Recovering from Ransomware or a Malware Infection

Last Update: 5/28/2017

Windows Blue Screen Of Death, BSOD

Recovering from a Malware Infection or Malware Disaster is a difficult and time consuming process. This involves running 1 or more anti-malware programs to help eradicate any infections.

How to tell if you are infected

The first step in recovering from an infection is realizing that you are infected in the first place. Below are some telltale signs that you have been infected by malware.

  • You are being asked to pay a ransom
  • Pop-up windows, especially ones selling anti-virus software
  • Computer does not boot or start up
  • Computer starts playing funny sounds
  • Internet speed decrease
  • Internet access even when no program is running

If you have any of the above symptoms, it is time to check your computer for problems. Keep in mind that computers with inadequate amounts of RAM memory may run a lot slower than normal. We recommend at least 2 GB of RAM with Windows Vista or Windows 7.

Checking Your System for Malware

After you have decided to check your system, you should scan your system with up to date anti-virus or anti-malware software.

We suggest you first delete any Temporary Files located on the drive. This will speed up virus scanning and even remove any viruses inside the Temporary Files folder. To delete Temporary Files follow the steps below:

  1. Click the Start Menu
  2. Select All Programs
  3. Go into Accessories
  4. Go into System Tools
  5. Click on Disk Cleanup
  6. Select the Drive to clean up
  7. Click OK to remove Temporary Internet Files and Downloaded Program Files

Fake antivirus programs or system cleaners can usually be removed from the system.

If you do not have any security software installed, we suggest installing Microsoft’s Free Malicious Software Removal Tool . If this does not work, consult our article that lists many free Internet Security software downloads. We suggest you try free anti-virus software first, then an anti-malware program. Macintosh users should consult our Macintosh security software article.

Consider disabling your Internet connection at this stage or booting up in Window’s Safe Mode without Networking. This would prevent the malware from communicating with its host and stop any rogue updates from being made.

You can also reboot your Window’s System into Safe Mode by Pressing F8 when the BIOS is loading, and then re-running your security software scans. This helps prevent Malware from loading and interfering with security scans.

If you need additional anti-malware removal software try Trend Micro’s System Cleaner.

If you are unable to remove the infection, try McAfee Labs Stinger.

Recovering from Ransomware

If you find your machine locked for ransom, first check the free tools below to see if there are any backdoors to undo the damage.

Rule #2 Never pay the criminals. You are just perpetuating this activity

Try to use Windows System Restore to turn back the clock on changes.

Try using a virus scanner from a bootable CD or USB Drive.

If all your files are encrypted, the Last resort is to wipe your drive and start over.  This time, use a modern operating system like Windows 10 and follow some of our security tutorials to lock down your system. Start backing up too.

  • Implement the 3-2-1 backup rule. Have at least three copies of the most valuable data, keep two of them on different external media, and store one copy offsite.

Free Anti-Ransomware Tools

No More Ransom.org (Kaspersky Lab in collaboration with Europol, the Dutch National Police and Intel Security) has a new site to help victims.  It has a page with Decryption Tools.

Bitdefender Combination Crypto-Ransomware Vaccine

RansomFree protects your PC from ransomware

CrytoPrevent protects Windows PC from ransomware

WannaKiwi – Decrypts files WannaCryp ransomware. Do not reboot.

Restoring your web browser’s settings

If your are able to remove the Malware successfully, you may need to reconfigure your web browser’s default homepage and/or connection settings as malware often manipulates these settings.

If you use Internet Explorer do the following:

  1. Click the Start Menu
  2. Select the Control Panel
  3. Open Internet Options
  4. Change Homepage setting on the General Tab to Use Default or your Personal Preference
  5. Click the Connections Tab
  6. Click on the LAN settings button
  7. Make sure Automatically detect settings is checked

If Your Malware Problem Persists

It is possible that your system is infected with a Root kits that is preventing anti-malware software from detecting it. The next step is to boot off of a CD to sanitize your computer. If your system does not boot, create the following Bootable CD or USB drive on another computer.

Windows 7 Security Software Microsoft Standalone System Sweeper

Microsoft Standalone System Sweeper Tool – A bootable software tool that can find Root kits and other hard to find malware that normal anti-virus and anti-spyware software can’t. This creates a bootable CD/DVD or USB drive that needs to be booted from. Only run this tool when you believe you have been infected or every three months or so.

If the Microsoft tool did not repair your problems, give the AVG Rescue CD or Kapersky Recuse CD a try.

If you are still having problems and are an advanced user try ComboFix.

Nothing Removes the Malware

You can attempt to restore your system to a previous backup or roll back your system’s changes using Window’s Built in System Restore function. More virulent ransomware will turn off rolling back and delete old backups.

Online Back is Crucial

Online backup like Crashplan or Carbonite is the best way to protect and recover from ransomware.  Any drive connected to the system including external drives and network drives, can be encrypted.  This includes Time Machine Backups on the Macintosh. Backing up to an online service is the best way to recover from ransomware as the files are not accessible on the computer without doing  restore.

Worst case, you should erase your hard drives and reinstall your system from scratch. There are many times when Malware is so entrenched in your system that there is no way to remove it without redoing everything. There are also times when the only way to ensure you have removed all traces of Malware is by redoing your system. Back up your documents, export your email client settings and messages, backup your device drivers, but not any executable files (.exe) before you erase your system.

When you reinstall your system using the disk that came with your computer or your computer’s restore option, be sure to install Internet Security software and follow our guides to secure your Windows PC or Macintosh, and Internet software. Hopefully you have learned a lesson and can protect your computer better to prevent a future infection.

If you do not have any security software installed, we suggest installing Microsoft’s Free Malicious Software Removal Tool . If this does not work, consult our article that lists many free Internet Security software downloads. We suggest you try free anti-virus software first, then an anti-malware program. Macintosh users should consult our Macintosh security software article.

Have you gone through a ransomware attack? Did you recover without paying?

Author: SafeGadget

Teaching users on how to secure their computers and gadgets.

Leave a Reply