Jump to content

Can ESET SysRescue clean a TorrentLocker infection?


Me1

Recommended Posts

I tried to post a version this question yesterday, but without success.

 

I need to clean a TorrentLocker (Cryptolocker-like)* infection from my Windows 7 laptop.

 

The computer was infected despite Eset antivirus running, however I realised there was a problem and shut it down before TorrentLocker had encrypted all at-risk files on the hard disk.  I have since booted using ESET SysRescue and run a scan, which showed no infection, although the original zip/exe file was still on the hard disk.  (I have now deleted it manually using a linux-live CD.)  I have not restarted Windows since.

 

How can I be sure that the infection is gone before I try to retrieve files from backup and go back to using the computer?

 

Is there any way to use ESET SysRescue to check in the most recent logs on the computer (as opposed to the ESET SysRescue logs) whether anything was quarantined or deleted before the computer was shut down?

 

Your help is appreciated.

 

*www.staysmartonline.gov.au/alert_service/message?id=1132172&name=New+ransomware+threat+for+Australia%3A+SSO+Alert+Priority+High+#.VHP2qcnDXSw

 

www.bleepingcomputer.com/forums/t/549016/torrentlocker-support-and-discussion-thread-cryptolocker-copycat/

 

www.isightpartners.com/2014/08/analysis-torrentlocker-new-strain-malware-using-components-cryptolocker-cryptowall/

Link to comment
Share on other sites

Normally it should be detected by ESET and of course ESET SysRescue (Live) too.

 

Have you made sure you had the most recent VSD while scanning the computer?

If you know a file which wasn't detected by ESET, please submit it to ESET so they can check it.

 

Related: TorrentLocker now targets UK with Royal Mail phishing

Link to comment
Share on other sites

Have you made sure you had the most recent VSD while scanning the computer?

 

Aha!  Although ESET SysRescue (run from a newly created DVD) said that it has the latest virus definitions, in fact the definitions file was dated some months ago.  After connecting the infected computer to the internet from SysRescue again, this time new virus definitions were downloaded and a scan then found and removed multiple threats.

 

I have now removed threats using ESET SysRescue, and a similar rescue DVD from one of ESET's competitors, as well as removing Windows Registry entries added by TorrentLocker.

 

Do I now need to run a repair from the Windows installation DVD, completely reinstall Windows, or something else?

Link to comment
Share on other sites

Great that it worked!

 

Do I now need to run a repair from the Windows installation DVD, completely reinstall Windows, or something else?

 

No I don't think so - If you have removed all malware your biggest problem now will be decrypting the files.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...