Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows Backup Not Working + Ransom Malware problem


12 Jul 2012   #1

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Windows Backup Not Working + Ransom Malware problem

Hi fellas...
Two related questions I'd appreciate help on.
I'm running Windows 7 Home Premium (64-bit), 8Gb RAM, which has been running perfectly for nearly a year.
Firefox has always been my browser of choice.
I use the add-on 'AdBlock Plus' among others in FF. This blocks out ads on sites.

I have two 500Gb hard drives in my system.
Disc 0: System Reserved 100Mb + D: drive (System, Active, Primary Partition)
Disc 1: C: Drive - (Boot, Page File, Crash Dump, Primary Partition)

In all my computing life, I've always been careful re: virus blocking etc and have never been hit by a virus or malware that hasn't been detected well in advance by my system's defences whether in XP or Windows 7 - till now, that is!

However, a few days ago I was suddenly hit by 'ransom malware' which hijacked my system, covering the monitor screen completely,demanding payment etc. to 'unlock'.
Of course, I ignored it for the clear scam that it was.

I restarted my computer in Safe Mode and using CCleaner noticed and deleted an unknown 'exe' file.
'Msconfig' did not appear to be compromised via Start Up tab.
I then flushed DNS and cleared Prefetch. That seemed to do the trick, the system started again as normal.

Just to be on the safe side, I decided to do a Windows System Restore to a previous date (if only I'd chosen Paragon!!...read on...)
The restore ran perfectly. Next stage, as you'll know, is a restart...but my computer then just refused to start normally. Never had that problem before...

I couldn't get into Safe Mode (via the F8 key) again or do anything to remedy the situation.
Any selection I chose: 'Last Known Good Configuration', 'Safe Mode' etc just went into the interminable Startup Repair mode that purported to 'fix any problems it found'. All it did was tell me..finally...that it couldn't fix anything! Thanks Microsoft!

Now, my normal procedure before any backup is to run a full system scan using my up-to-date Avast Anti-Virus and Malwarebytes.
Assuming these run perfectly, I then do the backup.

I run TWO backups: one via Windows Backup & Restore and one using the system image software 'Paragon'.
Both of these have worked perfectly before now.
Had I been able to get into Safe Mode, I could've run the Paragon image but....well, see above.

I tried loading my System Repair disc but it simply wouldn't load either.
If I restarted the computer, all it did was automatically go to Start Up Repair again with the same result!

After endless frustration, I was forced to take the computer to where I bought it (custom built by local shop).
They told me a crucial Windows boot file had been, as they put it, 'obliterated' and was the reason the damn thing wouldn't start. They couldn't tell me why that had happened.
Whether the malware did the obliterating I do not know. Again they could only guess at the reason.

Anyway, they reinstalled Windows. I considered leaving the C: drive completely 'clean' and then going through the process of installing all other software.
However, since I didn't know for certain what had actually caused the malware to 'enter', I instructed them to go to a past Paragon image (which was now possible) and restore from there.
So far, then, so good. All is back to 'normal'.

However, when I went to do fresh backups as before, the Paragon backup image ran perfectly but the Windows backup, just wouldn't complete.
It registered an error code: '0x81000002'...Your last backup did not complete successfully...'

Now my questions:
1. Since it appears this backup problem is a known issue (without a straight solution as far as I can see) should I just ditch Windows backup altogether and stick to the reliable system image of Paragon?

2. As I said, I use Avast + Malwarebytes and also have Spyware Blaster running.
Yet clearly this 'ransom malware' managed to get through all of the above.

So, can anyone recommend any other software that might sit 'real-time' and defend me even more from such scumbag malware...or is that just a flight of fancy?

Any other suggestions on what I should have done or indeed should do if this ever happens again?

Many thanks for your patience


My System SpecsSystem Spec
.

12 Jul 2012   #2

Windows 7 Pro. 64/SP-1
 
 

I can't tell you what is the best that is your choice. I can tell you what I use with success. MSE, MAM Pro both active and they play well together.
I use SAS on demand and Filehippo Update Checker on demand to check for updates needed in things like Adobe, Jave ect.
Hope this helps.
My System SpecsSystem Spec
13 Jul 2012   #3

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Hi Layback...thanks for taking time to reply.
Can't say I've ever heard of MSE, MAM Pro etc...
Could you clarify:
1. Their FULL names and what they actually do?
2. Suggest where I could get hold of them?
Many thanks
My System SpecsSystem Spec
.


13 Jul 2012   #4

Microsoft Community Contributor Award Recipient

Vista x64 / 7 X64
 
 

I think he means mbam pro - you already use mbam.

The other is Microsoft Security Essentials - a free basic a/v from Microsoft.

Avast and malwarebytes you are already using is about as good as you can get.

None of them are 100% perfect.
My System SpecsSystem Spec
13 Jul 2012   #5

Windows 7 Pro. 64/SP-1
 
 

Malwarebytes Anti Malware PRO (MAM) Malwarebytes is one word. (M)
Microsoft Security Essentials (MSE)
Sorry, I didn't mean to create confusion.
My System SpecsSystem Spec
13 Jul 2012   #6

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Hi fellas...thanks for the clarification...
Never used Microsoft Security Essentials...Recommended??...
Problem is I've used Avast antivirus for ages and found that excellent.
To use MSE, I'd have to ditch Avast since they would conflict. I don't fancy relying solely on Microsoft!
So, to recap:
1) regarding malware protection, I seem to already have as SIW2 says 'as good as it gets'.

How the hell then did they fail to protect against this scumbag ransom malware?

Is 'real-time' Malwarebytes Pro a good product or not much better than the 'free' version?

2) Backup: anyone any idea how I can sort out Windows error: '0x81000002'...Your last backup did not complete successfully...'

Or: just stick with Paragon and ignore Window backup altogether...yes/no?

Regards
My System SpecsSystem Spec
13 Jul 2012   #7

Windows 7 Pro. 64/SP-1
 
 

MAM Pro monitors actively just like your anti virus. Every now and then it does block a site. What it mounts to is I have three things active. The built in Windows 7 firewall, MSE, and MAM Pro. It works for me. You made your own point. How did you get infected.
My System SpecsSystem Spec
14 Jul 2012   #8

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Thanks again, LB....
How did I get infected?...I wish to hell I knew!
As I said, I'm normally very careful about security.
Don't know if you ever use Shields Up! to test your system on occasion. 'Good-guy' site...tries to find vulnerabilities etc.
It's always given mine the 'thumbs up', saying my computer is nicely hidden from view on the web! Go figure...

One thing I did realise and it may have zero bearing on this: normally, I don't show 'hidden files' (Explorer: Tools>Folders Options>View>Show/Don't Show Hidden files/folders.

However, I'm almost certain I allowed files/folders to be shown for some reason recently and forgot to hide them again.
Reason? I noticed an 'exe' file I didn't recognise App Data>Local Roaming...
This could have been the malware. If that's so, then it might be worth flagging up to people that it's best to keep files/folders hidden unless needed, then hiding them again...Yes/no?
Using CCleaner and the other methods I used as above seemed to get rid of it, though.

So, I'm still in the dark as to why this all happened...Just want to ensure I don't have to go through this again and that my experiences might be of some interest or help to others.

Been reading up on 'Ransomware' as it's now called...seems to be spreading like wildfire again after ceasing to be the con of choice for scammers...
Presumably it's either very sophisticated or just knows which vulnerabilities to exploit in Windows 7.

By the way, and this is why I'm wary about Microsoft and using MS Essentials, all my so-called Security updates etc were bang up to date..so clearly the malware just laughed at those!

Still no comment on the '0x81000002'...Your last backup did not complete successfully...' question, anyone?

Regards
My System SpecsSystem Spec
14 Jul 2012   #9

Microsoft Community Contributor Award Recipient

Vista x64 / 7 X64
 
 

Are you using win sys img to backup C onto D?

It won't like that because D is system.
My System SpecsSystem Spec
15 Jul 2012   #10

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Hi SIW2...thanks for taking time to reply.

I've just realised the shop has 'changed' things around a little from what I had, though I'm damned if I can remember the original 'arrangement' of drives etc

D: drive as you say contains system...I'm 'almost' certain it was C: before the change (????)

I know I can change drive letters via Disk Management...but now I'm a little confused as to exactly what to change so that backup will work...

Again, at present I have:

DISK 0 = DRIVE D: 465Gb = Healthy (System, Active, Primary Partition) + System Reserved (100 Mb)

DISK 1 = DRIVE C: 465Gb = Healthy (Boot, Page File, Crash Dump, Primary Partition)

As I said, I can't recall exactly what I had before...all I know is Backup worked every time with that arrangement!

When you get a moment, can you give me an idiot-proof guide as to what needs changing?

Many thanks
My System SpecsSystem Spec
Reply

 Windows Backup Not Working + Ransom Malware problem




Thread Tools



Similar help and support threads for2: Windows Backup Not Working + Ransom Malware problem
Thread Forum
Malware Attacked on Windows 7 and WDO Also not working on Boot General Discussion
Continuous Bluescreens after removal of Ransom Malware BSOD Help and Support
New Trojan Malware Encrypts All Files, Demands Ransom Security News
Solved Windows Backup Not Working Backup and Restore
Windows Backup Stopped Working Backup and Restore
Malware and Backup Backup and Restore
Windows xp Problem Malware System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:03 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33