Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Has anyone ever dealt with win32/detplock?
08-03-2015, 01:30 AM
Post: #1
Has anyone ever dealt with win32/detplock?
Hi all,

I was running some scans on my PC using Malware-bytes and Windows Security Essentials. I generally try to run these at least once a week and everything normally comes up clean since I pretty much only visit the same handful of sites on this particular machine.

However, last night Microsoft Security Essentials turned up a hit for something called win32/detplock on one of my storage drives. I immediately quarantined then removed it and deleted the directory it was in. I did some research and didn't see any specifics on this particular malware but every site seemed to generically state that it was dangerous.

I was wondering if anyone had dealt with this malware before. I'm wondering if a complete reinstall of my system is now necessary or if that may be overkill. I'm also curious as to how I got infected, but I'm sure that's a mystery that will not be solved. Any advice or guidance you can provide would be most appreciated. Thank you!
Find all posts by this user
Quote this message in a reply
08-04-2015, 03:03 AM
Post: #2
RE: Has anyone ever dealt with win32/detplock?
Dont have personal experience with this malware.
But after a quick google search, Microsoft Essentials detects is and does a good job deleting it.
No need for a full reinstall.

How you can get infected:
Maybe you have noticed that there were quite a few updates lately from Adobe , Microsoft
Most of these updates were triggered by data that was made public by someone that hacked "Hacking Team"
http://www.ibtimes.co.uk/hacking-team-ha...ny-1509925
Hacking Team is a group of hackers that sells unknown vulnerabilities.
Unknown means that the virusscanner isnt detecting it.

Some vulnerabilities in Adobe Flash for example could infect your pc simple by browsing to a "infected/hacked" website.
Or by watching a infected youtube video.
Very often hackers use advertising banners to infect computers.
Website owners often use a adserver to display ad's. A server they dont control/manage, but they get money for it.
These adservers are often hacked. Advertisement banners infected. You goto a website that display that banner and thats it.

Using the firefox or chrome browser with plugins adblock and even better noscript you block ad's and
cant be attacked even by these unknown vulnerabilities. (zero-day's)
https://en.wikipedia.org/wiki/Zero-day_%28computing%29

But the antivirus is always a few steps behind the malware-creators.
It's a ongoing battle. There is always a chance you get infected unknowingly.
Find all posts by this user
Quote this message in a reply
08-04-2015, 11:22 AM
Post: #3
RE: Has anyone ever dealt with win32/detplock?
(08-04-2015 03:03 AM)Golempie Wrote:  Dont have personal experience with this malware.
But after a quick google search, Microsoft Essentials detects is and does a good job deleting it.
No need for a full reinstall.

How you can get infected:
Maybe you have noticed that there were quite a few updates lately from Adobe , Microsoft
Most of these updates were triggered by data that was made public by someone that hacked "Hacking Team"
http://www.ibtimes.co.uk/hacking-team-ha...ny-1509925
Hacking Team is a group of hackers that sells unknown vulnerabilities.
Unknown means that the virusscanner isnt detecting it.

Some vulnerabilities in Adobe Flash for example could infect your pc simple by browsing to a "infected/hacked" website.
Or by watching a infected youtube video.
Very often hackers use advertising banners to infect computers.
Website owners often use a adserver to display ad's. A server they dont control/manage, but they get money for it.
These adservers are often hacked. Advertisement banners infected. You goto a website that display that banner and thats it.

Using the firefox or chrome browser with plugins adblock and even better noscript you block ad's and
cant be attacked even by these unknown vulnerabilities. (zero-day's)
https://en.wikipedia.org/wiki/Zero-day_%28computing%29

But the antivirus is always a few steps behind the malware-creators.
It's a ongoing battle. There is always a chance you get infected unknowingly.

Thanks for the feedback! I had read about Hacking Team's lost of zero day exploits - never accounted that towards my situation though. Any chance it was a false positive? It was sitting in a directory I downloaded many months ago (as part of a mod for the old Star Wars X Wing Alliance, haha! It was from moddb which I've had success with in the past). I've just been scanning every day looking for any trace or reappearance of hits and so far nothing. I'm also looking for a reputable manual removal guide for win32\detplock to see if the corresponding registry files can be found there as proof of it's existence.
Find all posts by this user
Quote this message in a reply
08-04-2015, 04:25 PM
Post: #4
RE: Has anyone ever dealt with win32/detplock?
OK, you downloaded it. So its not a zero-day attack.
I dont think there is much chance that it is a false positive, and because you deleted it
you cant check it with other scanners.
Found a website that describes several methods for removing win32\detplock, 1 of them is manual removal.
http://removevirusnow.com/win32-detplock-removal/
Find all posts by this user
Quote this message in a reply
08-05-2015, 12:50 PM
Post: #5
RE: Has anyone ever dealt with win32/detplock?
(08-04-2015 04:25 PM)Golempie Wrote:  OK, you downloaded it. So its not a zero-day attack.
I dont think there is much chance that it is a false positive, and because you deleted it
you cant check it with other scanners.
Found a website that describes several methods for removing win32\detplock, 1 of them is manual removal.
http://removevirusnow.com/win32-detplock-removal/

Shoot - I was afraid that it may be something I downloaded. If it was sitting in that directory, I'm concerned how long any malware may have been there.

Thank you for providing the above guide. I followed the steps in Method 1 and was not able to locate any of the directories/files or registry keys described in that guide. Perhaps Microsoft Security Essentials removed them during the scan?
Find all posts by this user
Quote this message in a reply
08-05-2015, 03:43 PM
Post: #6
RE: Has anyone ever dealt with win32/detplock?
Since you try to scan every week i would say the virus could be
there for a week tops. It's not a new virus, so all virusscanners will
regonize it for some time now.

Yes, Security Essentials cleares malware-keys from the registry.

Example of using adserver to infect visitors of websites. (2 days ago)
http://bits.blogs.nytimes.com/2015/08/03...-ads/?_r=0
Find all posts by this user
Quote this message in a reply
08-06-2015, 11:05 AM
Post: #7
RE: Has anyone ever dealt with win32/detplock?
(08-05-2015 03:43 PM)Golempie Wrote:  Since you try to scan every week i would say the virus could be
there for a week tops. It's not a new virus, so all virusscanners will
regonize it for some time now.

Yes, Security Essentials cleares malware-keys from the registry.

Example of using adserver to infect visitors of websites. (2 days ago)
http://bits.blogs.nytimes.com/2015/08/03...-ads/?_r=0

Perhaps. I guess I can just hope at this point.

Ok that's good to know that Security Essentials will also remove the registry keys.

Thanks for the article - good read!

At this point, I've scanned by PC almost daily with full scans using Security Essentials and Malwarebytes. I'm also running full scans using both tools with Windows in Safe Mode now. In addition, I've changed my master password for my password manager as well as any financial institutions I log into, assuming the worst case that my personal information was sent back to an attacker. Short of reformatting all my drives and reinstalling Windows is there anything else I should be doing?

I apologize for the myriad of questions. I just try to be very cautious and aware while browsing - it's not often I get infected, so when I do I am kind of hard on myself and sometimes get carried away with remedying the situation. I really do appreciate your help though.
Find all posts by this user
Quote this message in a reply
08-07-2015, 04:09 PM
Post: #8
RE: Has anyone ever dealt with win32/detplock?
Scan every day is a bit of overkill i think.
Personally i dont use same PC for Financial Instutions or other important
websites. If you dont have a second pc, you can use dualboot system.
That means 1 PC that you can startup either from Windows or another
Operating system you installed.
And with other operating system i mean Linux.
Almost all malware is made for Windows, so not using Windows makes you
a lot less target.
http://www.everydaylinuxuser.com/2014/07...gside.html

Also i dont use Wifi, even more important when logging into financial websites.
Yes, the chance of being attacked through your wifi is very small, but still...

Change password of your router. Often people just use the default password that anyone
can find on the internet.

If you ever decide to do a total reinstall, make an image when the reinstall + updates are done.
That way you can reinstall the pc simply by restoring the image.
A matter of 15 minutes instead of a day.
http://www.macrium.com/reflectfree.aspx
Find all posts by this user
Quote this message in a reply
12-09-2015, 08:57 PM (This post was last modified: 12-09-2015 09:00 PM by Minjoner.)
Post: #9
RE: Has anyone ever dealt with win32/detplock?
hi,
it seems to have evloved to vvv strain of Tesla malware

removal and recovery help for the malware in mention [http://nabzsoftware.com/types-of-threats/vvv-file]
Find all posts by this user
Quote this message in a reply
12-14-2015, 03:48 PM
Post: #10
Tongue RE: Has anyone ever dealt with win32/detplock?
Last time, I had detected this threat on my Windows PC and it was very annoying for me. I was not able to figure out effective measure to get rid of it. finally, I visited a website that really helped me a lot and also guided me to remove this creepy threat from my computer.
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)