5 Replies Latest reply on Mar 5, 2014 12:20 PM by Peter M

    Ice malware

    davekoerner

      windows 7,mcafee installed and current,tried safe mode with and with network with no success. 

      My recovery points have disappeared except for a few recent ones.

      mcafee won't open to scan in safe mode.

      Recovery points that i do have were unsuccessful.

        • 1. Re: Ice malware
          Peter M

          I moved this to Malware Discussion > Home User Assistance.

           

          Mcafee SecurityCenter wont open in Safe Mode but you can still scan by right-clicking the taskbar icon and selecting Scan or going to Computer and right-clicking a drive and selecting Scan.

           

          You can do that also for any folder or object you wish to check.

           

          Hover over the icon to get a progress report.   However most antivirus software has a hard time detecting this sort of thing.

           

          When ransomware such as this is detected, it is best to completely power off immediately.  Then try rebooting into Safe Mode to select a restore point.   However even that option may be taken away if you have clicked oin anything at all or pressed any keyboard keys whilst it was active.

           

          There is an excellent removal guide here:  http://www.bleepingcomputer.com/virus-removal/remove-ice-cyber-crime-center-rans omware

           

           

           

           

           

          .

           


           

          Message was edited by: Ex_Brit on 05/03/14 12:35:55 EST PM
          • 2. Re: Ice malware
            sol

            McAfee did place an Extra.dat for this ransomware after we had sent in a suspicious file from an infected computer. It is working great at stopping these.

             

            We re-imaged the PC we had infected. Encryptolocker has also reared its ugly head as of late and that is also being caught by the extra.dat.

             

            Does anyone know how long before these fixes are placed in the normal .DAT protection? It's been two weeks now andour system log files keep showing extra.dat as the detector and stopper. The threats are not reporting in the ePO alert reports because of it.

             

            I've just been happy to have these threats under control

            • 3. Re: Ice malware
              Peter M

              Unknown - normally they would go into the next regular update, but the Enterprise and Consumer software are now updated differently so I can't vouch for that.

               

              You could try emailing the labs but don't expect a quick answer.  virus_research@mcafee.com

              • 4. Re: Ice malware
                sol

                Thanks... I imagine they are quite consumed with the thousands of daily infected file samples.

                • 5. Re: Ice malware
                  Peter M

                  Yes, I would assume so.