Links Thread, How To Hunt Down and Kill Ransomware in Links, Downloads and Scripts; A useful guide from Microsoft's Mark Russinovich.
Website : blogs.technet.com/b/markrussinovich/archive/2013/01/07/3543763.aspx
Scareware, a type of malware that mimics antimalware software, has ...
7th January 2013, 07:02 PM #1
How To Hunt Down and Kill Ransomware
A useful guide from Microsoft's Mark Russinovich.
Scareware, a type of malware that mimics antimalware software, has been around for a decade and shows no sign of going away. The goal of scareware is to fool a user into thinking that their computer is heavily infected with malware and the most convenient way to clean the system is to pay for the full version of the scareware software that graciously brought the infection to their attention. I wrote about it back in 2006 in my The Antispyware Conspiracy blog post, and the fake antimalware of today doesnít look much different than it did back then, often delivered as kits that franchisees can skin with their own logos and themes. Thereís even one labeled Sysinternals Antivirus:
A change thatís been occurring in the scareware industry over the last few years is that most scareware today also classifies as ransomware. The examples in my 2006 blog post merely nagged you that your system was infected, but otherwise let you continue to use the computer. Todayís scareware at the minimum prevents you from running security and diagnostic software, and often prevents you from executing any software at all. Without advanced malware cleaning skills, a system infected with ransomware is usable only to give into the blackmailerís demands to pay.
In this blog post I describe how different variants of ransomware lock the user out of their computer, how they persist across reboots, and how you can use Sysinternals Autoruns to hunt down and kill most current ransomware variants off an infected system.
IDG Tech News
7th January 2013, 08:30 PM #2
Great article, I’ve done this procedure for the last several years with a couple exceptions. In a school most staff do not have admin rights, I can login as admin and clean up this kind of malware very quickly. I have Hiren's BootCD on hand if needed and skip the safe mode step. Another tip the article didn’t mention is that some of these mess up the registry and windows doesn’t know what to do with an exe. You will need a reg file with the correct keys to reset these to default.
7th January 2013, 09:17 PM #3
Good point. I have had to do that on a number of occasions.
Originally Posted by dana_lehman
By robp2175 in forum Network and Classroom Management
Last Post: 7th January 2009, 01:52 AM
By z4ydi in forum Network and Classroom Management
Last Post: 12th February 2008, 02:36 PM
By beeswax in forum How do you do....it?
Last Post: 18th September 2006, 09:51 AM
By browolf in forum Windows
Last Post: 28th June 2005, 09:20 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread