CryptoLocker Virus - Ransomware - Part 2

A larger company has now contracted the virus called Cryptolocker and trying to track the PC down has been a bit of a nightmare as no-one has owned up to opening it.

Eventually, it was found on a PC in a remote corner of the office. To track it down, I used the Share and Storage Manager present in Windows Server 2008.

By using the Share and Storage Management console and looking at the Open Files information, I could see a particular user opening and closing 6-8 files at once thereby tracking down the culprit PC.

A few things to note about this virus is that it has to encrypt every single file - which on a server with lots of data can take a LOT of time. So 12 hours later it had only completed half of the available shares.

Removed, restored and done. Finding the user in the Share and Storage manager (open files) saved me a lot of time though.

Pirate Gold - A Minecraft treasure hunting map

I've been an avid Minecraft player since it was released in beta. I recently decided to create a map and release it, and the fruit of my labour can now be downloaded.

See the Minecraft Forum post here: http://www.minecraftforum.net/forum/53-maps/

Alternatively, download the map here: http://adf.ly/XbHXd

Objective of Map:

You start with a Red cross and dig up a chest. From there, follow the clues to find the treasure!

Each clue has a key character on it, which when written down all together gives you a secret URL to part 2 which is currently avaiable to download in Alpha

Happy hunting!

SBS 2011 Backup Issues - (the operation to backup the volume was stopped before the operation started running)

So I've recently had this issue on a few servers, and it seems to baffle a few people. I thought I'd share my knowledge on the subject of this.

9/10 times the error is due to your version of sharepoint requiring an update. If you receive the error "the operation to backup the volume was stopped before the operation started running" when you do a Windows Backup, then the next step is to check your VSS writers.

Open a command prompt (administrator privs) and then type vssadmin list writers

Look for the spsearch writer and it will most probably say "Inconsistent State"

If that's the case, then bingo. To solve the problem, navigate to the following path in the command prompt:

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN>

and then run:

PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd
installfeatures

Sharepoint should then upgrade itself and you should find your backups working!

I've used this on a few servers and it's always sorted the issue for me. 

 

Edit: It also appears that "the operation to backup the volume was stopped before the operation started running" error also occurs if you forget to plug your backup device into the server - so check if that's the case first.

Hope it helps someone!

Android KitKat 4.4

I should tell you now that I'm pretty biased. I've had an Android device since version 1.5 (A HTC Magic followed shortly by a HTC Hero) and I've never looked back.

When I first got one, it was like having an iPhone at a fraction of the price - and it rocked.

Everyone seems to have an Android/iPhone/Windows Mobile now and the black magic that used to awe people (such as taking a picture and instantly uploading it to Facebook) has all but disappeared.

And now we have KitKat 4.4 around the corner - and to be perfectly honest i'm excited.

Why? Well, you already know that i'm a massive Android fan - I also happen to be very partial to KitKats too.

Although nothing solid has been announced for what's coming in 4.4 i'm going to make my predictions:

- Transparency (icons, widgets, desktops etc)
- Improvements to Camera
- Always listening technology (like the Moto X)
- Printing Technology
- App improvements

Where do these come from? Mainly the IOS7 upgrade - tech companies seem to take the best ideas from each other (and who wouldn't ) and then blend them in with their own know how.

Anyone else looking forward to 4.4? just me then? oh well

If its all terrible I'll just dunk it in my coffee

CryptoLocker Virus - Ransomware

It's been making a fair few headlines - the latest virus which encrypts all your data on your PC. I've had first hand experience with it as one my clients managed to contract it from an email attachment.

What does it do?

It installs itself in your user/documents and settings folder and makes a reg key to run itself on start up: 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

When the application is started, it goes through your PC and encrypts files with extensions such as:

doc, dox, wps, xls, xlsx, ppt, pptx, rtf, dng, jpg etc

Once encrypted it wants you to pay to get the data back.

What should I do if I get it?

Firstly, if you log on as another user you can remove it easily. The reg key is only in current user, so log in as a different user find it and remove it. 

Data wise there isn't much you can do other than restore the data from a backup. That seems to be the main consensus right now

Warning Network Administrators

The virus DOES encrypt files on shares such as mapped drives so be sure that users only have access to the data that should have! 

Also, make sure your backups really are working :)

Does Anything Detect it?

I tried to remove it with the ESET rogue application removal tool, Microsoft Malicious software removal tool and GFI Vipre - none of them even noticed it as being present. Just manually remove it - it's not difficult to find.

How Can I ensure I don't get it

Most of these things are getting on to peoples systems because of email attachments. Sure it says its from Fedex or HMRC - but is it really? No, it's not. It very rarely is. Just don't open them!

Closing Thoughts

As pieces of malware go, this is something else. Not only does it lock you out of all your local files but it could potentially lock a company out of all their office files causing mayhem.