Hey, so today I logged on to our home computer and a message popped up. It had the FBI, CIA, etc and said that our computer was locked. It was apparently locked due to suspicion of illegal activity. I used my iPod to see if this was indeed a virus and it turns out it was a trojan, I think. That's pretty scary for me because I know trojans are for accessing someone's system and for our computer to have it definitely terrified me. Windows Task Manager was disabled, because of the virus, too. I did a scan with your program and it removed the trojan. Windows Task Manager worked again as well. I would like more information about this certain virus, if you guys have ever heard of it. Also, how exactly could it have been sent to our computer? I would really like to know that. I want to make sure we weren't already hacked. And are we safe from any attackers? The virus is removed, but I'm worried if damage was already done or can still be done with the virus having been there previously. Any advice on how I can prevent this? I'm really not so sure about our computer being safe, because in the past I've also said on these forums that there were programs opening by themselves.
One last thing I'd like to mention. A few days before this happened, I was on a Minecraft server....
I got disconnected and I couldn't connect to any other servers. Then a window popped up saying Windows Firewall was concerned about the program. Could this have to do with Java, or possibly lead up to this trojan?
Thank you so much for taking the time to read this. I appreciate it.
Best answer by RetiredTripleHelix 5 November 2013, 02:48
You can see me further elaborate on Cryptolocker and the challenges it poses to traditional antivirus in this thread. I pinged three different Webroot employees and none of them offered any objections.
You can find out more about how WSA is different from other antiviruses here (written for business customers)
MODS: Please correct me if I am wrong :)
I did not say it was impossible to recover, just impossible to decrypt 🙂. Ofc any backup should work if there is versioning.
MODS: Please correct me if I am wrong 🙂
Enjoy and if you have any questions just let us know!
Good comments. The bad thing about trying to use no Java at all is how many applications require it. It does make for quite a difficult situation for some.
As far as I am aware, this family of visuses do not steal information.
As for any left over files this infection normally only drops a couple files which Webroot will clean up. This FBI infection doesnt normally steal any information from your PC it just tries to get you to enter your credit card information so they can charge money to it.
Webroot SecureAnywhere has many Shields to protect your accounts and files but Please follow Jim's advice to Open a Support Case and they can check to make sure the infection is completely gone. 😉 Also have a look at this Video to see how WSA protects your system if it misses a virus.
EDIT: To add video.
I got the virus a few seconds after I logged onto the computer. After I rebooted the virus didn't pop up again, and I ran Webroot and removed the virus. Another thing I'd like to note is that I wanted to see if any information was stolen since I have heard this certain virus is capable of doing so. I went to 'Recent Places' and nothing was in there. This leads me to believe it was cleared. Depending on the info I've given, do you think our accounts and files are safe?
If the symptoms of that infection are gone, most likely so is the infection itself. That sort of infection is designed to scare you into paying the malware authors to make it go away. We can always check for you manually if you have lingering doubts. If you'd like support to do that for you, please open a support case.
Malware can drop onto a machine via all kinds of entry vectors, so it's really hard to say exactly where you contracted this particular threat. Malware sites tend to spring up and go down in short periods of time, and multiple sites at a time typically host these sort of threats. It's possible that support might be able to provide more specific information related to your particular case if you open a support case to provide some logs. It could have been an infected file, an exploit on a website, or numerous other methods of infection.
Probably Minecraft wasn't the entry point. Windows Firewall can be strict depending on how its configured, and most of the time it's alerting you about normal activity in the same manner UAC will ask about whether or not you are sure you want to run the file you just told Windows you want to run. That said, keeping your Java up to date is important because it is a common attack vector.
(by the way, your post was moved because the "Techie" forum is for non-security-related tech discussions :))