CryptoLocker, CryptoPrevent

Dale,

re: uninstalling, here is a quote I just "rediscovered" from the program's website:

"After [an] update, it is then necessary to re-apply the protection to your system.  It is not necessary to undo the previous protection in place before doing this, (n)or even to uninstall the app before updating.  If you have an older version of the app before the update functionality was introduced, simply download and install the latest version, then re-apply protection".

v4.1.5 – Misc changes to whitelisting functionality

Thanks David!  :emotion-5:

v4.2 – Added "Start Menu > All Programs > Startup folder" protection.  

         Added reboot prompt after automatic update / re-application of protection.

---------------

Comment:   Since this program seems to be getting updated almost daily, I don't know that we'll continue to cite all its many updates here.   Users are encouraged to check for updates, either by going to the program's home page http://www.foolishit.com/vb6-projects/cryptoprevent/ , or by using the program's internal updater (Updates! / Check for updates).

Annie,

As pointed out in an earlier reply to Dale, there are two versions of the program available from its website:   a ZIP/extractable version which is self-contained [i.e., no need to install/uninstall], and an installer version [which can be installed/uninstalled].   Only the second version --- which actually performs an installation --- will appear in your Control Panel for uninstalling.  

If you used the ZIP/extractable version, all you have to do is delete the files --- the ZIPped archive, and the extracted executable --- from your computer to "completely" remove them from your system.   HOWEVER:   If you applied the protection, simply deleting the executable file will leave the protection intact.   If you [also] want to remove the protection (from your registry), you should use CryptoPrevent to  UNDO  its protection, before you delete the program!

Remark:  If you used the installer --- which apparently you didn't --- I'm not sure whether or not a formal "uninstall" will automatically remove the protection.   The safer approach here too would be to UNDO the protection before uninstalling (--- assuming that's what you want to do).

Question:   Did you have a problem with the program? --- Given the potential protection it offers (free, and with no noticeable impact on one's system), I'm wondering why you feel the need to "completely uninstall" it?

If you can't find the Uninstall, the developer has a forum here: http://foolishtech.com/viewforum.php?f=5

ky331,  When I installed this CryptoPrevent on my first computer I used the zip file.  I misunderstood  how the free vs. the paid version worked. I wanted the paid version.   I wanted to completely uninstall/remove the zip version.

When the zip version was installed it left files on my desktop and I wanted this program to go to my Programs.  I now have this program installed properly.  There was really nothing I found wrong with the program.  If it does what it says it is going to do then it is well worth the money.  I should have used the installer version the first time around. I have since gotten this program installed with the installer and removed the zip version. Also it is a real plus that CryptoPrevent can be used on multiple computers. Thanks for the help.  :emotion-21:

I have had Malwarebytes Pro for several years and it is a wonderful program.  It is on several of my computers.  I wanted to try the paid version vs. the free CryptoLocker to have the automatic updates.  Maybe that isn't the best way to go.  I hope the program is around for awhile so I get my money's worth. 

As always, glad to be of help.

Just a thought... if you want to splurge on a paid program, personally, I'd say the money is better spent on MBAM PRO.   First off, MBAM PRO will protect you against CryptoLocker, so you'll be getting that important coverage.   But more significantly, MBAM PRO protects you against so many other varieties of malware --- so the comparative "bang for your buck" is just awesome.

While I don't want to minimize the danger of CryptoLocker... if you "catch" it, your system will be devastated... I also have to wonder just how long the malware writers intend on keeping it alive --- I think that, at some point, they'll conclude there are enough protection vehicles readily available, that it's no longer worth their time to focus on this one entry vector.   Instead, they [or other malware writers] will create a completely new vehicle for malicious system penetration.   If I'm correct, then at that [future] point, CryptoPrevent's value will become muted, and the program may cease to be supported.   In contrast, MBAM should continue to adapt to all forms of significant malware that are created many years into the future.  

You are correct in the statement that a single purchase of CryptoPrevent Premium is valid for ALL your home computers, so that's a definite plus for CryptoPrevent.

CryptoLocker may be around much longer than I've speculated.

If CryptoPrevent blocks CryptoLocker on even one of your systems, you will have gotten (more than) your money's worth.

And even if you never catch CryptoLocker, you can't put a price on "the peace-of-mind" CryptoPrevent offers you :emotion-1: .

BillP (WinPatrol) posted the following on Facebook, in response to the question:  [Can] WinPatrol can block the CryptoLocker viruses?

"At this time, I wouldn't feel comfortable  saying WinPatrol will protect you against this kind of threat.  WinPatrol's protection by design is focused on a program infiltrating your computer so it can hide and mess with your system on a regular basis.

Crypto style programs aren't really sophisticated in the way they remain on your system. In fact, if you remove the Trojan part of the threat it could prevent you from seeing the instructions on how to save your files. While I highly recommend daily backups over paying an extortionist it would be possible to restore their files via our History button.

I'm currently spending  a lot of time researching this threat so I do have a bit of experience.  Using WinPatrol PLUS I have been able to detect the infiltration in time before any damage was done. Using the free version some files were compromised. However, this was under lab conditions and not by a typical user who would have allowed CryptoLocker to run in the first place. My experience is that typical users could fall prey to the download but instinct would kick in the moment they clicked.

I'm pleased to note I have not received any reports of attacks by WinPatrol users.  That either means WinPatrol users are very careful or Scotty has alerted them in time.  I still wouldn't try it unless I knew everything was backed up or I was running in a virtual sandbox. The target audience for CrytoLocker may not be the same as those using WinPatrol.
If your files have already been encrypted WinPatrol will not be able to help at this time.

I am actually been looking at a solution to Cryptolocker and other attacks I expect to see in the future. Using some older code from WinPatrol. I believe it would possible to provide a solution for CryptoLocker however it uses the same technology common in root kits. I'm not sure if most users would find that acceptable. I do have an idea for a better solution but need some funding before I can make this happen.

For now, use extra care and if you own a business train your users and keep a firewall between your employees."

CryptoPrevent v4.3.2 (11 April 2014) – added support for redirected %appdata% directories (Windows folder redirection typically only used on larger networks.)

v4.3.3 (May 16, 2014) – updated digital signature on CryptoPrevent executables.

v4.4.1 (May 24th, 2014) – added ability to block  syskey.exe  from execution, which is being exploited by some new malware.

Also:  moved "Block Temp Extracted Executables in Archive files" [which was NOT enabled by default] from the opening menu to a new OPTIONS "tab"