+ Post New Thread
Results 1 to 3 of 3
Links Thread, How To Hunt Down and Kill Ransomware in Links, Downloads and Scripts; ...
  1. #1


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,894
    Thank Post
    226
    Thanked 2,674 Times in 1,971 Posts
    Rep Power
    786

    How To Hunt Down and Kill Ransomware

    A useful guide from Microsoft's Mark Russinovich.

    Website: blogs.technet.com/b/markrussinovich/archive/2013/01/07/3543763.aspx

    Scareware, a type of malware that mimics antimalware software, has been around for a decade and shows no sign of going away. The goal of scareware is to fool a user into thinking that their computer is heavily infected with malware and the most convenient way to clean the system is to pay for the full version of the scareware software that graciously brought the infection to their attention. I wrote about it back in 2006 in my The Antispyware Conspiracy blog post, and the fake antimalware of today doesnít look much different than it did back then, often delivered as kits that franchisees can skin with their own logos and themes. Thereís even one labeled Sysinternals Antivirus:



    A change thatís been occurring in the scareware industry over the last few years is that most scareware today also classifies as ransomware. The examples in my 2006 blog post merely nagged you that your system was infected, but otherwise let you continue to use the computer. Todayís scareware at the minimum prevents you from running security and diagnostic software, and often prevents you from executing any software at all. Without advanced malware cleaning skills, a system infected with ransomware is usable only to give into the blackmailerís demands to pay.

    In this blog post I describe how different variants of ransomware lock the user out of their computer, how they persist across reboots, and how you can use Sysinternals Autoruns to hunt down and kill most current ransomware variants off an infected system.

  2. Thanks to Arthur from:

    DaveP (7th January 2013)

  3. #2
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    329
    Thank Post
    5
    Thanked 34 Times in 29 Posts
    Rep Power
    23
    Great article, I’ve done this procedure for the last several years with a couple exceptions. In a school most staff do not have admin rights, I can login as admin and clean up this kind of malware very quickly. I have Hiren's BootCD on hand if needed and skip the safe mode step. Another tip the article didn’t mention is that some of these mess up the registry and windows doesn’t know what to do with an exe. You will need a reg file with the correct keys to reset these to default.

  4. #3


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,894
    Thank Post
    226
    Thanked 2,674 Times in 1,971 Posts
    Rep Power
    786
    Quote Originally Posted by dana_lehman View Post
    Another tip the article didn't mention is that some of these mess up the registry and windows doesn't know what to do with an exe.
    Good point. I have had to do that on a number of occasions.

SHARE:
+ Post New Thread

Similar Threads

  1. how to get italc and lanview on same machine?
    By robp2175 in forum Network and Classroom Management
    Replies: 0
    Last Post: 7th January 2009, 01:52 AM
  2. How to block .bat and .exe files
    By z4ydi in forum Network and Classroom Management
    Replies: 6
    Last Post: 12th February 2008, 02:36 PM
  3. how to stop hotmail...(and google chat)
    By beeswax in forum How do you do....it?
    Replies: 7
    Last Post: 18th September 2006, 09:51 AM
  4. how to do dhcp and isaserver
    By browolf in forum Windows
    Replies: 7
    Last Post: 28th June 2005, 09:20 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •