{"id":910,"date":"2014-04-04T12:13:00","date_gmt":"2014-04-04T10:13:00","guid":{"rendered":"http:\/\/www.satinfo.es\/noticies\/?p=910"},"modified":"2014-04-04T12:15:59","modified_gmt":"2014-04-04T10:15:59","slug":"solucion-al-cifrado-de-ficheros-producido-por-el-cryptorbit-en-sistemas-microsoft-windows-vista-7-8","status":"publish","type":"post","link":"https:\/\/www.satinfo.es\/noticies\/2014\/solucion-al-cifrado-de-ficheros-producido-por-el-cryptorbit-en-sistemas-microsoft-windows-vista-7-8\/","title":{"rendered":"SOLUCION AL CIFRADO DE FICHEROS PRODUCIDO POR EL CRYPTORBIT (en sistemas Microsoft Windows\u00ae Vista\/ 7 \/ 8)"},"content":{"rendered":"

Gracias a la aportaci\u00f3n de Wikipedia y a la colaboraci\u00f3n de buenos distribuidores que han comprobado la funcionalidad con \u00e9xito de los pasos que les hemos dado, hemos logrado, en dichos casos, la restauraci\u00f3n de los ficheros cifrados con el CRYPTORBIT, que ha afectado a varios de nuestros usuarios, en base a restaurar versiones anteriores de los archivos codificados, en sistemas operativos recientes (no XP)<\/span><\/span><\/span><\/p>\n

En Wikipedia puede verse:<\/span><\/span><\/span><\/p>\n

\u201cShadow Copy (also known as Volume Snapshot Service,[1] Volume Shadow Copy Service[2] or VSS[2]), is a technology included in Microsoft Windows that allows taking manual or automatic backup copies or snapshots of data, even if it has a lock, on a specific volume at a specific point in time over regular intervals. It is implemented as a Windows service called the Volume Shadow Copy service. A software VSS provider service is also included as part of Windows to be used by Windows applications. Shadow Copy technology requires the file system to be NTFS to be able to create and store shadow copies. Shadow Copies can be created on local and external (removable or network) volumes by any Windows component that uses this technology, such as when creating a scheduled Windows Backup or automatic System Restore point.\u201d<\/i><\/span><\/span><\/span><\/p>\n

F<\/span><\/span><\/span><\/span><\/a>uente<\/span><\/span><\/span><\/span><\/a><\/p>\n

P<\/span><\/span><\/span>ara ello puede probarse el SHADOWEXPLORER.EXE, que puede descargarse de: <\/span><\/span><\/span><\/p>\n

http:\/\/www.shadowexplorer.com\/downloads.html<\/span><\/span><\/span><\/span><\/a><\/p>\n

\u201cInformation about ShadowExplorer, a free replacement for the <\/i><\/span><\/span><\/span><\/strong>Previous Versions<\/i><\/span><\/span><\/span><\/em>feature of Microsoft Windows\u00ae VistaTM \/ 7 \/ 8. and it seems to work on Windows Server 2003\/2008\/2008 R2 aswell. It is shown how you can restore lost or damaged files from <\/i><\/span><\/span><\/span><\/strong>Shadow Copies<\/i><\/span><\/span><\/span><\/em>. However, this is by no means a replacement for traditional backups!\u201d<\/i><\/span><\/span><\/span><\/strong><\/p>\n

Se recomienda arrancar en MODO SEGURO CON FUNCIONES DE RED y lanzar dicha utilidad. Si el virus lo impide por haber modificado las claves de:<\/span><\/span><\/span><\/p>\n

KEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\
\nControl\\SafeBoot\\Minimal<\/span><\/span><\/span><\/p>\n

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\
\nControl\\SafeBoot\\Network<\/span><\/span><\/span><\/p>\n

en tal caso, lanzar <\/span><\/span><\/span>nuestra utilidad <\/span><\/span><\/span>ELISTARA para restaurar dichas claves y luego arrancar en MODO SEGURO CON FUNCIONES DE RED, en dicho modo lanzar la indicada utilidad.<\/span><\/span><\/span><\/p>\n

Manualmente, puede restaurarse individualmente cada archivo cifrado por este virus <\/b><\/span><\/span><\/span><\/strong>o por carpetas<\/b><\/span><\/span><\/span><\/strong>, para lo cual los usuarios pueden probar con versiones anteriores.<\/b><\/span><\/span><\/span><\/strong><\/p>\n

Para restaurar puntualmente un archivo, haga clic con el bot\u00f3n derecho del rat\u00f3n sobre el archivo, seleccione Propiedades y haga clic en la pesta\u00f1a Versiones anteriores. Si el archivo en cuesti\u00f3n tiene su punto de restauraci\u00f3n creado, selecci\u00f3nelo y haga clic en el bot\u00f3n \u201cRestaurar\u201d.<\/b><\/span><\/span><\/span><\/strong><\/p>\n

Por supuesto que conviene eliminar, si aun no se ha hecho, el virus propiamente dicho antes de recuperar dichos ficheros, para lo cual aconsejamos configurar la sensibilidad heuristica del VirusScan a nivel ALTO y lanzar tras ello un escaneo con el VirusScan.<\/span><\/span><\/span><\/p>\n

Independientemente, recordamos la conveniencia de instalar el SITEADVISOR de McAfee (<\/span><\/span><\/span>www.siteadvisor.com<\/span><\/span><\/span><\/span><\/a>) y de no ejecutar ficheros anexados a mails no solicitados, ni pulsar en sus <\/span><\/span><\/span>enlaces<\/span><\/span><\/span> ni en sus <\/span><\/span><\/span>im\u00e1genes<\/span><\/span><\/span>, aparte de no visitar webs sospechosas, en lo cual el SITEADVISOR le ayudar\u00e1.<\/span><\/span><\/span><\/p>\n

Por \u00faltimo, sabido que este malware aprovecha un agujero de seguridad de <\/span><\/span><\/span>W<\/span><\/span><\/span>indows, por lo que es importante tener siempre actualizados los parches, o bien <\/span><\/span><\/span>autom\u00e1ticamente<\/span><\/span><\/span>, o lanzando un windowsupdate (<\/span><\/span><\/span>windowsupdate.microsoft.com<\/span><\/span><\/span><\/span><\/a>) e instalando los que se encuentren a faltar. (Especialmente el <\/span><\/span><\/span>MS14-012<\/span><\/span><\/span><\/a>)<\/span><\/span><\/span><\/p>\n

SATINFO<\/span>, SERVICIO DE ASISTENCIA T\u00c9CNICA INFORMATICA \u00a0 4 de Abril de 2014<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Gracias a la aportaci\u00f3n de Wikipedia y a la colaboraci\u00f3n de buenos distribuidores que han comprobado la funcionalidad con \u00e9xito de los pasos que les hemos dado, hemos logrado, en dichos casos, la restauraci\u00f3n de los ficheros cifrados con el CRYPTORBIT, que ha afectado a varios de nuestros usuarios, en base a restaurar versiones anteriores […]<\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[517,891,892],"tags":[543,544,247],"class_list":["post-910","post","type-post","status-publish","format-standard","hentry","category-517","category-otros","category-todos","tag-cifrado-de-ficheros","tag-cryptorbit","tag-solucion","category-517-id","category-891-id","category-892-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/posts\/910","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/comments?post=910"}],"version-history":[{"count":0,"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/posts\/910\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/media?parent=910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/categories?post=910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/tags?post=910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}