Cryptolocker

My father’s been infected with the new and nasty cryptolocker virus that you can see here http://www.geek.com/apps/disk-encryptiing-cryptolocker-malware-demands-300-to-decrypt-your-files-1570402/

Im not sure what to do. I tried malwarebytes and that doesn’t seem to work. Anyone dealt with this problem?

Thanks,

VFN

Please do what is shown here on your fathers PC when possible and attach logs.

http://forum.avast.com/index.php?topic=53253.0

When done malware removers will be notified.
The Files are really encrypted thats not a joke, that will be a problem…

As soon as the infection specific RSA key has been obtained, the malware will look for files to encrypt. It does so by searching through all connected drives, including mapped network shares, for files matching one of the following patterns:

*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm,
*.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx,
*.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd,
*.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.eps, *.ai, *.indd,
.cdr, ???.jpg, ???.jpe, img_.jpg, *.dng, *.3fr,
*.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf,
*.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2,
*.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem,
*.pfx, *.p12, *.p7b, *.p7c
For each file matching one of these patterns, the malware will generate a new 256 bit AES key. This key will then be used to encrypt the content of the file using the AES algorithm. The AES key is then encrypted using the unique RSA public key obtained earlier. Both the RSA encrypted AES key, as well as the AES encrypted file content together with some additional header information are then written back to the file. Last but not least the malware will log the encryption of the file within the HKEY_CURRENT_USER\Software\CryptoLocker\Files registry key. This key is later used by the malware to present the list of encrypted files to the user and to speed up decryption.

Thanks, but the procedure at the link seems too intensive at the moment. I’ve read that this virus is not a problem getting rid of but that once gotten the files it encrypts can’t be fixed. I’ll come back here if I’m still struggling. Thanks for the quick response.

Unfortunately, once the encryption of the data is complete, decryption is not feasible. To obtain the file specific AES key to decrypt a file, you need the private RSA key corresponding to the RSA public key generated for the victim’s system by the command and control server. However, this key never leaves the command and control server, putting it out of reach of everyone except the attacker. The recommended solution is to restore encrypted files from a backup. -
Unfortunately at the moment no tools are able to decrypt the files

Question:

Which versions of Avast would proactively protect against getting infected by Cryptolocker?**

*assuming user doesn’t blindly click yes or allow to any avast warnings that appear.

http://forum.avast.com/index.php?topic=138976.0