Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




14 posts

Geek


# 173571 27-May-2015 22:43
Send private message

Stupidly, of all things it was a recipe website that got me - it opened an unrelated page and I guess hit me when I clicked the button to close it. I've been running windows AV and it got straight through.

Anyway, lesson learned and I ran malwarebytes through the system first then did a factory reset. No way would I consider paying them for the key.

Following the reset, I still have the ransomware "theme" with wallpaper and colouring so I guess it must still be sitting somewhere. I've run an AV scan and it turned up nothing.

Laptop came with windows pre-installed so I can't do a format and reinstall as I don't have the dvd to do it.

Does anyone know where the remnants of this nasty thing might be sitting? Any ideas for another solution would be appreciated. I'm a bit worried a piece of this may be enough for it to crop up again.

cheers

Create new topic
2633 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1313175 27-May-2015 22:50
Send private message

If you are confident, open the registry and search for 'wallpaper'.  Leave the registry keys in place but remove the data (the path and file name) from them and reboot.




"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

483 posts

Ultimate Geek

Trusted

  # 1313176 27-May-2015 22:51
One person supports this post
Send private message

Normally when you get a machine without CD media they give you a recovery partition and a tool to create install disks to recover from in case of hard disk failure.

Using the recovery partition often gives you a number of levels of restore from just deleting user accounts to formatting and reinstalling the OS either in full or as a minimum install. I generally choose the minimal install to avoid all the freeloading crapware.

The format option from the recovery partition should not normally delete the recovery partition, just the C drive.

 
 
 
 


gzt

10901 posts

Uber Geek


  # 1313179 27-May-2015 22:54
Send private message

Does malware bytes still detect the ransomware?

1892 posts

Uber Geek


  # 1313192 27-May-2015 23:26
Send private message

gzt: Does malware bytes still detect the ransomware?

I'd say it would.  It's a pretty good application and highly recommend it.





Sometimes what you don't get is a blessing in disguise!

gzt

10901 posts

Uber Geek


  # 1313206 28-May-2015 00:03
Send private message

Gravy: Laptop came with windows pre-installed so I can't do a format and reinstall as I don't have the dvd to do it.

As above there is nearly always a way to do that. Name the brand and model and someone will tell you exactly how.

1352 posts

Uber Geek


  # 1313211 28-May-2015 00:39
Send private message

Give your PC a scan with the ESET online scanner, just to make sure.

2043 posts

Uber Geek

Subscriber

  # 1313249 28-May-2015 08:46
Send private message

Worth trying ADWCleaner as well. It has found stuff that Malwarebytes missed.

Good luck.

 
 
 
 




14 posts

Geek


  # 1313276 28-May-2015 09:40
Send private message

Does malware bytes still detect the ransomware?

Yeah it did. It picked up the trojans related but I guess it doesn't eliminate everything. It won't decrypt files of course but nothing available right now was able to do it. Tried pretty much everything a fairly extensive google search turned up. Luckily this one didn't completely freeze the system it just shut down the interwebby from to time. 

Most files were backed up externally so I haven't really lost much out of this apart from a damaged ego and sore after a massive face palm.

I wondered if there may be something in the registry seeing as I can't get rid of the "theme" but not overly keen to play around with it. I might have a wee gander and search for wallpaper as suggested above.

Thanks for all your help everyone. I'll have a crack at some these things when I get home.

19282 posts

Uber Geek
Inactive user


  # 1313289 28-May-2015 10:08
Send private message

' recipe website ' ;)

'That VDSL Cat'
11000 posts

Uber Geek

Trusted
Spark
Subscriber

  # 1313306 28-May-2015 10:24
Send private message

http://www.howtogeek.com/howto/16929/prevent-users-from-changing-screen-saver-and-wallpaper-in-windows-7/

check that it hasnt simply flagged the prevent changing option in the registry.

johnr: ' recipe website ' ;)


hey now, thats a recipe for something....







#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


1904 posts

Uber Geek


  # 1313367 28-May-2015 11:39
Send private message

Malware removal, for malware as nasty as that, isnt as simple as running a few scanners across it

It could have made many other changes to the system itself : services disabled, hidden or protected registry entries added, proxies added, added entries in scheduled tasks, changes at a policy level, browser shortcuts changed etc etc etc

It really should be wiped & reloaded/re-imaged.

If its Win8 , there is a good restore/refresh utility built in
laptops sometimes have a recovery partition , you can use that to re-install (Re-image) windows
you can often buy system recovery disks from the manufacturer, sometimes they will send them for free


Its a long shot, but try using system restore to restore to before the infection happened.
a long shot as malware usually removes previous restore points.

846 posts

Ultimate Geek

Subscriber

  # 1313430 28-May-2015 12:46
Send private message

Burn it with fire, or at least DBAN it and reinstall. The machine can no longer be trusted as it stands.








224 posts

Master Geek


  # 1313559 28-May-2015 15:15
Send private message

roobarb: Normally when you get a machine without CD media they give you a recovery partition and a tool to create install disks to recover from in case of hard disk failure.

Using the recovery partition often gives you a number of levels of restore from just deleting user accounts to formatting and reinstalling the OS either in full or as a minimum install. I generally choose the minimal install to avoid all the freeloading crapware.

The format option from the recovery partition should not normally delete the recovery partition, just the C drive.


+1 Pretty much every new Windows PC has this recovery.  Just Google the make and model of your laptop along with factory reset and you will get instructions about how to restore it.

Best way to be completely sure that you have gotten rid of it as you don't know what else may of been installed such as keyloggers, botnet etc.






14 posts

Geek


  # 1313690 28-May-2015 20:21
One person supports this post
Send private message

johnr: ' recipe website ' ;)


Yeah I figured that would sound like rubbish but it's actually completely honest. When I clicked it from the Google search it posted up a new page over the IE session that had did have porn on it. It was clicking off it that infected the computer - one of those get em if they enter or get em if they don't things. I stupidly hit the "close window" button instead of closing the window remotely.

Hell if I got it looking up porn I wouldn't be half as p!$$ed at myself for being so dumb.

396 posts

Ultimate Geek


  # 1316533 3-Jun-2015 04:08
Send private message

Did you see if it's in the add/remove programs area of windows. Sometimes it pays to check...

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36


2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17


Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46


Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51


Facebook Portal to land in New Zealand
Posted 19-Sep-2019 18:35


Amazon Studios announces New Zealand as location for its upcoming series based on The Lord of the Rings
Posted 18-Sep-2019 17:24


The Warehouse chooses Elasticsearch service
Posted 18-Sep-2019 13:55


Voyager upgrades core network to 100Gbit
Posted 18-Sep-2019 13:52



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.