Strange virus infected my SD card and photo imaging program,,

This morning when I turned my other computer on something odd was on my desktop. It was labeled RecOveR and a window popped onto my screen that said there was a problem with my computer and in order to get access to my important files (there are none on the computer) that I needed to start getting bitcoins and pay to get them back. Has anyone heard of this attack !! Odd thing is it infected my photo imaging program and my SD card. Wiped out all my pics which is no biggie but my antivirus and windows defender is not picking this thing up. Anyone know what it is ?

 

Figured something like that but why did it hit my photo imaging and nothing else? I can uninstall & reinstall the software for that. Everything else is as it always has been with no problems,,so far. I have not even opened the imaging for at least two months.

 

Most people consider their photos to be their most valuable files. They also rarely have backups.

 

Mine were all just ebay things and a few pics that I had not removed yet. Like the motor home that was sold a month ago . I am a bit slow at doing those things.

 

The malware (the best term for it although it could be classified as a Trojan) usually gets loaded through an email. The most recent that I've heard about is loaded in an email message with a title that says you have a package to pick up at the Post Office. You don't have to click any links, just open the message and it does its dirty deed. Re-installing the photo imaging software won't help, you'll still have the malware and it could be using your email to send itself to others. You need to wipe the hard drive and re-install Windows if you can. Many machines have and option when you boot up to repair the software, some are sold with CD's to re-install Windows but those are rare these days. Part of this is the ability to install everything from scratch. Depending on which version you were infected with, there are ways to remove it without wiping your hard drive clean. There's more detail on how on this site. https://malwaretips.com/blogs/remove-cryptowall-4-0-virus/

 

Thats what I do not understand. I had no unusual emails or anything else. And I do not download stuff at all. Just have three groups, this and two antique groups and basically that all I use the computer for. Haven`t sold on ebay for a month. None of the ones I deleted had anything except the photo program and something in documents which I do not use either. Has me stumped.

 

The whole problem is that (unlike Linux) Windows is completely open to all sorts of attacks. So once anything gets pass your antivirus, be it AVG, Bitdefender, or whatever - The malware will install itself in the Windows registry. So getting it out of there is not always easy, you can try the restore point option, but malware and viruses of today are way too smart for that... So reinstall everything from scratch is often the only option. Yes it'll be time consuming, but that is what now needs to be done.

Other options are to either have an image of your C drive stored elsewhere (when everything is once again installed cleanly) - Like have it copied to some other passport drive and leave it for emergencies like this. That way, should anything ever happen again, you just put your saved image over the C drive once again - And so within minutes you'll be up and running!

Another thing that we can try is called Deep Freeze [ http://www.deepfreeze.com.au/ ], as this instantly restores your PC to it's original installation upon every startup. So let the worst happen to the PC through the internet. All you'll need to do is simply press the reset button, and on the next startup it'll be as if nothing ever happened! Remember Bill Murray's movie Groundhog Day? Yes, that exactly what the PC will become like!

Of course, if everyone was using Linux, then nothing like this will ever happen, as Linux isn't standing wide open to attack. As Linux's registry, which I think is called Root, isn't easy to get access to without a password. Thus making it almost impossible for automated malware and viruses to get control of your PC... Malware can still enter, but what will it be able to do when all the doors are locked securely?

One last option that you can try is called "air gaping" (which is what I also do). It simply means that you use 2 PCs. On the one at which you do all your serious work (as well as store personal stuff), you always keep it disconnected from the internet or any other network. And for your internet activity, you use another PC (preferably having Linux installed on it). Protocol to follow is that nothing will go into your first PC. Information will only come out, (and that too only via USB thumb drive), and once that USB stick is touched by another PC (where those files you worked on will need to be copied) - You either have that USB stick destroyed, or have it completely formatted before it touches your first PC again.

Had those people at Mossack Fonseca (the law firm in Panama) only practiced this simple concept of air gaping their computers, then no one on Earth (or even from beyond) would have been able to hack anything out of their systems!!! Yet today everyone is laughing about the escape of at least 2.6 Terabytes of highly confidential data - Now freely floating on the internet, for anyone to see!

Anyhow, as for how that malware got into your PC, specially when no one else used it? Well, the simplest explanation is often the most likely. Which is that someone from somewhere used your PC when your back was turned, maybe it was some teenager visiting, or some servant (if you have any employed). They probably visited some dirty sights (or used your PC to download something of a similar nature) - The result of which is that now your PC has got this kind of malware on it... It could also very well be that when you had your PC serviced, someone at the repair shop must have used it for something dirty. I say this because such aggressive malware is often waiting to attack on porn sites, (as no decent site owner will allow this)... Other explanation is that maybe you once connected a USB thumb drive of an unknown origin, like some friend wanted to give you a file for something. So that's another way how viruses and malware can jump from PC to PC. This also applies to other mass storage devices too, like cameras for example, or the SD card in them - So if you ever had to connect your camera (or cellphone) to another PC in an emergency. Is how malware could have jumped onto your camera or smart phone, (or the SD card in them), which later got hold of your PC when the same device was connected at home. But realistically speaking, in my experience, 90% of the times it's the direct result of visiting dirty sites over the internet. And it is very common that the actual owner of the PC isn't even aware that someone was using the PC for such activities.

But one way to find out for sure, is if you go to your ISP (internet service provider) and ask them for a printout of all the sites that were visited from your connection. Some ISPs give this out to you without any hesitation, specially if the connection was in your name. But some ask for a court order. It actually depends what the local laws are like in your area and country. However if you can get this list of sites visited through your internet connection - Then as a windfall you'll also get the time and dates along with each site visited. So if a dirty site address is shown, you'll also know exactly when it was viewed. So it'll become very easy to catch the culprit this way!

Seriously, all ISPs hold this date - In my country too, they (by law) are to hold this information for as long as 6 months for each connection, and in some cases up to even 5 years! This is a necessity, as it functions to trace people, in case someone uses the internet to threaten or blackmail some government or military official. Or if someone is communicating with terrorists... So this type of record is today maintained by all ISPs all over the world! But will they let you see this also? That I can't say anything about. However if they do, then it will become very easy to do our own detective work! Because this is serious stuff, actually a crime, specially if your PC is being used without your knowledge. Going to dirty sites of course will only amount to a little embarrassment - However this too will be forgotten over time, (specially if some attitude ridden teenager is to blame for it). But the thing with malware is that aside from blackmail, it can also just as easily be used by terrorists - To secretly take control of your PC, and use it for themselves and their motives, (from a distance)...

So it now just cannot be taken too lightly, specially if you yourself have no clear idea how this malware got your PC.