Windows 10: This bag of tricks may help stop a ransomware infection Solved


  1. Posts : 19,861
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       23 Mar 2016 #1

    This bag of tricks may help stop a ransomware infection


    A malware researcher has found a few tricks to stop one of the latest types of ransomware, called Locky, from infecting a computer without using any security programs.
    This bag of tricks may help stop a ransomware infection | PCWorld
      My ComputerSystem Spec


  2. Posts : 3,207
    10.5 Home 1803 x64
       23 Mar 2016 #2

    This "trick" does not stop just Locky, but most of the malware and common users are not limited by it.

    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d 0 /f
      My ComputerSystem Spec


  3. Posts : 29,341
    64-bit Windows 10 Pro build 17672
       23 Mar 2016 #3
      My ComputersSystem Spec

  4.    23 Mar 2016 #4

    TairikuOkami said: View Post
    This "trick" does not stop just Locky, but most of the malware and common users are not limited by it.
    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d 0 /f
    I like this! What do I write into either a REG or BAT file that does this? Thanks!
      My ComputerSystem Spec

  5.    23 Mar 2016 #5

    TairikuOkami said: View Post
    This "trick" does not stop just Locky, but most of the malware and common users are not limited by it.

    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d 0 /f
    Sorry I don't completely understand what you wrote. I opened the registry, went to

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings

    With Settings highlighted, on the right side, I created a new DWORD 32-bit and named it Enabled, then gave it a value of 0 (zero). Is that right?
      My ComputerSystem Spec

  6.    23 Mar 2016 #6

    I think I could re-install Windows faster than deploying this 'bag of tricks' properly.
      My ComputerSystem Spec


  7. Posts : 3,207
    10.5 Home 1803 x64
       24 Mar 2016 #7

    RolandJS said: View Post
    I like this! What do I write into either a REG or BAT file that does this? Thanks!
    Into the BAT exactly that line above, into the REG, see bellow.

    TrustMe said: View Post
    With Settings highlighted, on the right side, I created a new DWORD 32-bit and named it Enabled, then gave it a value of 0 (zero). Is that right?
    Yes, that is it.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings]
    "Enabled"=dword:00000000
      My ComputerSystem Spec

  •    24 Mar 2016 #8

    The trick is to have all your personal files (the ones you care about) on a second drive so if you are hit, you can just format and clean install.
      My ComputersSystem Spec


  • Posts : 19,861
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
    Thread Starter
       24 Mar 2016 #9

    swarfega said: View Post
    The trick is to have all your personal files (the ones you care about) on a second drive so if you are hit, you can just format and clean install.
    Yepperz, that's the real trick, getting people to do that BEFORE they get hit
      My ComputerSystem Spec


  •  

    Related Threads
    New feature in Office 2016 can block macros and help prevent infection Source: https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/?platform=hootsuite
    Had malware virus infection, now I'm a Built-in Administrator(?) in AntiVirus, Firewalls and System Security
    Hi all, I suffered an infection yesterday from some soft of Malware/Virus, I believe that I managed to remove the offending program with a bunch of scans from Malwarebytes, SpyBot, AVG, Panda and BitDefender (I went overboard but wanted to make...
    infection? outbound localhost.world to ip 69.197.188.122 in AntiVirus, Firewalls and System Security
    Got an email from someone that reported a antimalware program was reporting outbound localhost.world to ip 69.197.188.122. The warning came when using browsers or some other programs that connected to the net, any idea what this is?
    Solved Taobao infection in AntiVirus, Firewalls and System Security
    Color me embarrassed but I seem to have picked up ........... something. As you can see from my screenshot my Browser has gotten a .....visitor and I can't seem to make it leave. It seems to be a shortcut to Taobao. I've tried scans with...
    Read more: Microsoft updates Windows Defender to remove Superfish infection | ZDNet
    Our Sites
    Site Links
    About Us
    Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

    Designer Media Ltd
    All times are GMT -5. The time now is 14:11.
    Find Us