Cyber Crime virus

[SilverSurfer 0]

While surfing the Internet today I caught the ICE Cyber Crime Center malware thing.  This is the one that locks your computer and wants you to send $300 to unlock it.

 

Why did my ESET not keep this thing out of my computer?

 

Got rid of it by booting in SAFE mode with networking and running MalwareBytes.

 

Is it possible the malware wiped out my Windows system restore capability?  When I called up system restore it told me that no restore points were available.  Very strange.  I'm sure that I had system restore enabled before this event.

[Weng 3]

Hi Silver Surfer. For your first question, there is no antivirus is perferct. Other antiviruses may have a higher detection rate but may also followed by high false alarm as well. In my opinion, ESS is the best AV that I ever used. By the way, why dont you submit the file for further analysis? For second question, there is possible that the malware may have changed your registry and wiped out some of your system files. In this case it is better to make a full scan with different removal tools. I suggest Malwarebytes, Hitmanpro and Emsisoft Emergency Kit for doing this in Safe Mode.

Edited November 12, 2013 by Weng

[Marcos 5,070]

Hard to say if you had update 9034 installed which contained detections for the latest Reveton variants (Win32/Reveton.V) that was undetected by other AVs at that time. If possible, please send me the file detected by MBAM so that I can determine in which update the detection was added.

[jeslookn 0]

My step daughter's computer was infected by ICE Cyber Crime Center a few days ago. Her computer was just about completely locked up, couldn't restore it, or use safe mode. All I could get was a command prompt. I then decided to delete the partition, recreate it, and restore it using the restore DVDs that I made when she got it. Before I did that, I used a partition program, "Partition Commander," to repair the Master Boot Record and that unlocked the computer. When the computer booted up, there was a system file missing, so I ran sfc /scannow and many system files were either missing or corrupted. It's a good thing I made the recovery disks or she would have had to purchase Windows 7. There was a 10GB partition on the hard drive and I'm assuming it was for recovering the computer, but I didn't trust it.

 

Jes

[Void 4]

Well new threats and old ones in new versions come up every day.

As for the ransomware that infect computers and/or encrypt files it's certaint you should not pay up because you do not really know will the person that is behind all this give you the decryption or unlocking code. If you are locked up 100%(no cmd,regedit,SR,taskmanager and explorer.exe) your best chances are reinstalling your OS. I am not sure but I think that Crypto Locker which is often in mail inbox this days creates a registry with its unlock code(you get it in mail with double extension like Hello.pdf.exe). FBI malware usually lock your data (*.doc,*.mp3..) in rar/zip formats with passwords and offer money to unlock them. To be short you must check and run scans because you do not really know what the virus has done to your PC.

As for the question type in Run:regedit and check [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows NT\­CurrentVersion\­SystemRestore] and if DisableSR has the value of 1 you should set it to 0. Maybe it has deleted the registry values of windows components/windows components that are used to run System Restore.