Windows 10: This bag of tricks may help stop a ransomware infection Solved


  1. Posts : 15,568
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       23 Mar 2016 #1

    This bag of tricks may help stop a ransomware infection


    A malware researcher has found a few tricks to stop one of the latest types of ransomware, called Locky, from infecting a computer without using any security programs.
    This bag of tricks may help stop a ransomware infection | PCWorld
      My ComputerSystem Spec


  2. Posts : 2,674
    Windows 10.4 Home 1703 x64 16288.1000
       23 Mar 2016 #2

    This "trick" does not stop just Locky, but most of the malware and common users are not limited by it.

    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d 0 /f
      My ComputerSystem Spec


  3. Posts : 23,676
    64-bit Windows 10 Pro build 16362
       23 Mar 2016 #3
      My ComputersSystem Spec

  4.    23 Mar 2016 #4

    TairikuOkami said: View Post
    This "trick" does not stop just Locky, but most of the malware and common users are not limited by it.
    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d 0 /f
    I like this! What do I write into either a REG or BAT file that does this? Thanks!
      My ComputerSystem Spec

  5.    23 Mar 2016 #5

    TairikuOkami said: View Post
    This "trick" does not stop just Locky, but most of the malware and common users are not limited by it.

    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d 0 /f
    Sorry I don't completely understand what you wrote. I opened the registry, went to

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings

    With Settings highlighted, on the right side, I created a new DWORD 32-bit and named it Enabled, then gave it a value of 0 (zero). Is that right?
      My ComputerSystem Spec


  6. Posts : 9,011
    Windows 10 Professional
       23 Mar 2016 #6

    I think I could re-install Windows faster than deploying this 'bag of tricks' properly.
      My ComputersSystem Spec


  7. Posts : 2,674
    Windows 10.4 Home 1703 x64 16288.1000
       24 Mar 2016 #7

    RolandJS said: View Post
    I like this! What do I write into either a REG or BAT file that does this? Thanks!
    Into the BAT exactly that line above, into the REG, see bellow.

    TrustMe said: View Post
    With Settings highlighted, on the right side, I created a new DWORD 32-bit and named it Enabled, then gave it a value of 0 (zero). Is that right?
    Yes, that is it.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings]
    "Enabled"=dword:00000000
      My ComputerSystem Spec

  8.    24 Mar 2016 #8

    The trick is to have all your personal files (the ones you care about) on a second drive so if you are hit, you can just format and clean install.
      My ComputersSystem Spec


  9. Posts : 15,568
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
    Thread Starter
       24 Mar 2016 #9

    swarfega said: View Post
    The trick is to have all your personal files (the ones you care about) on a second drive so if you are hit, you can just format and clean install.
    Yepperz, that's the real trick, getting people to do that BEFORE they get hit
      My ComputerSystem Spec


 

Related Threads
New feature in Office 2016 can block macros and help prevent infection Source: https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/?platform=hootsuite
Had malware virus infection, now I'm a Built-in Administrator(?) in AntiVirus, Firewalls and System Security
Hi all, I suffered an infection yesterday from some soft of Malware/Virus, I believe that I managed to remove the offending program with a bunch of scans from Malwarebytes, SpyBot, AVG, Panda and BitDefender (I went overboard but wanted to make...
infection? outbound localhost.world to ip 69.197.188.122 in AntiVirus, Firewalls and System Security
Got an email from someone that reported a antimalware program was reporting outbound localhost.world to ip 69.197.188.122. The warning came when using browsers or some other programs that connected to the net, any idea what this is?
Solved Taobao infection in AntiVirus, Firewalls and System Security
Color me embarrassed but I seem to have picked up ........... something. As you can see from my screenshot my Browser has gotten a .....visitor and I can't seem to make it leave. It seems to be a shortcut to Taobao. I've tried scans with...
Read more: Microsoft updates Windows Defender to remove Superfish infection | ZDNet
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 17:13.
Find Us