Tips to avoid being bit by CryptoLocker (and what to do if you are)

1 2 Page 2
Page 2 of 2

IoBit Uninstaller, or Revo Uninstaller. Although Windows has a native program uninstaller under the Control Panel, it does an absolutely lousy job of removing stray registry keys, unlike IoBit and Revo's applications. IoBit and Revo's programs also have features to remove malicious programs that don't show up in the program list, but may appear as an icon on your desktop, or have some sort of GUI. Be very careful when you install either program. Like many legitimate Windows programs, they may sneak malicious programs such as the toolbar into their installation wizards. Read each step of the installation wizards really carefully, and check or uncheck boxes to make sure you don't install extra programs as you install the program you intend to install.

After you've run all the malware removal programs, which may take a few hours or more, you'll need to reboot your PC to get rid of all the malware that's been quarantined. Until you've rebooted, the malware will still be on your machine.

Once you've rebooted, you can recover your back-up, and be back to where you where before you were infected with CryptoLocker. As an added bonus, you'll probably remove all or almost all of the malware that was also on your machine.

If you haven't backed up your files and OS before being infected with CryptoLocker, you're kind of screwed, unless you profit the criminals, which encourages them to continue this sort of malicious activity. That's one of the many reasons why, if you don't already have a local backup of some sort, to do one as soon as you can, assuming you haven't yet been infected with CryptoLocker.

Unfortunately, I'm concerned that users of Windows Vista, 7, and 8 have been lulled into a false sense of security. That's because those Windows client operating systems create a back-up partition under the "D:" logical drive. Usually, the D partition will only back up the operating system, if it works at all. But aside from things that can physically destroy your hard disk, there is Windows malware that can cross over from your C partition onto your D partition. Additionally, there's malware that can infect your BIOS, so your PC won't even boot.

[Is mobile anti-virus even necessary?]

If you have a Windows 8 OEM machine with Secureboot, you're still not safe from BIOS malware, in spite of what Microsoft says. My fiancA(c) and I have personally created Secureboot-infecting malware that works, as we've tested it. I'm afraid all that Secureboot does is what I believe Microsoft really intends to do, which is to make it very difficult to install other or additional operating systems on your PC, namely Linux distributions. That's a violation of your user rights. When you buy a PC, you should have every right to install whichever OS you choose, in place of or in addition to Windows.

When you read this article, please spread the word, whether you personally use Windows, or whether your coworkers, family or friends do. Don't open email attachments you don't trust 100 percent. Don't open double extension files, such as .pdf.exe. Don't click on banner ads to download programs. Don't click on banner ads that look like legitimate download links on the same web pages as actual legitimate program download links. Those are most often seen in BitTorrent search engines like The Pirate Bay or IsoHunt, but they're also found on legitimate program direct download link web pages on websites like Softpedia. Be careful, when running Windows installation programs for legitimate programs, to not allow it to slip in extra malicious programs such as the toolbar, or WeatherBug. Be wary of web pages for downloading programs for free screensavers, avatars, emoticons, or free games, usually for poker games, but not always.

Run a legitimate antivirus program. If you're going to pay for it, I recommend Kaspersky, for Windows or Mac OS X. For freeware antivirus shields, I recommend ClamWin for Windows, or ClamAV for Mac OS X, Linux, or Unix. In my professional opinion, the ClamAV programs you can install for free are at least as good as the Kaspersky programs you pay for.

For smartphones and tablets, Lookout is available in the App Store for iOS, in the Google Play Store for Android, and in the native stores for BlackBerry and Windows Phone. That's the best option for mobile devices until there are ClamAV programs available for those platforms.

Make sure you run exactly one antivirus shield. Running two or more is even worse than not having one at all. That's because, instead of protecting you from malware, the programs will attack each other. So in addition to having no protection, your CPU and RAM will waste all kinds of resources for no good reason. I've even seen people running multiple AV shields have their PCs become so hot that their machines shut down.

When you run one AV shield, make sure it's set up to have an active shield, and to install new signatures and run scans at least once a week, at a time you know your PC will be running. It's still possible to get infected with malware when you run an AV shield. That's because your AV shield can only protect you against malware that it has signatures for.

[Blog: Rogue antivirus makes users offer they can't refuse]

Think of the signatures as vaccines. It's important to get your flu shot, and it'll protect you from certain strains of influenza, but it won't protect you from polio or measles. That's why it's possible to set up your AV shield to download new AV signatures. Keep in mind that the developers of antivirus programs can only provide you with signatures for malware they're aware of, so you're still subject to what we in the IT security world call "zero day" attacks. Even the best antivirus developers, like ClamAV or Kaspersky, will only have a signature for a new piece of malware as soon as the second day that it's been infecting user's machines.

But it's essential to run an AV shield, no matter what your operating system is, or whether it's a PC, server, or mobile device. A well updated AV shield will still protect you from 98 or 99 percent of infections. Just because people can still die in car accidents while using seat belts, antilock brakes and airbags, it's still important to use those things. They'll still greatly reduce your likelihood of dying or being seriously injured in a car accident.

And finally, as I've mentioned before, back up your entire hard disk partitions to local disks, or online ("cloud") in addition to local disks.

As Smokey the Bear says about forest fires, only you can prevent malware infection and spreading.

Kim Crawley is a security researcher for the InfoSec Institute, an IT security training company specializing in CCNA certification training.

This story, "Tips to avoid being bit by CryptoLocker (and what to do if you are)" was originally published by CSO.


Copyright © 2013 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
9 steps to lock down corporate browsers
Shop Tech Products at Amazon