Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Gravy

14 posts

Geek


#173571 27-May-2015 22:43
Send private message

Stupidly, of all things it was a recipe website that got me - it opened an unrelated page and I guess hit me when I clicked the button to close it. I've been running windows AV and it got straight through.

Anyway, lesson learned and I ran malwarebytes through the system first then did a factory reset. No way would I consider paying them for the key.

Following the reset, I still have the ransomware "theme" with wallpaper and colouring so I guess it must still be sitting somewhere. I've run an AV scan and it turned up nothing.

Laptop came with windows pre-installed so I can't do a format and reinstall as I don't have the dvd to do it.

Does anyone know where the remnants of this nasty thing might be sitting? Any ideas for another solution would be appreciated. I'm a bit worried a piece of this may be enough for it to crop up again.

cheers

Create new topic
Dynamic
3867 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1313175 27-May-2015 22:50
Send private message

If you are confident, open the registry and search for 'wallpaper'.  Leave the registry keys in place but remove the data (the path and file name) from them and reboot.




“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.




roobarb
653 posts

Ultimate Geek

Trusted

  #1313176 27-May-2015 22:51
Send private message

Normally when you get a machine without CD media they give you a recovery partition and a tool to create install disks to recover from in case of hard disk failure.

Using the recovery partition often gives you a number of levels of restore from just deleting user accounts to formatting and reinstalling the OS either in full or as a minimum install. I generally choose the minimal install to avoid all the freeloading crapware.

The format option from the recovery partition should not normally delete the recovery partition, just the C drive.

gzt

gzt
17105 posts

Uber Geek

Lifetime subscriber

  #1313179 27-May-2015 22:54
Send private message

Does malware bytes still detect the ransomware?



DravidDavid
1907 posts

Uber Geek


  #1313192 27-May-2015 23:26
Send private message

gzt: Does malware bytes still detect the ransomware?

I'd say it would.  It's a pretty good application and highly recommend it.

gzt

gzt
17105 posts

Uber Geek

Lifetime subscriber

  #1313206 28-May-2015 00:03
Send private message

Gravy: Laptop came with windows pre-installed so I can't do a format and reinstall as I don't have the dvd to do it.

As above there is nearly always a way to do that. Name the brand and model and someone will tell you exactly how.

lNomNoml
1807 posts

Uber Geek

ID Verified

  #1313211 28-May-2015 00:39
Send private message

Give your PC a scan with the ESET online scanner, just to make sure.

linw
2849 posts

Uber Geek


  #1313249 28-May-2015 08:46
Send private message

Worth trying ADWCleaner as well. It has found stuff that Malwarebytes missed.

Good luck.

 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
Gravy

14 posts

Geek


  #1313276 28-May-2015 09:40
Send private message

Does malware bytes still detect the ransomware?

Yeah it did. It picked up the trojans related but I guess it doesn't eliminate everything. It won't decrypt files of course but nothing available right now was able to do it. Tried pretty much everything a fairly extensive google search turned up. Luckily this one didn't completely freeze the system it just shut down the interwebby from to time. 

Most files were backed up externally so I haven't really lost much out of this apart from a damaged ego and sore after a massive face palm.

I wondered if there may be something in the registry seeing as I can't get rid of the "theme" but not overly keen to play around with it. I might have a wee gander and search for wallpaper as suggested above.

Thanks for all your help everyone. I'll have a crack at some these things when I get home.

johnr
19282 posts

Uber Geek
Inactive user


  #1313289 28-May-2015 10:08
Send private message

' recipe website ' ;)

hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #1313306 28-May-2015 10:24
Send private message

http://www.howtogeek.com/howto/16929/prevent-users-from-changing-screen-saver-and-wallpaper-in-windows-7/

check that it hasnt simply flagged the prevent changing option in the registry.

johnr: ' recipe website ' ;)


hey now, thats a recipe for something....







#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 


1101
3122 posts

Uber Geek


  #1313367 28-May-2015 11:39
Send private message

Malware removal, for malware as nasty as that, isnt as simple as running a few scanners across it

It could have made many other changes to the system itself : services disabled, hidden or protected registry entries added, proxies added, added entries in scheduled tasks, changes at a policy level, browser shortcuts changed etc etc etc

It really should be wiped & reloaded/re-imaged.

If its Win8 , there is a good restore/refresh utility built in
laptops sometimes have a recovery partition , you can use that to re-install (Re-image) windows
you can often buy system recovery disks from the manufacturer, sometimes they will send them for free


Its a long shot, but try using system restore to restore to before the infection happened.
a long shot as malware usually removes previous restore points.

gbwelly
1243 posts

Uber Geek


  #1313430 28-May-2015 12:46
Send private message

Burn it with fire, or at least DBAN it and reinstall. The machine can no longer be trusted as it stands.








cyberhub
224 posts

Master Geek


  #1313559 28-May-2015 15:15
Send private message

roobarb: Normally when you get a machine without CD media they give you a recovery partition and a tool to create install disks to recover from in case of hard disk failure.

Using the recovery partition often gives you a number of levels of restore from just deleting user accounts to formatting and reinstalling the OS either in full or as a minimum install. I generally choose the minimal install to avoid all the freeloading crapware.

The format option from the recovery partition should not normally delete the recovery partition, just the C drive.


+1 Pretty much every new Windows PC has this recovery.  Just Google the make and model of your laptop along with factory reset and you will get instructions about how to restore it.

Best way to be completely sure that you have gotten rid of it as you don't know what else may of been installed such as keyloggers, botnet etc.




Gravy

14 posts

Geek


  #1313690 28-May-2015 20:21
Send private message

johnr: ' recipe website ' ;)


Yeah I figured that would sound like rubbish but it's actually completely honest. When I clicked it from the Google search it posted up a new page over the IE session that had did have porn on it. It was clicking off it that infected the computer - one of those get em if they enter or get em if they don't things. I stupidly hit the "close window" button instead of closing the window remotely.

Hell if I got it looking up porn I wouldn't be half as p!$$ed at myself for being so dumb.

Azzura
603 posts

Ultimate Geek

ID Verified

  #1316533 3-Jun-2015 04:08
Send private message

Did you see if it's in the add/remove programs area of windows. Sometimes it pays to check...

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.