Windows 10: Nasty ransomware overwrites your PC's master boot record

Page 2 of 3 FirstFirst 123 LastLast

  1. Posts : 2,297
    W10 Pro + W10 Preview
       29 Mar 2016 #11

    Useful ways to find and remove ransomware highjackers.
    If only page captured disconnect router, delete offending page, reconnect router.

    If encrypted by ransomware the following options are available.
    Ctrl + Shift + Esc together will open Task Manager, in Processes find the intruder, write down the name for future reference, right click on it to kill process and also open file location to delete.

    Windows Logo + R opens Run box where you can open Regedit and Msconfig, both offering access to the infection.

    By looking in Hidden Files and Folders will again reveal intrusions.

    If you have previously created a Restore Point then you can reset.
      My ComputersSystem Spec

  2.    29 Mar 2016 #12

    Hi there

    Macrium Reflect -- decent bootable restore image will kill any of this nonsense. Another reason for taking REGULAR BACKUPS !!!!!!!!. Keep a few versions so you don't restore a version with the ransomware still on the system.

    This type of SCAM is so old hat I'm surprised people are still getting caught by it --- NEVER pay any money and forward any emails / phone recordings to Police or whoever is the Fraud regulator in your jurisdiction.

    For recording phonecalls -- this (albeit slightly expensive system) from the UK is one of the best -- if not the best that I've ever come across.

    http://www.dstele.com/truecallcallscreening

    Cheers
    jimbo
      My ComputerSystem Spec

  3.    29 Mar 2016 #13

    dmex said: View Post
    Yes. If you installed Windows via UEFI then that ransomware doesn't do anything since EFI doesn't use boot sectors such as the MBR and uses a EFI file located on the partition. It also helps to have Secure Boot enabled since that also prevents any tampering with the EFI files.
    If it's true that UEFI systems are impervious to ransomware, isn't that the most logical protection for any OS that supports it? Since I have no need for partition setups that MBR can't accommodate, I've avoided switching to GPT to save the extra space it needs. But shielding against ransomware seems to be a strong reason for making the change.
      My ComputersSystem Spec


  4. Posts : 964
    dual boot W10 10586th2/14291 rs1 Win. Insider since Jan. 2015
       29 Mar 2016 #14


    Thanks for the heads up folks .........I Just scored beta 6 there @ the link above after a Google search inquiry

    No UEFI here.... I didn't want to fool around with all that GPT partitioning on the one PC here that can use it (the HP Elitebook ) the other three desktops are regular CMOS legacy Bios.

    OTOH all this makes a good argument for UEFI mainboards .
      My ComputerSystem Spec


  5. Posts : 964
    dual boot W10 10586th2/14291 rs1 Win. Insider since Jan. 2015
       29 Mar 2016 #15

    dencal said: View Post
    Useful ways to find and remove ransomware highjackers.
    If only page captured disconnect router, delete offending page, reconnect router.

    If encrypted by ransomware the following options are available.
    Ctrl + Shift + Esc together will open Task Manager, in Processes find the intruder, write down the name for future reference, right click on it to kill process and also open file location to delete.

    Windows Logo + R opens Run box where you can open Regedit and Msconfig, both offering access to the infection.

    By looking in Hidden Files and Folders will again reveal intrusions.

    If you have previously created a Restore Point then you can reset.
    Thanks for all that ..I've done the regedit and hidden file hunt before and some of the usual one time use cleaners for the big nasties (mostly on OP boxes ) outside of some toolbar hijackers and unwanted Crapafee shields from legitimate downloads [ like Flash @Adobe ] on my boxes before Chrome Pepperflash ....and so on if I didn't uncheck the right tix box .

    .I never been stupid or unlucky enough to get all that hijacked so far . I copied and pasted all that into my Windows 10 tips folder that will be included in my regular back ups outside this OS of in case somebody can use it or I forget but I shouldn't it's good to know and fairly simple and routine outside the newbies .

    FWIW (so far this works here ) ....when I see a ransomware looking or any dodgy redirect ....I kill the browser app & processes in Taskman ,relaunch the browser and go on about my business
      My ComputerSystem Spec


  6. Posts : 964
    dual boot W10 10586th2/14291 rs1 Win. Insider since Jan. 2015
       29 Mar 2016 #16

    jimbo45 said: View Post
    Hi there

    Macrium Reflect -- decent bootable restore image will kill any of this nonsense. Another reason for taking REGULAR BACKUPS !!!!!!!!. Keep a few versions so you don't restore a version with the ransomware still on the system.

    This type of SCAM is so old hat I'm surprised people are still getting caught by it --- NEVER pay any money and forward any emails / phone recordings to Police or whoever is the Fraud regulator in your jurisdiction.

    For recording phonecalls -- this (albeit slightly expensive system) from the UK is one of the best -- if not the best that I've ever come across.

    http://www.dstele.com/truecallcallscreening

    Cheers
    jimbo
    right .........a good clean back up is a sure thing
      My ComputerSystem Spec

  7.    29 Mar 2016 #17

    dmex said: View Post
    Yes. If you installed Windows via UEFI then that ransomware doesn't do anything since EFI doesn't use boot sectors such as the MBR and uses a EFI file located on the partition. It also helps to have Secure Boot enabled since that also prevents any tampering with the EFI files.
    Thanks.. for reassuring

    I do use UEFI with the secure boot. I used UEFI originally because it handles the 2TB hard drive limit when using MBR. I do have a couple of 3 & 4 TB drives. Such a hassle getting them usable in an MBR system.
      My ComputerSystem Spec


  8. Posts : 450
    Windows 10.0.14393 (1607) Home 64-bit
       24 Apr 2016 #18

    My laptop uses UEFI and Secure Boot is enabled by default. Does that mean that I don't need to worry about ransomware?
      My ComputerSystem Spec


  9. Posts : 1,551
    W7 32 bit, Linux Mint Xfce 18 64 bit
       24 Apr 2016 #19

    So if you enable UEFI without secure boot, you could still be protected and even use windows 7 64 bit and Linux 64 bit systems?
      My ComputerSystem Spec

  10.    25 Apr 2016 #20

    UEFI and secure boot will not protect you against ransomware. All they need to do is gain access to your system and encrypt your precious files. They don't need to encrypt the MBR.

    Offline backups will protect you.
      My ComputerSystem Spec


 
Page 2 of 3 FirstFirst 123 LastLast

Related Threads
Windows Update Overwrites new files with old ones. in Windows Updates and Activation
So I installed windows 10 earlier this week, I believe the 7th of February. The system moves all my files into windows.old. I retrieve my vital files (mostly current projects and some game files) and marvel at how much faster my computer seems to...
I'm perplexed and frustrated. I have a legacy 64 bit dual core desktop (ASUS mobo). I have several Sata hard drives in it with the 4th partition of my 1 Terabyte drive containing my Windows 10 Professional boot OS. After converting another...
The original upgrade of my Samsung Q330 laptop from W7 to W10 wiped some of the device drivers, and required the following A physical change of wifi card, since the Broadcom card was incompatible with W10 Reinstallation of the Synaptics...
Something nasty in my tech preview in AntiVirus, Firewalls and System Security
I have had a copy of the technical preview since the beginning, using WD and the free Malwarebytes with no problems up till last night. My home page on Edge is Sky.com which has my email and news, and I was looking through the many news items when a...
'Nasty' Reg Hack in Customization
There's another registry hack floating around the internet for W10TP called 'Experimental Login' DO NOT try it, there's a darn good chance you won't be able to log back in after a restart or clean start. It's a big PITA! 11523

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:17.
Find Us