Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: A ransomware recovery routine from Sevenforums

08 Oct 2016   #1
loninappleton

Windows 7 x64 Ultimate
 
 
A ransomware recovery routine from Sevenforums

Is there a ransom ware routine at Sevenforums?

I keep a backup disk and simply changed one out when it happened today.
But there was an audio message and some other screen telling me all the nasty things
they wanted to do to me.

The message returned at reboot and the whole system seemed captured and unsable. I wiped the disk with my backup as a clone job.


My System SpecsSystem Spec
.
08 Oct 2016   #2
RolandJS

Windows 7 Professional 64-bit
 
 

There is a forum concerning ransomware within BleepingComputers.com -- I recommend trying there. If you do, simply acknowledge in this thread that you are "moving" the problem over into bleepingcomputer.com
My System SpecsSystem Spec
08 Oct 2016   #3
Barman58

Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu
 
 

Just to add to Roland's suggestion - Bleeping computer provide a totally free service which is highly tailored to a particular system, because of this please join and post asking for help with your issue. They will provide a solution for this issue only, not a "catchall" for all issue. Never follow instuctions given for another user's issue, even if it seems identical to your own, as this may lead to other major issues

They do of course have forum threads where recommended system usage policy is discussed and these areas may be most useful for planning how you go forward from here
My System SpecsSystem Spec
.

08 Oct 2016   #4
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Hi,
More information might be nice
What security do you use is the first basic information plus what have you ever used ?
Where do you download stuff from and what is the last items you've downloaded ?

Scanners are a dime a dozen adwcleaner/ malwarebytes/... are usually the first couple to try.
My System SpecsSystem Spec
08 Oct 2016   #5
loninappleton

Windows 7 x64 Ultimate
 
 

That's a good suggestion. I'm joined at Bleeping already from other questions and they are a trusted site. It sounds like the only answer to this system takeover is one of those multiple step cleaning processes.
My System SpecsSystem Spec
08 Oct 2016   #6
RolandJS

Windows 7 Professional 64-bit
 
 

While viri and malware and spyware can very effectively be addressed and worked through between thread-starters and the many very fine techies in sevenforums, when I read ransomware, I knew that BC has one of the best ransomware forums found anywhere.
My System SpecsSystem Spec
08 Oct 2016   #7
loninappleton

Windows 7 x64 Ultimate
 
 

What is the specific Bleeping thread or is there one? I don't have nor can even use
an individual HD analysis since it's wiped.
My System SpecsSystem Spec
09 Oct 2016   #8
MoxieMomma

OEM Windows 7 Ult (x64) SP1
 
 

Hi:

Bleepingcomputer has an entire sub-forum -- "Ransomware Help & Tech Support" -- devoted to ransomware.
The landscape changes daily, with new ransomware variants, new decryption methods, etc.
It's a highly complicated, specialized area of computer security and malware cleanup/mitigation.

A few general points -- for all intents and purposes, as a general explanation, your encrypted files are "toast", UNLESS:
  • A decryption solution is devised or published; OR
  • You have data backups on another, separate drive/device that was not encrypted; OR
  • You pay the ransom.
The malware/ransomware usually removes itself from the affected machine once it has done its work. So, there is usually not much specific cleanup to do for the ransomware itself. However, it's possible that the other system may have other malware on it, too.

As such, it's probably worth seeking out expert, guided help with checking/cleaning the affected system.
But, depending on the particular ransomware variant, it may not be possible to recover the encrypted files at this time. Unless you have backup copies of the data files, they are pretty much "gone".

Some experts have recommended the following:
  • Copying the affected, encrypted files to a separate USB EHD and holding that drive for a possible future decryption solution that may allow them to be recovered some time in the future; AND/OR
  • Removing and saving the entire affected hard drive and replacing it with a brand new drive, new Windows install, etc. (you can hold the old drive for a possible future decryption solution, as mentioned above).
Needless to say, practicing safe computing practices in order to minimize the risk of ransomware infection in the first place is the best strategy.


HTH,
MM
My System SpecsSystem Spec
09 Oct 2016   #9
loninappleton

Windows 7 x64 Ultimate
 
 

On your last point about buying a new drive. Is it not enough to clone a drive from backup?

In the past I have used HDD Guru's programs for disk setup and utility.

I know of no better disk tools for refreshing a drive.

HDDGURU: Software: HDD diagnostics and recovery

And a thought occurred to me about SSD's. How is an SSD effected differently if at all from a ransom ware attack?

Also I did take a peek at Bleeping Computer. The ransom ware list is dauntingly long.


As to the source of the ransom ware it was in the process of simply clicking on a news item at a site. It's possible that news is submitted without careful scrutiny.
My System SpecsSystem Spec
09 Oct 2016   #10
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Hi,
A lot of website are not monitored very well if at all except to add more content
Yahoo is a good example they didn't even monitor their own adds for corruption
email servers were always getting hacked....

If you ever click on a link it's always best to right click it and select open in new in-private window to minimize anything
But it's really up to your security to block attacks.
Panda free and mbam premium works well together that I've noticed
My System SpecsSystem Spec
Reply

 A ransomware recovery routine from Sevenforums




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Routine security check
Just doing a routine security check to make sure that something bad didn't happen recently. I've already attached frst and addition logs which might help you guys to further point out stuff. Thanks.
System Security
Cannot perform downloads after routine clean-up in Win 7
I performed my usual by-weekly computer clean-up, updating, etc and now I cannot download anything. When I click on the download button on whatever website that I may be on a dislpay tab flashes on but immediately disappears and nothing happens. Prior to doing my routine clean-up I did...
General Discussion
Routine BSOD's at wits end
Good Afternoon, I have been getting BSOD's for weeks now crash files show its always one of these 3 ( usually the last 2) msahci.sys, ntoskrnl.exe, ntoskrnl.exe. it seems to usually happen when I am on the internet. I have attached the Zip file from the win 7 Diag diag tool. ...
BSOD Help and Support
BSOD During routine pc usege
Hello, I had this kind of issue a long time ago now and solved by the fellow admins and mods. Now I started to have BSOD's again. I suspect one of my HDD's is going to die soon but just want to make sure what is wrong exactly. I am posting 2 reports which ever works out. Thanks
BSOD Help and Support
Routine crashes
I've had occasional BSODs since I build this machine in May 2010. Typically once or twice a week. Sometimes immediately after a crash/reboot, the computer will immediately crash 2 or 3 more times from the logon screen. Then it stops crashing. In the past 4-6 weeks, I've also had some times...
BSOD Help and Support
Routine Computer Maintenance
Routine Computer Maintenance This tutorial is designed to help a user maintain their computer at optimum levels to avoid slowdowns and or disk errors. These steps should most definitely be run after cleaning a virus or malware from your system. These steps should be run really about once a...
Performance & Maintenance


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:58.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App