I really wish people would stop suggesting this. It is completely unnecessary, not to mention wasteful.
Printable View
Some consumer education would go a long way toward lessening the impact of such attacks. Get people that rely on digital storage to believe that they WILL have a data loss event, it's a question of when and act accordingly. Easier said than done, I know. People don't have to back up their entire machine, just the bits and bytes that are hard or impossible to replace. Doesn't have to be a large $ solution. A high capacity flash drive or two and a freeware file syncing app would go a long way. I had a Windows 7 install that took up about 30 GB. The stuff that mattered was considerably less than 1 GB. (Nope, no pirated movies:p) The rest could be readily rebuilt.
I receive as many as dozens of E-Mails with malware attached every day. Basically, if an E-Mail has an executable attached either directly or via compressed file, the mail servers I manage forward it to me.
And I take the attachment and upload it to virustotal.com. Virustotal.com scans the sample with 57 (fifty-seven!) different products.
I've been doing this for at least a couple of years now.
And what I've learned is, there is no reliable paid or free product that consistently detects zero day threats.
And this shouldn't be a surprise to anyone involved in IT security. Because the same site (virustotal.com) is likely used by hackers tweaking their latest variations. They make sure they change it enough to make it past virustotal.com, and then they release it via E-Mail.
So more importantly than installing some paid antivirus product is to be aware that nothing will save you from a zero-day threat. And, that they're nearly all zero-day threats (I hope it is obvious that nobody is going to spend time/effort pushing last years threats via spam or whatever).
and then I double check VirusTotal with Jotti
http://virusscan.jotti.org/en
Might be too late, but looks like Kapersky Labs may have a solution. http://www.engadget.com/2015/04/14/k...%28Engadget%29
Okay, Brand new to the site. I am a 30 year IT consultant who has recently been fighting Cryptowall 3.0 on several computer networks over the last couple of months. While I have read many of the threads on this subject, no ones story seems to be as severe as mine. I will try to be brief. The first couple of times I ran into this virus a quick system restore to factory defaults solved the problem. However, recently that is not enough. The virus that brings Cryptowall in has moved to the BIOS. You cannot just re-flash the BIOS and low level format the hard drives to get rid of it. You MUST cold flash the BIOS. For those who do not know that requires removing the BIOS chip from the motherboard and flashing it outside the computer. The reason is, once in the BIOS, when you boot the computer it moves into RAM and reinfects the drive. Then before you turn the computer off it re-writes itself to the BIOS. A very nasty yet clever feat indeed. Also, if you are lucky enough to shut everything down before Cryptowall has encrypted all you data, it is still infected with one of several different kinds of viruses. Overall, the time it takes to cold flash all networked computer and server BIOS', (we just buy drives, no time to low level the old ones), and restore all apps and clean the data takes about a week for a 4 -8 users network and costs the customer hundreds of hours of labor. Has anyone else ran into this extreme a variant?
Re Robert's problem, from what I've read, UEFI may not be an improvement on the malware front. I read a proposal on a computer site sorta like Sawmill Creek. A poster suggested some sort of separate flash drive for BIOS rather than the drive partition that UEFI uses. Then have an old fashioned mechanical switch to isolate the write function on that flash UEFI partition. The user must move that switch to enable writes to that device. Then have a placard near the switch saying don't move this unless you have a very good reason to do so. Fake or anonymous emails or texts do not constitute a very good reason. It wouldn't be perfect - some people would still leave write enabled for convenience. But then they'd have nobody to blame but themselves. People or businesses tasked with recovering systems with problems caused by leaving the write switch enabled could charge a "stupid premium" of say, 100%? in addition to the usual charge:cool:
Removing the BIOS chip on a modern computer is typically not a DIY job for the home hobbyist. The EEPROMs are almost always soldered directly to the board these days, and with the 10-layer+ boards in production and high-pin-density packages (not even talking about BGAs), this is not an item the DIYer can remove with a Radio Shack soldering gun.
Luckily, the viruses that attack at the BIOS level are few and far between in the wild... the vast majority here will go their entire lives without having encountered one.
If they're able to do a low-level write of the entire Flash, then yes, it would be okay. If you're counting on the OS (or UEFI) to handle the write, however, there's a large chance the malware will retain control afterwards since it retains control of the re-flash process. You really need someone who can attach directly to the programming lines of the chip and do it direct so nothing in the Flash can take control of the process.