Ransomware attack in Windows 1809 - Please help

Page 2 of 3 FirstFirst 123 LastLast
  1.    2 Weeks Ago #11

    Just roll back to latest image ( Macrium !) ................and nothing happened !
      My ComputerSystem Spec

  2.    2 Weeks Ago #12

    archz2 said: View Post
    Okay. But those encrypted files do not carry virus, do they? Where does the virus actually reside in the case of a ransomware attack?
    It is nearly impossible to figure out or many businesses with IT depts. that get hit, just pay. As your friend suggested, you are VERY lucky that everything except your OS was not encrypted, which happened to me. As 'PrivacyFreak suggested, save those files, someone will eventually make a decryption key. If you already have them backed up, skip them in the next step.
    Disconnect from the internet, back up your data to external drive(s). Then do a full, clean install incl letting Windows repartition to one space (pay attention to Steps 10 and 11). This is the ONLY 100% guaranteed way to remove any and all ransomware or virus present (a Repair install will retain them). When finished, you can create a new D partition/drive and restore your data. Good Luck. - Clean Install Windows 10

    If Windows Defender is your only AV, you can enhance ransomware coverage by enabling Controlled Folder Access which blocks untrusted apps from accessing your This PC folders. May be a pain to whitelist, as you go along but you shouldn't have too many programs not recognized by Defender - https://winaero.com/blog/controlled-...ss-windows-10/
    Last edited by mrgeek; 2 Weeks Ago at 10:50.
      My ComputerSystem Spec

  3.    2 Weeks Ago #13

    @archz2: Sorry for the delayed response. Since the strain of GandCrab has been around for a while now, most AVs/AMs should detect it and get rid of it from your system. You can use a free 3rd party second opinion scanner such as Emsisoft Emergency Kit, Malwarebytes Free or Hitman Pro to scan your system.

    In your case, I speculate that WD got rid of it but only after the ransomware encrypted a few files. WD may not have been able to roll that action back (don't know if it is capable of doing so.)

    The only way to be 100% sure that it's gone is as mrgeek suggests to perform a clean install of Windows (after you've performed a full system scan (all partitions) with a couple of good 3rd party AVs and after taking a backup of your data.)
    Last edited by PrivacyFreak; 2 Weeks Ago at 11:34.
      My ComputerSystem Spec

  4.    2 Weeks Ago #14

    mrgeek said: View Post
    It is nearly impossible to figure out or many businesses with IT depts. that get hit, just pay. As your friend suggested, you are VERY lucky that everything except your OS was not encrypted, which happened to me. As 'PrivacyFreak suggested, save those files, someone will eventually make a decryption key. If you already have them backed up, skip them in the next step.
    Disconnect from the internet, back up your data to external drive(s). Then do a full, clean install incl letting Windows repartition to one space (pay attention to Steps 10 and 11). This is the ONLY 100% guaranteed way to remove any and all ransomware or virus present (a Repair install will retain them). When finished, you can create a new D partition/drive and restore your data. Good Luck. - Clean Install Windows 10

    If Windows Defender is your only AV, you can enhance ransomware coverage by enabling Controlled Folder Access which blocks untrusted apps from accessing your This PC folders. May be a pain to whitelist, as you go along but you shouldn't have too many programs not recognized by Defender - https://winaero.com/blog/controlled-...ss-windows-10/
    I agree again.
      My ComputersSystem Spec


  5. Posts : 98
    Windows 10-64 bit (version 1809 build 17763.195)
    Thread Starter
       1 Week Ago #15

    Okay, yesterday without waiting for your replies, here's what I did.

    1. I formatted my C partition during the windows 10 installation that I did using bootable USB. Then I installed windows 10 -1809 in it.
    2. I kept my E partition intact.
    3. All this while my LAN cable was disconnected.
    4. After windows installation, I installed ESET internet security.
    5. I updated it using the internet. Ran a full scan.
    6. It detected the ransomware txt instructions file as virus. It didn't detect virus in the encrypted files in the E: partition.
    7. I spent 6-7 hours installing various software from scratch yesterday.
    8. It's been ever since, that my computer is working fine now.

    So based on the above evidence, I believe that the virus was in C: partition. Otherwise my other folders would have got encrypted too by now.
      My ComputerSystem Spec

  6.    1 Week Ago #16

    "So based on the above evidence, I believe that the virus was in C: partition. Otherwise my other folders would have got encrypted too by now."

    Excellent news ! Reinstalling Windows after wiping the disk is the only effective solution. The time one wastes trying to diagnose can be put toward reinstalling programs (not as bad as people make it out to be since you get a 2nd chance to figure out what you actually need/use and get updated software versions) and restoring personal files from backup.
    We're lucky to be in the Win10 era, when this happened to me on XP, I had 4-5 years of updates to reinstall, requiring a restart after almost each ! When Staples offered to include it for the virus removal charge, I let them go at it ... for 4 days.
    Once you have everything put back together, make a system image that you can use as a new beginning point. Cheers.
      My ComputerSystem Spec

  7.    1 Week Ago #17

    May I ask you ; why not Just roll back to latest image ( Macrium !) ..............
    Much easier and should be enough !
      My ComputerSystem Spec

  8.    1 Week Ago #18

    pietcorus2 said: View Post
    May I ask you ; why not Just roll back to latest image ( Macrium !) .............. Much easier and should be enough !


    Depends when image was taken. If it included the ransomware trigger, it may encrypt ALL of his files, if regenrated, not just 3 folders with little data. This is also why System Restore never works to rollback either, the ransomware is still hiding in registry being restored.
      My ComputerSystem Spec

  9.    1 Week Ago #19

    Always good to hear a successful outcome. Thanks for letting us know.
      My ComputersSystem Spec


  10. Posts : 98
    Windows 10-64 bit (version 1809 build 17763.195)
    Thread Starter
       1 Week Ago #20

    pietcorus2 said: View Post
    May I ask you ; why not Just roll back to latest image ( Macrium !) ..............
    Much easier and should be enough !
    I don't have the infrastructure to take such giant images of my entire PC. I've been using computers for 17 years and never faced any trouble. Basically, I'm a risk taker. I take backups in my external hard drives of whatever work I do.
      My ComputerSystem Spec


 
Page 2 of 3 FirstFirst 123 LastLast

Related Threads
Hello Guys! I'm new here, honestly never had problems with windows 10 until this time so i really need your help. So i was attacked by ransomware yesterday, however i had Windows Backup funciotionality active. However i never need it so i never...
New global ransomware attack hits East Europe and spreading in AntiVirus, Firewalls and System Security
Another massive attack is going on at the moment. It started in Ukraine and Russia and is already all over Europe and US too. Read more on bitdefender.com | massive-goldeneye-ransomware-campaign-slams-worldwide-users/ Independent is...
It seems possible that this prophetic British Medical Journal letter from May 10 edition (online May 11, the day before the WannaCry Exploit hit the world) may have focussed the current ransomware attack on UK NHS hospitals: 135086 The...
New Ransomware attack in AntiVirus, Firewalls and System Security
Only 5 days out and Win10 being screwed with. This link was in an E-Mail today: New Windows 10 scam will encrypt your files for ransom | ZDNet

Tags for this Thread

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:20.
Find Us