Page 2 of 3 FirstFirst 123 LastLast
  1.    29 Mar 2016 #11
    Join Date : Oct 2014
    Posts : 2,499
    W10 Pro + W10 Preview

    Useful ways to find and remove ransomware highjackers.
    If only page captured disconnect router, delete offending page, reconnect router.

    If encrypted by ransomware the following options are available.
    Ctrl + Shift + Esc together will open Task Manager, in Processes find the intruder, write down the name for future reference, right click on it to kill process and also open file location to delete.

    Windows Logo + R opens Run box where you can open Regedit and Msconfig, both offering access to the infection.

    By looking in Hidden Files and Folders will again reveal intrusions.

    If you have previously created a Restore Point then you can reset.
      My ComputersSystem Spec
  2.    29 Mar 2016 #12

    Hi there

    Macrium Reflect -- decent bootable restore image will kill any of this nonsense. Another reason for taking REGULAR BACKUPS !!!!!!!!. Keep a few versions so you don't restore a version with the ransomware still on the system.

    This type of SCAM is so old hat I'm surprised people are still getting caught by it --- NEVER pay any money and forward any emails / phone recordings to Police or whoever is the Fraud regulator in your jurisdiction.

    For recording phonecalls -- this (albeit slightly expensive system) from the UK is one of the best -- if not the best that I've ever come across.

    http://www.dstele.com/truecallcallscreening

    Cheers
    jimbo
      My ComputerSystem Spec
  3.    29 Mar 2016 #13
    Join Date : Aug 2015
    Raleigh, NC, USA
    Posts : 1,759
    Windows 10 Pro x64

    Quote Originally Posted by dmex View Post
    Yes. If you installed Windows via UEFI then that ransomware doesn't do anything since EFI doesn't use boot sectors such as the MBR and uses a EFI file located on the partition. It also helps to have Secure Boot enabled since that also prevents any tampering with the EFI files.
    If it's true that UEFI systems are impervious to ransomware, isn't that the most logical protection for any OS that supports it? Since I have no need for partition setups that MBR can't accommodate, I've avoided switching to GPT to save the extra space it needs. But shielding against ransomware seems to be a strong reason for making the change.
      My ComputersSystem Spec
  4.    29 Mar 2016 #14
    Join Date : Feb 2015
    Left coast but not a progressive liberal
    Posts : 964
    dual boot W10 10586th2/14291 rs1 Win. Insider since Jan. 2015

    Quote Originally Posted by COMPUTIAC View Post

    Thanks for the heads up folks .........I Just scored beta 6 there @ the link above after a Google search inquiry

    No UEFI here.... I didn't want to fool around with all that GPT partitioning on the one PC here that can use it (the HP Elitebook ) the other three desktops are regular CMOS legacy Bios.

    OTOH all this makes a good argument for UEFI mainboards .
      My ComputerSystem Spec
  5.    29 Mar 2016 #15
    Join Date : Feb 2015
    Left coast but not a progressive liberal
    Posts : 964
    dual boot W10 10586th2/14291 rs1 Win. Insider since Jan. 2015

    Quote Originally Posted by dencal View Post
    Useful ways to find and remove ransomware highjackers.
    If only page captured disconnect router, delete offending page, reconnect router.

    If encrypted by ransomware the following options are available.
    Ctrl + Shift + Esc together will open Task Manager, in Processes find the intruder, write down the name for future reference, right click on it to kill process and also open file location to delete.

    Windows Logo + R opens Run box where you can open Regedit and Msconfig, both offering access to the infection.

    By looking in Hidden Files and Folders will again reveal intrusions.

    If you have previously created a Restore Point then you can reset.
    Thanks for all that ..I've done the regedit and hidden file hunt before and some of the usual one time use cleaners for the big nasties (mostly on OP boxes ) outside of some toolbar hijackers and unwanted Crapafee shields from legitimate downloads [ like Flash @Adobe ] on my boxes before Chrome Pepperflash ....and so on if I didn't uncheck the right tix box .

    .I never been stupid or unlucky enough to get all that hijacked so far . I copied and pasted all that into my Windows 10 tips folder that will be included in my regular back ups outside this OS of in case somebody can use it or I forget but I shouldn't it's good to know and fairly simple and routine outside the newbies .

    FWIW (so far this works here ) ....when I see a ransomware looking or any dodgy redirect ....I kill the browser app & processes in Taskman ,relaunch the browser and go on about my business
      My ComputerSystem Spec
  6.    29 Mar 2016 #16
    Join Date : Feb 2015
    Left coast but not a progressive liberal
    Posts : 964
    dual boot W10 10586th2/14291 rs1 Win. Insider since Jan. 2015

    Quote Originally Posted by jimbo45 View Post
    Hi there

    Macrium Reflect -- decent bootable restore image will kill any of this nonsense. Another reason for taking REGULAR BACKUPS !!!!!!!!. Keep a few versions so you don't restore a version with the ransomware still on the system.

    This type of SCAM is so old hat I'm surprised people are still getting caught by it --- NEVER pay any money and forward any emails / phone recordings to Police or whoever is the Fraud regulator in your jurisdiction.

    For recording phonecalls -- this (albeit slightly expensive system) from the UK is one of the best -- if not the best that I've ever come across.

    http://www.dstele.com/truecallcallscreening

    Cheers
    jimbo
    right .........a good clean back up is a sure thing
      My ComputerSystem Spec
  7.    29 Mar 2016 #17

    Quote Originally Posted by dmex View Post
    Yes. If you installed Windows via UEFI then that ransomware doesn't do anything since EFI doesn't use boot sectors such as the MBR and uses a EFI file located on the partition. It also helps to have Secure Boot enabled since that also prevents any tampering with the EFI files.
    Thanks.. for reassuring

    I do use UEFI with the secure boot. I used UEFI originally because it handles the 2TB hard drive limit when using MBR. I do have a couple of 3 & 4 TB drives. Such a hassle getting them usable in an MBR system.
      My ComputerSystem Spec
  8.    24 Apr 2016 #18
    Join Date : Nov 2015
    Ohio
    Posts : 461
    Windows 10.0.16299.19 (1709) Home 64-bit

    My laptop uses UEFI and Secure Boot is enabled by default. Does that mean that I don't need to worry about ransomware?
      My ComputerSystem Spec
  9.    24 Apr 2016 #19
    Join Date : Oct 2014
    Posts : 1,555
    W7 32 bit, Linux Mint Xfce 18 64 bit

    So if you enable UEFI without secure boot, you could still be protected and even use windows 7 64 bit and Linux 64 bit systems?
      My ComputerSystem Spec
  10.    25 Apr 2016 #20
    Join Date : Dec 2014
    Posts : 437
    Windows 10 Pro x64

    UEFI and secure boot will not protect you against ransomware. All they need to do is gain access to your system and encrypt your precious files. They don't need to encrypt the MBR.

    Offline backups will protect you.
      My ComputerSystem Spec

 
Page 2 of 3 FirstFirst 123 LastLast


Similar Threads
Thread Forum
Windows Update Overwrites new files with old ones.
So I installed windows 10 earlier this week, I believe the 7th of February. The system moves all my files into windows.old. I retrieve my vital files (mostly current projects and some game files) and marvel at how much faster my computer seems to...
Windows Updates and Activation
Solved Can't re-establish Master Boot Record on my Windows 10 Boot drive
I'm perplexed and frustrated. I have a legacy 64 bit dual core desktop (ASUS mobo). I have several Sata hard drives in it with the 4th partition of my 1 Terabyte drive containing my Windows 10 Professional boot OS. After converting another...
Installation and Upgrade
Window 10 ver 1511 overwrites device drivers - need to reinstall
The original upgrade of my Samsung Q330 laptop from W7 to W10 wiped some of the device drivers, and required the following A physical change of wifi card, since the Broadcom card was incompatible with W10 Reinstallation of the Synaptics...
General Support
Something nasty in my tech preview
I have had a copy of the technical preview since the beginning, using WD and the free Malwarebytes with no problems up till last night. My home page on Edge is Sky.com which has my email and news, and I was looking through the many news items when a...
AntiVirus, Firewalls and System Security
'Nasty' Reg Hack
There's another registry hack floating around the internet for W10TP called 'Experimental Login' DO NOT try it, there's a darn good chance you won't be able to log back in after a restart or clean start. It's a big PITA! 11523
Customization
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 12:46.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums