Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Metropolitan Police ransomware - advice requested


13 Aug 2012   #1

Windows 7 Home Premium
 
 
Metropolitan Police ransomware - advice requested

Hello and sorry for the cross-post. I didn't get much joy on the General forum.

Hello,

I suffered the infamous Metropolitan ransomeware infection today. After a lot of reading and restarts I managed to track down the source of the infection: it was not in HKLM but in HKCU under CurrentVersion.

To cut a long story short, I did the following (all in Safe Mode):
1. Found and deleted the infection using Malaware
2. Found the infected regedit key and removed it
3. Removed the responsible startup item from msconfig.exe

Despite all this, the machine kept hanging when I tried to start it up in Normal Mode. So then I resorted to a System Restore at a point about a week ago.

At first sight, the machine seems to be okay - running a bit slowly and some applications crashing. Eg. Soon after coming back online in Normal Mode, I tried installing Microsoft Security Essentials but it keeps crashing.

So my question is: should I be concerned that the malware still lives on after the restore? Should I just bite the bullet and do a full OEM recovery?

Thank you.

My System SpecsSystem Spec
.

13 Aug 2012   #2

Windows 7 Professional 64 bit
 
 

My standard answer to that question is always the same;
Make sure your backups are up to date. Wipe the drive. Reinstall.
Some would disagree, but that's just my opinion. I usually find I spend less time with a reinstall than I do with a cleanup, and the reinstall always gets rid of everything evil.

Just one man's opinion.
My System SpecsSystem Spec
13 Aug 2012   #3

Windows 7 Ultimate x64
 
 

Generally, I think that, once a Windows installation was affected by a virus and damaged in some serious way, it's better to do a full reinstall (possibly reformat) instead of trying to repair whatever the virus might have done. Not that it's not possible, sure it's doable, but many times it just take more time to try to repair than simply blow off your install and start over.

The virus itself may have been removed, but any thing that it may have deleted or changed may still be altered. Probably that's the source of problems.
My System SpecsSystem Spec
.


13 Aug 2012   #4

Windows 7 Ultimate 64bit SP1
 
 

I always do a format before reinstall, better safe than sorry.
My System SpecsSystem Spec
13 Aug 2012   #5

Windows 7 Home Premium x64 SP1
 
 

Quote   Quote: Originally Posted by pricetech View Post
My standard answer to that question is always the same;
Make sure your backups are up to date. Wipe the drive. Reinstall.
Some would disagree, but that's just my opinion. I usually find I spend less time with a reinstall than I do with a cleanup, and the reinstall always gets rid of everything evil.

Just one man's opinion.

Nope, it's two. Great advice, and the only thing that I would do.
My System SpecsSystem Spec
13 Aug 2012   #6

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

You may need a little help from a special removal tool designed to remove fake wares. Fakerean removal tool

Another free security for seeing Windows run normally again once a malware is taken offline would the other older VIPRE Rescue Program This runs from a temp folder without any installation required.

Both of those are from GFI there while you will still want to run a full security sweep of the drive once you have given each a try. Once you have Windows running normally again try downloading the 30day trial version for VIPRE Internet Security 2012 and run a full system scan.

Following the system scan turn the System Restore off. That will automatically clear all restore points ruling out any chance of reinfections from any points you have now while typically viruses not fake scam wares would be the thing to see them corrupted. Later you turn that back on and start seeing all new clean restore points created fresh.
My System SpecsSystem Spec
14 Aug 2012   #7

Windows 7 Home Premium
 
 

Hello,

I have already done a full system scan with Malwarabytes, Avast and MSE. Malwarebytes caught one infection, Avast none and MSE two. For some reason after I managed to restore my machine to Normal mode, I had to uninstall Avast - it just didn't like co-existing with MSE.

I will follow all the steps you suggest but then do you suggest that I uninstall MSE and use VIPRE instead?

Also, is it worth buying the full version of Malwarebytes?

Thank you.
My System SpecsSystem Spec
14 Aug 2012   #8

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

The particular flavor of VIPRE is their premium version for that software that will do far more then others like Malwarebytes like offering a firewall as well as web filtering to block out bad sites once malicious code is detected. Sometimes I call it a little "overprotective" at times however.

The Clam av's free Spyware Terminator would tend to find more data miners when comparing the two. But VIPRE will do quite a bit more if you are looking at going with a paid for program. VIPRE will actually find bugs hidden in an zip or rar files you download posing as utilities which has now only been seen with the Windows 8 Windows Defender(MS SE under a different name included in 8).

Typically any av program's installer will automatically prompt to see any other av program removed first as part of the installation requirement. VIPRE is no different in that regard. Yet I reinstalled the free version of AVG right after first trying VIPRE out back in May 2010.

You can try the 30 day full featured trial where they email you an activation code that will expire in that amount of time to give a good look over before deciding on which purchase option.

The options are for 1, 2, 3yr. one or two pc and even offer a life time license for single pc.
My System SpecsSystem Spec
14 Aug 2012   #9

Windows 7 Home Premium
 
 

Thank you for the information. On another note, considering I've been through the registry, msconfig and used multiple programs, do you think it's advisable for me to continue using my machine as is?

Or should I really backup my data and do a full system recovery? I'm a bit conflicted to be.
My System SpecsSystem Spec
14 Aug 2012   #10

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64
 
 

Hi,

You seem doubtful that you should, so follow your intuition : do a clean OEM install. I would if i was in your shoes.

Clean Reinstall - Factory OEM Windows 7

Regards,
Golden
My System SpecsSystem Spec
Reply

 Metropolitan Police ransomware - advice requested




Thread Tools



Similar help and support threads for2: Metropolitan Police ransomware - advice requested
Thread Forum
Trojan Ransomware Police Central e-crime Unit System Security
Is a 1 TB partition too big? Advice on re-partitioning requested Installation & Setup
Solved Your computer is locked. Metropolitan police General Discussion
New build advice requested PC Custom Builds and Overclocking
Solved Advice Requested on New Laptop Choice Hardware & Devices
Advice on a new Graphics Card Requested. Graphic Cards
Some advice requested... xD Chillout Room

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:39 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33