|12 Jul 2012||#1|
Windows Backup Not Working + Ransom Malware problem
Two related questions I'd appreciate help on.
I'm running Win7 Home Premium (64-bit), 8Gb RAM, which has been running perfectly for nearly a year.
Firefox has always been my browser of choice.
I use the add-on 'AdBlock Plus' among others in FF. This blocks out ads on sites.
I have two 500Gb hard drives in my system.
Disc 0: System Reserved 100Mb + D: drive (System, Active, Primary Partition)
Disc 1: C: Drive - (Boot, Page File, Crash Dump, Primary Partition)
In all my computing life, I've always been careful re: virus blocking etc and have never been hit by a virus or malware that hasn't been detected well in advance by my system's defences whether in XP or Win7 - till now, that is!
However, a few days ago I was suddenly hit by 'ransom malware' which hijacked my system, covering the monitor screen completely,demanding payment etc. to 'unlock'.
Of course, I ignored it for the clear scam that it was.
I restarted my computer in Safe Mode and using CCleaner noticed and deleted an unknown 'exe' file.
'Msconfig' did not appear to be compromised via Start Up tab.
I then flushed DNS and cleared Prefetch. That seemed to do the trick, the system started again as normal.
Just to be on the safe side, I decided to do a Windows System Restore to a previous date (if only I'd chosen Paragon!!...read on...)
The restore ran perfectly. Next stage, as you'll know, is a restart...but my computer then just refused to start normally. Never had that problem before...
I couldn't get into Safe Mode (via the F8 key) again or do anything to remedy the situation.
Any selection I chose: 'Last Known Good Configuration', 'Safe Mode' etc just went into the interminable Startup Repair mode that purported to 'fix any problems it found'. All it did was tell me..finally...that it couldn't fix anything! Thanks Microsoft!
Now, my normal procedure before any backup is to run a full system scan using my up-to-date Avast Anti-Virus and Malwarebytes.
Assuming these run perfectly, I then do the backup.
I run TWO backups: one via Windows Backup & Restore and one using the system image software 'Paragon'.
Both of these have worked perfectly before now.
Had I been able to get into Safe Mode, I could've run the Paragon image but....well, see above.
I tried loading my System Repair disc but it simply wouldn't load either.
If I restarted the computer, all it did was automatically go to Start Up Repair again with the same result!
After endless frustration, I was forced to take the computer to where I bought it (custom built by local shop).
They told me a crucial Windows boot file had been, as they put it, 'obliterated' and was the reason the damn thing wouldn't start. They couldn't tell me why that had happened.
Whether the malware did the obliterating I do not know. Again they could only guess at the reason.
Anyway, they reinstalled Windows. I considered leaving the C: drive completely 'clean' and then going through the process of installing all other software.
However, since I didn't know for certain what had actually caused the malware to 'enter', I instructed them to go to a past Paragon image (which was now possible) and restore from there.
So far, then, so good. All is back to 'normal'.
However, when I went to do fresh backups as before, the Paragon backup image ran perfectly but the Windows backup, just wouldn't complete.
It registered an error code: '0x81000002'...Your last backup did not complete successfully...'
Now my questions:
1. Since it appears this backup problem is a known issue (without a straight solution as far as I can see) should I just ditch Windows backup altogether and stick to the reliable system image of Paragon?
2. As I said, I use Avast + Malwarebytes and also have Spyware Blaster running.
Yet clearly this 'ransom malware' managed to get through all of the above.
So, can anyone recommend any other software that might sit 'real-time' and defend me even more from such scumbag malware...or is that just a flight of fancy?
Any other suggestions on what I should have done or indeed should do if this ever happens again?
Many thanks for your patience
|My System Specs|
|12 Jul 2012||#2|
I can't tell you what is the best that is your choice. I can tell you what I use with success. MSE, MAM Pro both active and they play well together.
I use SAS on demand and Filehippo Update Checker on demand to check for updates needed in things like Adobe, Jave ect.
Hope this helps.
|My System Specs|
|13 Jul 2012||#6|
Hi fellas...thanks for the clarification...
Never used Microsoft Security Essentials...Recommended??...
Problem is I've used Avast antivirus for ages and found that excellent.
To use MSE, I'd have to ditch Avast since they would conflict. I don't fancy relying solely on Microsoft!
So, to recap:
1) regarding malware protection, I seem to already have as SIW2 says 'as good as it gets'.
How the hell then did they fail to protect against this scumbag ransom malware?
Is 'real-time' Malwarebytes Pro a good product or not much better than the 'free' version?
2) Backup: anyone any idea how I can sort out Windows error: '0x81000002'...Your last backup did not complete successfully...'
Or: just stick with Paragon and ignore Window backup altogether...yes/no?
|My System Specs|
|14 Jul 2012||#8|
Thanks again, LB....
How did I get infected?...I wish to hell I knew!
As I said, I'm normally very careful about security.
Don't know if you ever use Shields Up! to test your system on occasion. 'Good-guy' site...tries to find vulnerabilities etc.
It's always given mine the 'thumbs up', saying my computer is nicely hidden from view on the web! Go figure...
One thing I did realise and it may have zero bearing on this: normally, I don't show 'hidden files' (Explorer: Tools>Folders Options>View>Show/Don't Show Hidden files/folders.
However, I'm almost certain I allowed files/folders to be shown for some reason recently and forgot to hide them again.
Reason? I noticed an 'exe' file I didn't recognise App Data>Local Roaming...
This could have been the malware. If that's so, then it might be worth flagging up to people that it's best to keep files/folders hidden unless needed, then hiding them again...Yes/no?
Using CCleaner and the other methods I used as above seemed to get rid of it, though.
So, I'm still in the dark as to why this all happened...Just want to ensure I don't have to go through this again and that my experiences might be of some interest or help to others.
Been reading up on 'Ransomware' as it's now called...seems to be spreading like wildfire again after ceasing to be the con of choice for scammers...
Presumably it's either very sophisticated or just knows which vulnerabilities to exploit in Windows 7.
By the way, and this is why I'm wary about Microsoft and using MS Essentials, all my so-called Security updates etc were bang up to date..so clearly the malware just laughed at those!
Still no comment on the '0x81000002'...Your last backup did not complete successfully...' question, anyone?
|My System Specs|
|15 Jul 2012||#10|
Hi SIW2...thanks for taking time to reply.
I've just realised the shop has 'changed' things around a little from what I had, though I'm damned if I can remember the original 'arrangement' of drives etc
D: drive as you say contains system...I'm 'almost' certain it was C: before the change (????)
I know I can change drive letters via Disk Management...but now I'm a little confused as to exactly what to change so that backup will work...
Again, at present I have:
DISK 0 = DRIVE D: 465Gb = Healthy (System, Active, Primary Partition) + System Reserved (100 Mb)
DISK 1 = DRIVE C: 465Gb = Healthy (Boot, Page File, Crash Dump, Primary Partition)
As I said, I can't recall exactly what I had before...all I know is Backup worked every time with that arrangement!
When you get a moment, can you give me an idiot-proof guide as to what needs changing?
|My System Specs|
|Thread Tools||Search this Thread|
|Similar help and support threads|
http://zge.smogvarletrywingding.com/ ransom malware not found by MSSE
Stepped in something yesterday or this morning. When I click links within any page I get a barrage of pop ups with this: (link removed) plus a string of numbers and letter paralyze Firefox and kill Chrome with a red screen demanding I hit a dialog box. Ad blocker works to blank out all but the red...
Malware Attacked on Windows 7 and WDO Also not working on Boot
Recenlty, Some Malware has attacked on my Laptop. I tried using windows defender offline through USB to work on Boot. But I get wondows Boot Manager page opened which stats that not able to Boot due to some error in wondows... I can though start the windows and open explrer.. but I get error...
Continuous Bluescreens after removal of Ransom Malware
I appologise, I am not very good at these kinds of things, introductions aside. After I removed a Ransom Malware via Malware Bytes I continue to get bluescreens reading that a change in the critical system code or data was detected, after multiple programs trying to find a virus or something that...
|BSOD Help and Support|
Malware and Backup
When I bought my computer it came with a free subscription to Mcafee Anti Virus. I used it and was happy with it. When I decided to switch to Microsoft Security Essentials, I made a full scan and to my surprise I found 6 malware and one Trojan. I quickly put them into quarrantine. Although, I...
|Backup and Restore|
Windows xp Problem Malware
The problem I have is on my xp computer. It all started today morning, my dad went on the computer and then he left. I went on the computer and I saw that there was a security windows update.So I clicked download, but I think I ended up downloading "Antimalware doctor". The program itself is a...
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd
All times are GMT -5. The time now is 06:39.