avmad Posted October 24, 2013 Share Posted October 24, 2013 Current Version: 2.2.1CryptoPrevent is a tiny utility to lock down any Windows OS to prevent infection by the Cryptolocker malware or ‘ransomware’, which encrypts personal files and then offers decryption for a paid ransom.http://www.foolishit.com/vb6-projects/cryptoprevent/ Prevention MethodologyCryptoPrevent artificially implants group policy objects into the registry in order to block certain executables in certain locations from running. Note that because the group policy objects are artificially created, they will not display in the Group Policy Editor on a Professional version of Windows — but rest assured they are still there!Executables are blocked in these paths where * is a wildcard:%appdata% and any first-level subdirectories in %appdata% (e.g. %appdata%\directory1, %appdata%\directory2, etc.)%localappdata% (on Vista+) and any first-level subdirectories in there.%temp%\rar* directories%temp%\7z* directories%temp%\wz* directories%temp%\*.zip directoriesThe first two locations are used by the malware as launch points. The final four locations are temporary extract locations for executables when run from directly inside of a compressed archive (e.g. you open download.zip in Windows Explorer, WinRAR, WinZip, or 7zip, and execute an .EXE from directly inside the download, it is actually extracted to a temporary location and run from there – so this guards against that as well.) DownloadsCryptoPrevent is completely FREE for personal and commercial usagePortablehttp://www.foolishit.com/download/cryptoprevent/Installerhttp://www.foolishit.com/download/cryptoprevent-installer/ Link to comment Share on other sites More sharing options...
ibm650 Posted October 26, 2013 Share Posted October 26, 2013 Thanks much, is this verified, also they change cryptolocker fairly frequently Link to comment Share on other sites More sharing options...
Recommended Posts