Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: My computer has virus that is ransomware- How can I remove it?

05 Sep 2017   #11
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Performing a complete reinstall of the Operating System seems a bit extreme, don't you think Alejandro85? Malwarebytes quarantined the rogue program and if anything else had been installed along side the rogue I am confident that MBAM would have found it and I have faith that Fmik would have mentioned if anything else had been found.

Fmik, How is your system behaving? Are you experiencing any more pop ups or behavior that you find concerning. If not, use the computer for a few days and return with an update. If you feel uncertain, there are a couple scans that are more indepth that I could have you run just to verify nothing serious has infiltrated your system.


My System SpecsSystem Spec
.
05 Sep 2017   #12
Alejandro85

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by DonnaB View Post
Performing a complete reinstall of the Operating System seems a bit extreme, don't you think Alejandro85? Malwarebytes quarantined the rogue program and if anything else had been installed along side the rogue I am confident that MBAM would have found it and I have faith that Fmik would have mentioned if anything else had been found.
Not at all, I don't think it's extreme, it can be more or less difficult, inconvenient and time consuming, but given the situation described by the OP, it's the appropriate choice.

The fundamental problem with viruses, hacked computers or whatever "evil" happening on a computer is that you don't know what's going on. Malicious code actually ran and had a chance to do literally whatever it feel like, anything really. At this point, the computer is no longer yours (as Microsoft likes to say).

Malicious files have been quarantined, great, but how can you be sure that there isn't anything else? If the virus entered the system, the antivirus already failed you. No more malicious activity has been noticed, great, but how can be sure that something isn't going on and you did not notice? The answer is that you can't. As malicious code got a chance to run there, it can install backdoors, download yet another infection, attach to system files or boot, change any settings out there, including tricking antiviruses that there isn't anything bad.

Of course, it's totally possible that Malwarebytes is right and nothing is eluding the OP's view and everything is, indeed, fine. Question is, how can you be sure? Any responsible technician would suggest a wipe and every single security expert out there will for sure sy "nuke it from orbit" as the very first though. All "solutions" posted here only perpetuates the myth that viruses can be removed from systems by just putting multiple antiviruses and hoping they say "clean".

Now, it's time for some references. This topic immediately remembers me of two of my favorites posts at StackOverflow, explaining why a clean install is the only real way of cleaning a system. One deals with our more familiar Windows environment, and the other is devoted to servers, and while the jargon and specifics varies the fundamentals are the same:
windows - How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC? - Super User
system compromise - How do I deal with a compromised server? - Information Security Stack Exchange

Of particular importance I find this paragraph:
Quote:
Lots of people will disagree with me on this, but I challenge they are not weighing consequences of failure strongly enough. Are you willing to wager your life savings, your good credit, even your identity, that you're better at this than crooks who make millions doing it every day? If you try to remove malware and then keep running the old system, that's exactly what you're doing.
It's important to help people understand what it's really happending under the hood when a virus hits the computer. And what antiviruses really do and don't do, specially on an already compromised system. Just keeping the classic "run an antivirus" doesn't cut it anymore.
My System SpecsSystem Spec
05 Sep 2017   #13
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Alejandro85,

It is not my intention to battle wits with you nor prove you wrong in any way. I do respect your opinion, and in the worst case scenario I do agree with you, but to prevent undue pain and suffering for the user by insisting they nuke the drive and reinstall I prefer to check out the situation first and not jump to such extreme conclusions unless of course as a last resort.

I come to this conclusion by the information that has been provided from Fmik. As he pointed out in his 1st post, his computer did lock up and a screen appeared that insisted that he call the 1-855 number. We all know that is a scam because Microsoft does not work that way. Also, he is able to shut down and reboot, yet this lock up does not happen all the time, just every few days so we know he is not a victim of ransomeware or the screen would reappear once the computer is rebooted and before the browser is opened.

In post 4 he points out that MBAM found the TotalAv.exe file in his downloads folder, so yes, it was downloaded yet the file is not a threat till it is executed and drops it's payload. I feel confidant that if the file was executed Fmik would have said he had a scanner running stating that his system is infected with 100's of threats that do not really exist, and then entice him to purchase the software to clean up the non-existent threats.

In post 7 he states the he reset Firefox as I suggested in post 6 then ran AdwCleaner as I requested and no malicious Firefox entries were found to be deleted so I am comfortable with the fact the browser reset removed the malicious adware extension, though I am still awaiting his reply to confirm that he has had no more issues with the 1-855 number screen popping up.



@ Fmik,

If you would feel more comfortable, I could take a much closer look at the file system to ensure you are clean. To do so, please follow the instructions below:

Download Farbar Recovery Scan Tool to your desktop from the link below:

For x32 (x86) bit systems download Farbar Recovery Scan Tool.

  • Right click on the FRST.exe and choose Run as administrator.
  • When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Under Optional Scan make sure there is a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
  • Press Scan button.
  • Please attach both logs in your next reply.
My System SpecsSystem Spec
.

10 Sep 2017   #14
Fmik

windows vista 32 bit
 
 
My Computer most likely does not have ramsomware

Hello,
To date I have not experienced the pop-up window that locked my computer. I agree that it was not ransomware.
In order to try and solve the problem, I performed several functions including reverting to a previous backup.
I also ran the following on my computer:
Malwarebytes
adwCleaner
Junkware Removal Tool
Farbar Recovery Scan Tool
Microsoft Standalone System Sweeper Tool (WDO)

They all did not detect any malicious software on my computer.
So I am going to mark this thread as solved.
Thank you everyone, especially Donna B. for your expert knowledge and suggestions that you have shared in solving this challenge, I really appreciate that.
My System SpecsSystem Spec
10 Sep 2017   #15
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

You're welcome, Fmik. Truly my pleasure. :)

If you want me to take the time to review the FRST.txt and Additions.txt logs that Farbar Recovery Scan Tool generated to check for residual files left behind I would be more than happy to, though I doubt anything serious would be found... merely orphans lurking in the shadows.

Donna :)
My System SpecsSystem Spec
Reply

 My computer has virus that is ransomware- How can I remove it?




Thread Tools




Similar help and support threads
Thread Forum
chinese virus...don't know how to remove...
Hi. I found these two chinese apps in the uninstall control panel. I don't read chinese. Please help me uninstall them. Thanks.
System Security
Is this a Ransomware webpage not a virus?
http://www.technicalsupport247.org/techsupport4o2/ Link disabled. I keep getting this information on legit sites. I ran MSE, Several Online Scanner nothing found. Malwarebytes found nothing. I even removed MSE and installed AVG, nothing found.
Browsers & Mail
Help me remove virus/infection
Hi Friends, I need some help removing the malware/virus please. I have tried MB but it stuck on Heuristic Analysis for a long time, I am unable to uninstall any programs, right click doesn't respond, I have been using AVG2014 for AV. Thanks in advance.
System Security
Can't remove a virus (or a PUP?) from my computer
Hello :D I somehow got 2 programs that cannot be removed. When I uninstall them, they just keep reappearing at boot. I don't know if that's a virus or a PUP, but it's really annoying. The 2 programs are "FixMyRegistry" and "SpeedUpMyComputer" by "SmartTweak" ( Who are the *******s behind...
System Security
Help Remove Virus
i had windows 7 installed than i installed XP...n i inserted a usb while using XP...the usb contained the "New Folder.exe" virus...n infected my windows....it also infected Windows 7....i formated both drives...now i only have windows 7 installed ... but the effects of the virus are still there......
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:29.
Twitter Facebook Google+