Jump to content



User Poll: Do you change your password(s) regularly?

Do you change your password(s) regularly as a safety precaution, or like many other people, do you enter a password only once and stick with it throughout the years online?
You can VOTE and discuss here

"); //]]>
Photo

How To Remove Ransomware


  • Please log in to reply
No replies to this topic

#1

marko

marko

    Platinum Poster!

  • Root Admin
  • 12,606 posts

    Despite the many pages littered across the internet on how to remove ransomware, it would appear many are outdated or just plain mis-informed or wrong!.

    The favourite idiotic advice is to "boot into windows" and "scan your computer" or "remove the file named "@*%$" from the "startup" folder. All fine and well if you can actually "boot into windows" but most ransomware will prevent you from doing anything useful once you have booted into windows, and safe mode doesn't appear to be much better going on my own experiences!!.

    Normally, the only thing I could get working when I was dealing with a computer infected by ransomware was booting into safe mode with "command prompt". Anything else just didn't work. So, here's a step by step guide for anyone infected with ransomware who cannot get into Windows or safemode to scan or delete ....

    First of all, get to a clean computer and download RogueKiller which is a particular simple, yet extremely effective cleaner and can stop malicious services, unload malicious DLLs from processes and kill malicious hidden processes outright. Copy the "exe" file onto a USB stick, insert the USB stick into the infected computer and then restart it. As soon as the screen goes black (normally immediately after the computer is powered on) start tapping the "F8" button until you see the following options on screen ...

    Fig 1.1

    xp-safe-mode-with-command-prompt.jpg

    Use the arrow keys on your keyboard to navigate up and down and select "Safe Mode with Command Prompt" and hit Enter. Wait for the computer to display the command prompt on screen and when it does, type the following:

    wmic logicaldisk get deviceid, volumename, description

    You should now see a list of all the drives available on the infected computer, in our case the "removable disk" is drive "F" and so that's our USB stick.

    Now type the drive letter of the USB stick, followed by the name of the RogueKiller file which should be "RogueKiller.exe" into the command prompt, like this:

    f:\roguekiller.exe

    Fig 1.2

    29-04-2013 20-37-08.png

    You should now see the GUI for RogueKiller, like Fig 1.3 below. Wait for the "pre-scan" to finish, then hit the "Scan" button at the top right of the console. Once the scan is complete, use the program to delete anything you find suspicious, and certainly anything looking like a virus (i.e. trojans, etc). Once you have done this, you can shutdown the computer and restart normally and now you should be able to boot into Windows normally without the ransomware screen annoying you constantly. Download and install SuperAntiSpyware and MalwareBytes immediately, update them and perform complete scans using both, rebooting if required when prompted.

    Feel free to use your own preferred malware scanner too, but personally I'd trust the above two most. If you are using Avast, perform a boot-time scan too, and at the very least, run a complete scan on your computer using your own antivirus scanner.

    Fig 1.3

    29-04-2013 20-40-10.png

    Finally, and as a precaution, it's advisable to turn off Windows restore to clear the restore points, then turn it back on again. Here's how ...

    Windows XP

    Windows 7

    Windows 8 ... right-click at the screen's bottom-left corner and from the pop-up menu, choose "System" ==> Open "System protection" on the left pane ==> In "System Protection" tab, click "Configure" ==> To disable System Restore, check the "Disable system protection" and press "OK".


      You can support FreewareBB and have adverts removed from your view by becoming a Verified Member!!

      Please post your queries, requests and enquiries in the forums - do not PM me directly as I cannot answer everyone individually - your post stands a much better chance of receiving multiple replies from other members too on the forums.

      Forums
      New Freeware on the site
      Updated Freeware on the site
      RSS Subscribe
      Report bad freeware here







      0 user(s) are reading this topic

      0 members, 0 guests, 0 anonymous users