Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: My computer has virus that is ransomware- How can I remove it?

31 Aug 2017   #1
Fmik

windows vista 32 bit
 
 
My computer has virus that is ransomware- How can I remove it?

I am using Windows Seven Professional Service Pack 1 version operating system, 32 Bit, Intel Core II Duo CPU,1.80GHz, file system is NTFS.
My computer gets locked up and a message on the screen wants me to call a 1-855 number purporting to be Microsoft but I know it is malware. I am able to shut down and restart my computer but after a few days it happens again. My Windows Defender does not detect it when I run a full scan of the computer.
Is there a fix that I can do myself? I am somewhat computer literate. Or is performing a clean reinstall of my operating system the only way to eliminate the malware completely? I have recently backed up the files on my computer using Windows Backup after this virus started happening. Thank you for any help you can give.


My System SpecsSystem Spec
.
31 Aug 2017   #2
Hark1of8

Windows 7 Professional running on 64 bit
 
 

Do you have a backup before the virus hit? Everything I've read so far has applying a backup as the current method to rid a PC of of ransomware. If there is software available I haven't read about it, just google it.
My System SpecsSystem Spec
01 Sep 2017   #3
MeOnMine

Windows 7 Ultimate x64 SP1 OEM
 
 

Hi, it is in my opinion that you do not have Ransomware.
Ransomware incrypts all your data and holds you to Ransom of payment to acqurire the key to unlock it.
Is your data still available for you to open and use.
I would advise you to download and install Malwarebytes update it and then run it. Remember to untick "Trial Version"
Let us know how you get along.
My System SpecsSystem Spec
.

01 Sep 2017   #4
Fmik

windows vista 32 bit
 
 

I installed the Malwarebytes Free program and ran the scan. It did not find any malicious software but it did identify one threat, a program called TotalAv.exe in my download folder. Malwarebytes Free considered it potentially harmful quarantined it. I don't feel as though my PC is clean because no malicious software was detected. Microsoft Security Essentials has not been able to detect the malware either. If you have any other suggestions I would appreciate it.
My System SpecsSystem Spec
01 Sep 2017   #5
mrjimphelps

Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
 
 

Create a Windows Defender Offline CD or DVD from another computer, then boot this computer with the CD/DVD in the drive. It will boot into Windows Defender Offline (WDO). Do a complete scan and clean. WDO might catch something that other programs miss, because it scans before Windows has a chance to load. It can catch things which are buried deep in Windows.

Go here to get Windows Defender Offline:

https://support.microsoft.com/en-us/help/17466

Be sure to get the 32-bit version.

After scanning with WDO, I strongly suggest that you do a backup of your hard drive, if you don't have a current one. And do the backup to a hard drive that you aren't currently using, because if you do a backup to a drive that is currently in use, you might infect that drive. If you have an old, unused internal hard drive, you could install it, do the backup, then uninstall it.

After doing the backup, store the drive in a static bag, with a note describing the contents of the drive, and the date of the backup, and put on the note that the drive might be infected.
My System SpecsSystem Spec
02 Sep 2017   #6
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Hi Fmik,

The TotalAv.exe file that Malwarebytes found and quarantined is a rogue program.

That support call number that is popping up could be the result of an adware extension that was installed in your browser. The best way to get rid of it is to reset your browser to default settings.

You can find those instructions here.

Once that is complete, next download an execute the following program. I doubt the log will fit in your next post, so if you could please attach/upload the post for my viewing pleasure, I would appreciate that.

If for some reason AdwCleaner does not remove the nuisance, we do have other little tricks up our sleeves that will. There is no need to do a complete reinstall of the operating system to remove this.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt
My System SpecsSystem Spec
02 Sep 2017   #7
Fmik

windows vista 32 bit
 
 

I reset Firefox browser and ran the AdWCleaner program. It found no malicious files or other items. It quarantined 3 item and I had it clean them. I will attach a copy of the text report that you asked for. Please let me know if you do not get it. Thank you.


Attached Files
File Type: txt AdwCleaner 7 report II as notepad.txt (2.3 KB, 5 views)
My System SpecsSystem Spec
02 Sep 2017   #8
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

I got it, Fmik. Thank you for uploading the log.

I am going to have you scan with the following tool as well, just to see if there is anything that might have been overlooked.

Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post (or upload) the contents of JRT.txt into your reply.
My System SpecsSystem Spec
04 Sep 2017   #9
Fmik

windows vista 32 bit
 
 

Thanks. I ran the Junkware Removal Tool. Here is the report that it generated.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x86
Ran by Mike (Administrator) on Mon 09/04/2017 at 13:28:13.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/04/2017 at 13:31:07.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My System SpecsSystem Spec
05 Sep 2017   #10
Alejandro85

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Fmik View Post
Or is performing a clean reinstall of my operating system the only way to eliminate the malware completely?
That's the only real solution to an infected system.
Once a system becomes infected the ONLY way to ensure it's clean is to perform a complete reinstallation of the operating system and all its software. You realized you have a virus, but in fact you don't know what exactly it did, what it corrupted or what "backdoor" it left, there is no way you can possibly know that, hence, how to revert it. A reformat brings to a known-clean state.

Also don't bother with (multiple) antiviruses at this point. Since you're already infected, a virus can easily tamper with the antiviruses to disguise itself or otherwise trick you into thinking it's safe while you actually don't know. Antiviruses might be of some use to prevent malware from entering, and becomes uterly useless after an infection occurs.


Quote   Quote: Originally Posted by Fmik View Post
I have recently backed up the files on my computer using Windows Backup after this virus started happening.
Discard that backup and reformat using the previous one, of both software and data (software can be redownloaded if needed, of course). Reason for this is that you can't be sure the virus didn't did something to the backup, or attached itself to it, so using that you risk spreading the infection to the rebuilt system. Use a known-clean backup of any personal data.
My System SpecsSystem Spec
Reply

 My computer has virus that is ransomware- How can I remove it?




Thread Tools




Similar help and support threads
Thread Forum
chinese virus...don't know how to remove...
Hi. I found these two chinese apps in the uninstall control panel. I don't read chinese. Please help me uninstall them. Thanks.
System Security
Is this a Ransomware webpage not a virus?
http://www.technicalsupport247.org/techsupport4o2/ Link disabled. I keep getting this information on legit sites. I ran MSE, Several Online Scanner nothing found. Malwarebytes found nothing. I even removed MSE and installed AVG, nothing found.
Browsers & Mail
Help me remove virus/infection
Hi Friends, I need some help removing the malware/virus please. I have tried MB but it stuck on Heuristic Analysis for a long time, I am unable to uninstall any programs, right click doesn't respond, I have been using AVG2014 for AV. Thanks in advance.
System Security
Can't remove a virus (or a PUP?) from my computer
Hello :D I somehow got 2 programs that cannot be removed. When I uninstall them, they just keep reappearing at boot. I don't know if that's a virus or a PUP, but it's really annoying. The 2 programs are "FixMyRegistry" and "SpeedUpMyComputer" by "SmartTweak" ( Who are the *******s behind...
System Security
Help Remove Virus
i had windows 7 installed than i installed XP...n i inserted a usb while using XP...the usb contained the "New Folder.exe" virus...n infected my windows....it also infected Windows 7....i formated both drives...now i only have windows 7 installed ... but the effects of the virus are still there......
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:13.
Twitter Facebook Google+