Ransom:HTML/Tescrypt.D 1

[Bluejay07]

Hello,

I have a computer (Windows 7 SP1 32 bit) that appears to have Ransom:HTML/Tescrypt.D.
For the past several days, Security Essentials has detected and removed this virus.
The log shows it gets removed daily.

How can I remove this permanently?
I have read several articles although it hasn't really helped.

My computer and IE browser is NOT locked.
I have checked uninstall programs and there are no additional programs installed.
I have verified suggested registry entries and couldn't find any associated files/entries.
I have looked at task manager and could not see any unusual running processes.
I have run full scans with Malwarebytes and nothing was detected.

Any suggestions would be appreciated.

Thanks.

If at first you don't succeed, then sky diving wasn't meant for you!

 

[ChrisHirst]

How can I remove this permanently?

Install a real anti-virus application such as Avast that can scan and/or remove malicious software before Windows starts and locks it.



Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

 

[Bluejay07]

Hi Chris,

Thanks for the reply.
Due to a conflict of scanners, I will have to uninstall Essentials before I can install Avast.

I will report back with the outcome.



If at first you don't succeed, then sky diving wasn't meant for you!

 

[Bluejay07]

I am not authorized to buy software.
Avast requires a subscription before it can do anything.

Any other options?

If at first you don't succeed, then sky diving wasn't meant for you!

 

[ChrisHirst]

Avast requires a subscription before it can do anything

Nope, you are probably trying to install the "Avast Internet Security" package. You can just use the free version with the only requirement is that you 'register' it using your email address, a Google + account or a Facebook account. You can purchase a twelve month subscription if you want, but it is NOT a requirement of use.

The subscription is also a 'personal' account rather than a 'company' purchase. So you do not need ANY of the products on this page, just the one on the left column of this page, it will 'nag' you from time to time to purchase the "Premier" version or "Internet Security 2016", but the 'personal' edition is always 'free' for the price of your email address every twelve months, and to be fair to Avast they do not send that many 'marketing' emails at all.



Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

 

[Bluejay07]

Hi Chris,

Thanks for providing more information.

I did install the free version.
Avast Free Antivirus v. 11.1.2253

I am able to select a smart scan.
It scans although to resolve any issues, you cannot get past the purchase page for 1,2 or 3 years.
Anything I try just brings up that purchase page.

I was able to only scan for viruses which reported 0 issues
Avast also reported that there are performance issues.
To clean the PC and optimize the computer, it brings me back to the purchase page.

If at first you don't succeed, then sky diving wasn't meant for you!

 

[goombawaho]

Personally, I wouldn't try to remove the malware. I have seen it to be very difficult to remove depending on the type. If your data is gone, might as well start with a fresh install!!

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.

 

[Bluejay07]

Hi goombawaho,

Starting with a fresh install would be your only option if the system was locked up.
As mentioned, my system is not locked up.

Security essentials had detected the presence of this virus although it doesn't appear to be active.

If at first you don't succeed, then sky diving wasn't meant for you!

 

[ChrisHirst]

I am able to select a smart scan.

Don't use "Smart Scan" it is a "feature" that is only available in the 'Premium' or "Internet Security" 'editions'.




Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

 

[2ffat]

You might want to try some of these free scanners from Sophos.

James P. Cottingham
I'm number 1,229!
I'm number 1,229!

 

[Bluejay07]

@Chris,

After examining it and doing a bit more research, I realized some features were only available for the paid version.
It would have been nice to know beforehand, although at least I am now aware of the limitations.

@James,
Thanks for the link. Every scanner is designed and scans slightly differently.
Maybe that software might pick up something the other programs didn't.

Thanks.


If at first you don't succeed, then sky diving wasn't meant for you!

 

[goombawaho]

Could have had the computer reloaded from scratch by now - just sayin'.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.

 

[Bluejay07]

Hi goombawaho,

Not everything is as easy as you might think.
This computer is being accessed remotely and resides on the other side of the country.

Reloading from scratch is not an option in this case.

Also, in many cases, people cannot afford the downtime and the time required to reinstall software and perform all the necessary updates.
Sure it may be a good scenario in some instances, but not all.

If at first you don't succeed, then sky diving wasn't meant for you!

 

[Bluejay07]

Here's an update.

I've had Avast installed for several days and no virus' were detected.
I also ran the scan at different times of the day.

I reinstalled Security Essentials a few days ago and last night the ransom virus was detected (and quarantined) again.

If at first you don't succeed, then sky diving wasn't meant for you!

 

[goombawaho]

So, you either have a false positive by M.S.E. or Avast is missing something real. I know you said "reloading from scratch is not an option in this case", but I would advise you to think about what you will do in a "must reload" situation.

It's like planning for death because it CANNOT be avoided.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.

 

[Bluejay07]

Here's a final update.

Whether goombawaho's assumption of a false positive was correct or not, I'm not sure.
I think this may have been the start of bigger issues.

Other problems such as downloading updates (Windows and MSE) and reboot issues kept occurring.
I was able to keep the system stable in Safe Mode and do needed tasks that way.

The computer was an older refurbished machine so rather than spending a lot more time on it, I replaced it with a brand new computer.
No issues since the replacement.

@goombawaho,
I think the computer's death was not all that far away.

Thanks for all the help and suggestions provided.

Have a great day.

If at first you don't succeed, then sky diving wasn't meant for you!

 

[goombawaho]

Sometimes a computer's death is the BEST news for IT people. It will point out deficiencies in the support system and/or the importance of a given system. Can be used as leverage to show that there is not enough support resources available or at least not close enough to the resource.

Of course, that can lead to the current support people being ousted too......

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.

 

[ChrisHirst]

I think the computer's death was not all that far away.

It's a bit like "man-flu" really, in that sometimes a viral infection is indistinguishable from death being immanent.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

 

[edfair]

Also, in many cases, people cannot afford the downtime and the time required to reinstall software and perform all the necessary updates."

People who can't afford the downtime, re-installs, or updates need to have alternate equipment, fully patched, available to take over the work when things blow up because things blow up. Or in the case of my customers, a fully ready manual system, where all the employees know how to do the work.

Yes, it is expensive. Yes, it takes up space. Yes, it is a PITA to repair the blown system and get it ready as backup for the next time. It has only happened to me 3 or 4 times in the last 20 years but the customers appreciated the fast turnaround when it did.

Ed Fair
Give the wrong symptoms, get the wrong solutions.