Metropolitan Police ransomware - advice requested

Page 1 of 2 12 LastLast

  1. Posts : 17
    Windows 7 Home Premium
       #1

    Metropolitan Police ransomware - advice requested


    Hello and sorry for the cross-post. I didn't get much joy on the General forum.

    Hello,

    I suffered the infamous Metropolitan ransomeware infection today. After a lot of reading and restarts I managed to track down the source of the infection: it was not in HKLM but in HKCU under CurrentVersion.

    To cut a long story short, I did the following (all in Safe Mode):
    1. Found and deleted the infection using Malaware
    2. Found the infected regedit key and removed it
    3. Removed the responsible startup item from msconfig.exe

    Despite all this, the machine kept hanging when I tried to start it up in Normal Mode. So then I resorted to a System Restore at a point about a week ago.

    At first sight, the machine seems to be okay - running a bit slowly and some applications crashing. Eg. Soon after coming back online in Normal Mode, I tried installing Microsoft Security Essentials but it keeps crashing.

    So my question is: should I be concerned that the malware still lives on after the restore? Should I just bite the bullet and do a full OEM recovery?

    Thank you.
      My Computer


  2. Posts : 280
    Windows 7 Professional 64 bit
       #2

    My standard answer to that question is always the same;
    Make sure your backups are up to date. Wipe the drive. Reinstall.
    Some would disagree, but that's just my opinion. I usually find I spend less time with a reinstall than I do with a cleanup, and the reinstall always gets rid of everything evil.

    Just one man's opinion.
      My Computer


  3. Posts : 2,465
    Windows 7 Ultimate x64
       #3

    Generally, I think that, once a Windows installation was affected by a virus and damaged in some serious way, it's better to do a full reinstall (possibly reformat) instead of trying to repair whatever the virus might have done. Not that it's not possible, sure it's doable, but many times it just take more time to try to repair than simply blow off your install and start over.

    The virus itself may have been removed, but any thing that it may have deleted or changed may still be altered. Probably that's the source of problems.
      My Computer


  4. Posts : 233
    Windows 8.1 Pro
       #4

    I always do a format before reinstall, better safe than sorry.
      My Computer


  5. Posts : 431
    Windows 7 Home Premium x64 SP1
       #5

    pricetech said:
    My standard answer to that question is always the same;
    Make sure your backups are up to date. Wipe the drive. Reinstall.
    Some would disagree, but that's just my opinion. I usually find I spend less time with a reinstall than I do with a cleanup, and the reinstall always gets rid of everything evil.

    Just one man's opinion.

    Nope, it's two. Great advice, and the only thing that I would do.
      My Computer


  6. Posts : 8,375
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
       #6

    You may need a little help from a special removal tool designed to remove fake wares. Fakerean removal tool

    Another free security for seeing Windows run normally again once a malware is taken offline would the other older VIPRE Rescue Program This runs from a temp folder without any installation required.

    Both of those are from GFI there while you will still want to run a full security sweep of the drive once you have given each a try. Once you have Windows running normally again try downloading the 30day trial version for VIPRE Internet Security 2012 and run a full system scan.

    Following the system scan turn the System Restore off. That will automatically clear all restore points ruling out any chance of reinfections from any points you have now while typically viruses not fake scam wares would be the thing to see them corrupted. Later you turn that back on and start seeing all new clean restore points created fresh.
      My Computers


  7. Posts : 17
    Windows 7 Home Premium
    Thread Starter
       #7

    Hello,

    I have already done a full system scan with Malwarabytes, Avast and MSE. Malwarebytes caught one infection, Avast none and MSE two. For some reason after I managed to restore my machine to Normal mode, I had to uninstall Avast - it just didn't like co-existing with MSE.

    I will follow all the steps you suggest but then do you suggest that I uninstall MSE and use VIPRE instead?

    Also, is it worth buying the full version of Malwarebytes?

    Thank you.
      My Computer


  8. Posts : 8,375
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
       #8

    The particular flavor of VIPRE is their premium version for that software that will do far more then others like Malwarebytes like offering a firewall as well as web filtering to block out bad sites once malicious code is detected. Sometimes I call it a little "overprotective" at times however.

    The Clam av's free Spyware Terminator would tend to find more data miners when comparing the two. But VIPRE will do quite a bit more if you are looking at going with a paid for program. VIPRE will actually find bugs hidden in an zip or rar files you download posing as utilities which has now only been seen with the Windows 8 Windows Defender(MS SE under a different name included in 8).

    Typically any av program's installer will automatically prompt to see any other av program removed first as part of the installation requirement. VIPRE is no different in that regard. Yet I reinstalled the free version of AVG right after first trying VIPRE out back in May 2010.

    You can try the 30 day full featured trial where they email you an activation code that will expire in that amount of time to give a good look over before deciding on which purchase option.

    The options are for 1, 2, 3yr. one or two pc and even offer a life time license for single pc.
      My Computers


  9. Posts : 17
    Windows 7 Home Premium
    Thread Starter
       #9

    Thank you for the information. On another note, considering I've been through the registry, msconfig and used multiple programs, do you think it's advisable for me to continue using my machine as is?

    Or should I really backup my data and do a full system recovery? I'm a bit conflicted to be.
      My Computer


  10. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #10

    Hi,

    You seem doubtful that you should, so follow your intuition : do a clean OEM install. I would if i was in your shoes.

    Clean Reinstall - Factory OEM Windows 7

    Regards,
    Golden
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:22.
Find Us