Me1 0 Posted November 26, 2014 Share Posted November 26, 2014 I tried to post a version this question yesterday, but without success. I need to clean a TorrentLocker (Cryptolocker-like)* infection from my Windows 7 laptop. The computer was infected despite Eset antivirus running, however I realised there was a problem and shut it down before TorrentLocker had encrypted all at-risk files on the hard disk. I have since booted using ESET SysRescue and run a scan, which showed no infection, although the original zip/exe file was still on the hard disk. (I have now deleted it manually using a linux-live CD.) I have not restarted Windows since. How can I be sure that the infection is gone before I try to retrieve files from backup and go back to using the computer? Is there any way to use ESET SysRescue to check in the most recent logs on the computer (as opposed to the ESET SysRescue logs) whether anything was quarantined or deleted before the computer was shut down? Your help is appreciated. *www.staysmartonline.gov.au/alert_service/message?id=1132172&name=New+ransomware+threat+for+Australia%3A+SSO+Alert+Priority+High+#.VHP2qcnDXSw www.bleepingcomputer.com/forums/t/549016/torrentlocker-support-and-discussion-thread-cryptolocker-copycat/ www.isightpartners.com/2014/08/analysis-torrentlocker-new-strain-malware-using-components-cryptolocker-cryptowall/ Link to comment Share on other sites More sharing options...
rugk 397 Posted November 27, 2014 Share Posted November 27, 2014 Normally it should be detected by ESET and of course ESET SysRescue (Live) too. Have you made sure you had the most recent VSD while scanning the computer? If you know a file which wasn't detected by ESET, please submit it to ESET so they can check it. Related: TorrentLocker now targets UK with Royal Mail phishing Link to comment Share on other sites More sharing options...
Administrators Marcos 5,097 Posted November 27, 2014 Administrators Share Posted November 27, 2014 You didn't mention what ESET product and version you have installed. Do you use default settings and have Live Grid enabled? Link to comment Share on other sites More sharing options...
Me1 0 Posted December 1, 2014 Author Share Posted December 1, 2014 Have you made sure you had the most recent VSD while scanning the computer? Aha! Although ESET SysRescue (run from a newly created DVD) said that it has the latest virus definitions, in fact the definitions file was dated some months ago. After connecting the infected computer to the internet from SysRescue again, this time new virus definitions were downloaded and a scan then found and removed multiple threats. I have now removed threats using ESET SysRescue, and a similar rescue DVD from one of ESET's competitors, as well as removing Windows Registry entries added by TorrentLocker. Do I now need to run a repair from the Windows installation DVD, completely reinstall Windows, or something else? Link to comment Share on other sites More sharing options...
rugk 397 Posted December 1, 2014 Share Posted December 1, 2014 Great that it worked! Do I now need to run a repair from the Windows installation DVD, completely reinstall Windows, or something else? No I don't think so - If you have removed all malware your biggest problem now will be decrypting the files. Link to comment Share on other sites More sharing options...
Recommended Posts