. Do not install the free Pro version trial. 3. Download TDSS Killer and run a scan. Remove any items it finds. 4. Download/install CCleaner free version. Run a full scan for both temporary files and the registry from the tabs on the left. Remove any items it finds, while backing up registry changes when prompted.
5. Reboot your computer and make sure you have only 1 active antivirus program that is up to date and functioning. Remove any additional active software. Download these programs from the official sites only, as to not install any additional junkware/adware that piggybacks on installers from 3rd party sites.
@: from video’s i found on youtube it DOES decrypt them if the ransom is payed. Simply removing the infection itself isn’t really a fix, while the malware will be gone, your files will still be encrypted and useless. The only way arround that then would be a full system restore
sir,is there any software which can restore my pc to any previous date? (except windows system restore)
Yes, there are several good ones, but they can only work if you had used them before to make the back-up. Your only other option is a hardware one.
It’s really quite simple.
All you need to do is use a time machine to go back to just before your family member opened a mail and then double clicked a Zip file.
Give them a sharp whack on the knuckles and tell them they shouldn’t do that.
Sorry, but if you haven’t made some kind of back-up no software can help you
First of all do NOT pay the ransom...odds are it will not "unlock" the files if you do anway. Also, most programs don't actually encrypt anything they just make changes to registry to make their prompt pop up whenever you click on a predefined area. 1. Boot into safe mode with networking
2. Download Malwarebytes free, UPDATE it, and run a full scan. Remove any items it finds. Do not install the free Pro version trial. 3. Download TDSS Killer and run a scan. Remove any items it finds. 4. Download/install CCleaner free version. Run a full scan for both temporary files and the registry from the tabs on the left. Remove any items it finds, while backing up registry changes when prompted.
5. Reboot your computer and make sure you have only 1 active antivirus program that is up to date and functioning. Remove any additional active software. Download these programs from the official sites only, as to not install any additional junkware/adware that piggybacks on installers from 3rd party sites.
DONT boot into safe mode with networking thats what the virus needs to even do more damage to the computer is a connection
sir,is there any software which can restore my pc to any previous date? (except windows system restore)
You did not even mention if the vid I posted was useful at all?
Did you defeat the infection or what?
It would be helpful to point out how you defeated the attck, this info would be helpful to others that are plauge with it.
If their were such a software, it would had only had helped if you created a restore point with it before the infection.
An in my opinion the Windows System Restore tool is not that reliable.
I don’t think a restore of your system would rid your PC of any previous hostile attacks, or any nasty reg entries.
I use ( as well as a host of others here ) O.S. backup software, so in such a case of a attack I would just restore to garanteed clean state of my O.S. before the attack. After such said nasty attack, I would recommend you back up your files an do a clean install of Windows, that’s the only way to be sure.
First of all do NOT pay the ransom...odds are it will not "unlock" the files if you do anway. Also, most programs don't actually encrypt anything they just make changes to registry to make their prompt pop up whenever you click on a predefined area. 1. Boot into safe mode with networking
2. Download Malwarebytes free, UPDATE it, and run a full scan. Remove any items it finds. Do not install the free Pro version trial. 3. Download TDSS Killer and run a scan. Remove any items it finds. 4. Download/install CCleaner free version. Run a full scan for both temporary files and the registry from the tabs on the left. Remove any items it finds, while backing up registry changes when prompted.
5. Reboot your computer and make sure you have only 1 active antivirus program that is up to date and functioning. Remove any additional active software. Download these programs from the official sites only, as to not install any additional junkware/adware that piggybacks on installers from 3rd party sites.
DONT boot into safe mode with networking thats what the virus needs to even do more damage to the computer is a connection
Safe mode only boots the minimum amount of drivers/services/etc for the computer to run. 99% of malware does not run in safe mode as the boot.ini which is processed differs greatly from the standard used. The exception to this would a be a rootkit as it’s invisible to the OS itself as it’s part of the BCD, hence why TDSS Killer would be used. Either way, having an internet connection isn’t going to do any actual harm to the system when compromised, although it may trigger some malware to load (in normal mode), such as the FBI virus. The harm would be done by accessing personal information while infected in normal mode. OFC the safest way is to use a live CD and run the tools from there but creating one is more work than most people are willing/capable of doing.
@: from video's i found on youtube it DOES decrypt them if the ransom is payed. Simply removing the infection itself isn't really a fix, while the malware will be gone, your files will still be encrypted and useless. The only way arround that then would be a full system restore
It’s certainly possible, but have you ever encrypted a drive before? It’s a LONG process – typically 12-24 hours if it’s full drive encryption, and that’s on the fastest AES single encryption method using a modern PC. My guess would be those files would be accessible both in safe mode and after removing the drive and hooking to to another PC via USB. A much simpler and more effective approach would be to make the payload modify file associations to pop up a message that the files were encrypted and deny access to X directory whenever a target area was clicked. That’s how the majority of the thousands I’ve removed have been anyway. Hypothetically if it were actually encrypted, I’d also be very surprised if a hacker/scammer were ethical enough to decrypt the drive after you paid the ransom. But I guess anything is possible.
Pentium Pro 166MHz
32MB EDO RAM
10GB Quantum Bigfoot Hard Drive
3DFX Voodoo w/ SLI
33.6 Modem
Creative Labs Soundblaster ™ 16-bit sound
Windows NT Workstation 4.0
Runs Duke Nukem 3D maxed out! Are you serious! Those are specs from like 1995 Not many people would flaunt such specs
Your stuffed / There is nothing but pure luck can save anyone from this nasty. Once encrypted that’s it stuffed unless your noobish enough to PAY and only if your files are worth the Ransom if not then reinstall and make sure it don’t catch you out in future. No anti-malware program is going to save you / Your advised to disconnect from the web disconnect your external Hard Drives that you have connected for what ever reason and then clean & reformat your C: Drive that’s it…
TELLING YOU NOW NOTHING WILL FIX IT OR STOP IT ONCE IT HAS YOU. Sorry
Pentium Pro 166MHz
32MB EDO RAM
10GB Quantum Bigfoot Hard Drive
3DFX Voodoo w/ SLI
33.6 Modem
Creative Labs Soundblaster (tm) 16-bit sound
Windows NT Workstation 4.0
Runs Duke Nukem 3D maxed out! Are you serious! Those are specs from like 1995 Not many people would flaunt such specs
Well I’m glad at least one person got the joke…but I did forget to add on my 15″ CRT
Pentium Pro 166MHz
32MB EDO RAM
10GB Quantum Bigfoot Hard Drive
3DFX Voodoo w/ SLI
33.6 Modem
Creative Labs Soundblaster (tm) 16-bit sound
Windows NT Workstation 4.0
Runs Duke Nukem 3D maxed out! Are you serious! Those are specs from like 1995 Not many people would flaunt such specs
Well I'm glad at least one person got the joke...but I did forget to add on my 15" CRT
That’s was a pretty pricy model back then
I would say those specs would be in the price range of 3 G’s for your computer in it’s glory days :p 96/98 perhaps
I really did not start computing till 96, I believe the first movie I’ve downloaded off the net was Saving Private Ryan, an that’s with a 56k internet speed, it probably took me forever to grab it.
If I recall I also had a NVidia 3DFX Voodoo card, probably 124 MB of MEM, an Maxdor 4 GB hardrive a rig that I could call my own computing has come a long way this then (90’s )
Here is a nice tribute for the old computer geekers of the 90’s
https://www.youtube.com/watch?v=HJ9rJJSKC-0
Don't forget to Google "get rid of cryptorbit"
A fair bit of stuff there..
This is the best thing to do – you can often find how to get rid of it from others who have had it.
Pentium Pro 166MHz
32MB EDO RAM
10GB Quantum Bigfoot Hard Drive
3DFX Voodoo w/ SLI
33.6 Modem
Creative Labs Soundblaster (tm) 16-bit sound
Windows NT Workstation 4.0
Runs Duke Nukem 3D maxed out! Are you serious! Those are specs from like 1995 Not many people would flaunt such specs
Well I'm glad at least one person got the joke...but I did forget to add on my 15" CRT
That's was a pretty pricy model back then
I would say those specs would be in the price range of 3 G's for your computer in it's glory days :p 96/98 perhaps
I really did not start computing till 96, I believe the first movie I've downloaded off the net was Saving Private Ryan, an that's with a 56k internet speed, it probably took me forever to grab it.
If I recall I also had a NVidia 3DFX Voodoo card, probably 124 MB of MEM, an Maxdor 4 GB hardrive a rig that I could call my own computing has come a long way this then (90's )
Here is a nice tribute for the old computer geekers of the 90's
https://www.youtube.com/watch?v=HJ9rJJSKC-0
What ? 32MB of ram and a 10GB hard drive… Sheer luxury ..Bet you though you would never use all that !
We used to think it was great when hard drives dropped to about $1 per meg.
I had a massive 450MB drive in the old 486DX and that was worth about $400 (just the hard drive)…And 4MB of ram was heaps!
Used a 8K dial up modem and you could dial up local bulletin boards which worked like an IRC.
No ISPs then…I had to get my son to show my how to download some naughty pics though..
And my daughter used to play an online game called Major Mud!
No videos though…Linda Lovelace couldn’t get down to 8Mb/s, no matter what.
A few years later, still with the old 486,upped to 12Mb of ram and Windows95, I proudly connected, via com 1, a 28Kb/s modem and entered the realm of the Internet..
Now I wouldn’t say that I was Surfing the Net, but I gave it a decent dog paddle..
And at least there was no adware, malware or cryptorbit.