My computer has virus that is ransomware- How can I remove it?

Page 2 of 2 FirstFirst 12

  1. Posts : 163
    Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
       #11

    Performing a complete reinstall of the Operating System seems a bit extreme, don't you think Alejandro85? Malwarebytes quarantined the rogue program and if anything else had been installed along side the rogue I am confident that MBAM would have found it and I have faith that Fmik would have mentioned if anything else had been found.

    Fmik, How is your system behaving? Are you experiencing any more pop ups or behavior that you find concerning. If not, use the computer for a few days and return with an update. If you feel uncertain, there are a couple scans that are more indepth that I could have you run just to verify nothing serious has infiltrated your system.
      My Computer


  2. Posts : 2,465
    Windows 7 Ultimate x64
       #12

    DonnaB said:
    Performing a complete reinstall of the Operating System seems a bit extreme, don't you think Alejandro85? Malwarebytes quarantined the rogue program and if anything else had been installed along side the rogue I am confident that MBAM would have found it and I have faith that Fmik would have mentioned if anything else had been found.
    Not at all, I don't think it's extreme, it can be more or less difficult, inconvenient and time consuming, but given the situation described by the OP, it's the appropriate choice.

    The fundamental problem with viruses, hacked computers or whatever "evil" happening on a computer is that you don't know what's going on. Malicious code actually ran and had a chance to do literally whatever it feel like, anything really. At this point, the computer is no longer yours (as Microsoft likes to say).

    Malicious files have been quarantined, great, but how can you be sure that there isn't anything else? If the virus entered the system, the antivirus already failed you. No more malicious activity has been noticed, great, but how can be sure that something isn't going on and you did not notice? The answer is that you can't. As malicious code got a chance to run there, it can install backdoors, download yet another infection, attach to system files or boot, change any settings out there, including tricking antiviruses that there isn't anything bad.

    Of course, it's totally possible that Malwarebytes is right and nothing is eluding the OP's view and everything is, indeed, fine. Question is, how can you be sure? Any responsible technician would suggest a wipe and every single security expert out there will for sure sy "nuke it from orbit" as the very first though. All "solutions" posted here only perpetuates the myth that viruses can be removed from systems by just putting multiple antiviruses and hoping they say "clean".

    Now, it's time for some references. This topic immediately remembers me of two of my favorites posts at StackOverflow, explaining why a clean install is the only real way of cleaning a system. One deals with our more familiar Windows environment, and the other is devoted to servers, and while the jargon and specifics varies the fundamentals are the same:
    windows - How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC? - Super User
    system compromise - How do I deal with a compromised server? - Information Security Stack Exchange

    Of particular importance I find this paragraph:
    Lots of people will disagree with me on this, but I challenge they are not weighing consequences of failure strongly enough. Are you willing to wager your life savings, your good credit, even your identity, that you're better at this than crooks who make millions doing it every day? If you try to remove malware and then keep running the old system, that's exactly what you're doing.
    It's important to help people understand what it's really happending under the hood when a virus hits the computer. And what antiviruses really do and don't do, specially on an already compromised system. Just keeping the classic "run an antivirus" doesn't cut it anymore.
      My Computer


  3. Posts : 163
    Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
       #13

    Alejandro85,

    It is not my intention to battle wits with you nor prove you wrong in any way. I do respect your opinion, and in the worst case scenario I do agree with you, but to prevent undue pain and suffering for the user by insisting they nuke the drive and reinstall I prefer to check out the situation first and not jump to such extreme conclusions unless of course as a last resort.

    I come to this conclusion by the information that has been provided from Fmik. As he pointed out in his 1st post, his computer did lock up and a screen appeared that insisted that he call the 1-855 number. We all know that is a scam because Microsoft does not work that way. Also, he is able to shut down and reboot, yet this lock up does not happen all the time, just every few days so we know he is not a victim of ransomeware or the screen would reappear once the computer is rebooted and before the browser is opened.

    In post 4 he points out that MBAM found the TotalAv.exe file in his downloads folder, so yes, it was downloaded yet the file is not a threat till it is executed and drops it's payload. I feel confidant that if the file was executed Fmik would have said he had a scanner running stating that his system is infected with 100's of threats that do not really exist, and then entice him to purchase the software to clean up the non-existent threats.

    In post 7 he states the he reset Firefox as I suggested in post 6 then ran AdwCleaner as I requested and no malicious Firefox entries were found to be deleted so I am comfortable with the fact the browser reset removed the malicious adware extension, though I am still awaiting his reply to confirm that he has had no more issues with the 1-855 number screen popping up.



    @ Fmik,

    If you would feel more comfortable, I could take a much closer look at the file system to ensure you are clean. To do so, please follow the instructions below:

    Download Farbar Recovery Scan Tool to your desktop from the link below:

    For x32 (x86) bit systems download Farbar Recovery Scan Tool.


    • Right click on the FRST.exe and choose Run as administrator.
    • When the tool opens click Yes to disclaimer.
    • If an update is available, the program will inform you and download the update. Allow it do this please.
    • Under Optional Scan make sure there is a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
    • Press Scan button.
    • Please attach both logs in your next reply.
      My Computer


  4. Posts : 20
    windows vista 32 bit
    Thread Starter
       #14

    My Computer most likely does not have ramsomware


    Hello,
    To date I have not experienced the pop-up window that locked my computer. I agree that it was not ransomware.
    In order to try and solve the problem, I performed several functions including reverting to a previous backup.
    I also ran the following on my computer:
    Malwarebytes
    adwCleaner
    Junkware Removal Tool
    Farbar Recovery Scan Tool
    Microsoft Standalone System Sweeper Tool (WDO)

    They all did not detect any malicious software on my computer.
    So I am going to mark this thread as solved.
    Thank you everyone, especially Donna B. for your expert knowledge and suggestions that you have shared in solving this challenge, I really appreciate that.
      My Computer


  5. Posts : 163
    Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
       #15

    You're welcome, Fmik. Truly my pleasure. :)

    If you want me to take the time to review the FRST.txt and Additions.txt logs that Farbar Recovery Scan Tool generated to check for residual files left behind I would be more than happy to, though I doubt anything serious would be found... merely orphans lurking in the shadows.

    Donna :)
      My Computer


 
Page 2 of 2 FirstFirst 12

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:58.
Find Us