Linux Mint 17 Cinnamon ‘Qiana’

Linux Mint 17 Cinnamon ‘Qiana’ has reached RC status.  Here are some screenshots of the new release.

Places where changes were made, noted by the Mint Team:

  • Update Manager
  • Drivers Manager
  • Login Screen
  • Language Settings
  • Software Sources
  • Welcome Screen
  • Cinnamon 2.2
  • System Improvements
  • Artwork Improvements
  • Main Components
  • LTS Strategy

Give Mint 17 a try for 32-bit here or 64-bit here. Let me know your thoughts on the latest release.

I have added some screenshots of the installation from LiveCD in this article.

Oops

So, it seems that my personal tech site was useful for lots of people.  I recently went through and cleaned house.  Created a new server, new database, etc. and dumped all my old content.  By old, I mean 2009-2012 posts.  This was obviously a bad move.   I have had a ton of emails requesting content, so I am trying to make it happen for everyone.  I removed my site from Google/Bing indexes for nearly a year while I waited for things to fizzle off but it seems a lot of sites like Stack Exchange, Toms Hardware, and other popular communities had linked to my site for various reasons.

Please, if you have a data/post request, email me at admin@techish.net.  I will try to get back to you in a timely manner.

CryptoLocker Software Restriction Policies

Identification of Cryptolocker

Location of CryptoLocker binaries:

  • %AppData%<random>.exe
  • %LocalAppData%<random>.exe

If the malware has executed, one or more of the following registry keys will be present:

  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun CryptoLocker
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun CryptoLocker_<version>
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce *CryptoLocker
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun <Random>

Containing CryptoLocker

Stop the binaries from executing by applying GPO to block the following:

  • %appdata%*.exe
  • %appdata%**.exe
  • %localappdata%*.exe
  • %localappdata%**.exe

It is also possible to stop execution by creating a Software Restriction Policy (SRP).

Below are SRP rules to assist in blocking CryptoLocker. You may have to tweak some of these rules for your environment.

———–

Block CryptoLocker executable in %AppData%

Path: %AppData%*.exe
Security Level: Disallowed
Description: Don’t allow executable to run from %AppData%.

Block CryptoLocker executable in %LocalAppData%.

Path if using Windows XP: %UserProfile%Local Settings*.exe
Path if using Windows Vista/7/8: %LocalAppData%*.exe
Security Level: Disallowed
Description: Don’t allow executable to run from %AppData%.

Block executable run from archive attachments opened with WinRAR:

Path if using Windows XP: %UserProfile%Local SettingsTempRar**.exe
Path if using Windows Vista/7/8: %LocalAppData%TempRar**.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened with WinRAR.

Block executable run from archive attachments opened with 7zip:

Path if using Windows XP: %UserProfile%Local SettingsTemp7z**.exe
Path if using Windows Vista/7/8: %LocalAppData%Temp7z**.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened with 7zip.

Block executable run from archive attachments opened with WinZip:
Path if using Windows XP: %UserProfile%Local SettingsTempwz**.exe
Path if using Windows Vista/7/8: %LocalAppData%Tempwz**.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened with WinZip.

Block executable run from archive attachments opened using Windows built-in Zip support:

Path if using Windows XP: %UserProfile%Local SettingsTemp*.zip*.exe
Path if using Windows Vista/7/8: %LocalAppData%Temp*.zip*.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened using Windows built-in Zip support.

———–

Identifying if your system has already begun encrypting files:

The following PowerShell script will list all files that are currently encrypted on the local system. To execute this, run PowerShell as administrator and paste the following code:

(Get-Item HKCU:SoftwareCryptoLockerFiles).GetValueNames().Replace(?,) | Out-File CryptoLockerFiles.txt -Encoding unicode