Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Ransomware 6
- Thread starter dik
- Start date
- Thread starter
- #21
I don't want to antagonise them... it could have been a lot worse, and I've learned an expensive lesson. Never have been struck by a virus in decades, this was a real 'eye opener'. Having three 'connected' backups, in hindsight, was real dumb!
dik said:
Was bitdefender actively running and scanning for threats when the ransomware attack happened? If so, then you would not want to trust it alone for continued detection of this particular threat.
Also try Sophos, Avast, Malwarebytes, etc. These all have free/home versions that can get you going. Also scan for rootkits.
Beware that simply mounting infected drives might continue the infection to new systems. Installed anti-malware tools should monitor disk mounts and execution attempts.
- Thread starter
- #23
No... I closed the barn door after the cow escaped... another screwup...
that's my big concern, right now... If I reformat the infected computer is it possible for it to remain infected? Is there any way to check? The uninfected HDD is not connected to anything right now... I've copied all the backup files to the computer I'm working on and removed it.
I've checked the USB drive that I copied the programs from the desktop of the infected computer, looking for any hidden or system files and there are none. Is it safe to plug the USB stick into an uninfected computer and have something run a virus scan of the USB stick? Is there any way I can be confident there is no malware on the USB stick?
thanks...
that's my big concern, right now... If I reformat the infected computer is it possible for it to remain infected? Is there any way to check? The uninfected HDD is not connected to anything right now... I've copied all the backup files to the computer I'm working on and removed it.
I've checked the USB drive that I copied the programs from the desktop of the infected computer, looking for any hidden or system files and there are none. Is it safe to plug the USB stick into an uninfected computer and have something run a virus scan of the USB stick? Is there any way I can be confident there is no malware on the USB stick?
thanks...
goombawaho
MIS
I think if you scan either a USB stick or a slaved hard drive, you can be comfortable that it is clean. I probably would NOT do that using my main computer with your data on it though. And I also wouldn't have the computer connected to the internet or your network either. I would use a temporary or sacrificial O.S. installation. These crypto-malware attacks are not the high level attacks used by countries (e.g. China hacking into U.S. companies) that use very sophisticated fileless malware that is very persistent.
Link
If you read some of this stuff, you will switch from computer to abacus!
With that said, I would personally do a DISKPART CLEAN DISK operation on any USB devices or hard drives that had been involved in the incident before actually plugging them back into your computer with the data on it.
Link
Link
If you read some of this stuff, you will switch from computer to abacus!
With that said, I would personally do a DISKPART CLEAN DISK operation on any USB devices or hard drives that had been involved in the incident before actually plugging them back into your computer with the data on it.
Link
- Thread starter
- #26
- Thread starter
- #27
Does this command clean the USB and delete any data, or only check and repair?
I copied, what appeared to be unincrypted files, from folders on the infected machine's desktop to a 'clean' USB. The files copied are important and represent a couple of months work. It's these that I want to scan safely to see if there is any infection. I was planning to use one of my laptops to inspect.
Is there an antivirus program that I can use to check a specific drive? or will the antivirus program checi the USB drive after the main drives?
- Thread starter
- #28
I have some files on the encrypted computer that are very important, but are not encrypted. It appears the ransomware virus did not encrypt files and folders on the desktop. Is there a safe way to determine if these are not infected? so I can transfer them to my good machine? If I send them by eMail, is the eMail anti-virus capable of catching any problems? I can do a test of them on a laptop and if the laptop gets infected, I can scrub it...
Dik
Dik
goombawaho
MIS
The DiskPart CLEAN wipes all partitions - like a brand new disk again. If you are paranoid, do this before re-using the disk. I suppose if you were smart, you would NOT plug the infected drive into the laptop with your good data on it in order to do the wipe. Keep good and bad totally separate.
If the files are not encrypted, I don't think they can be infected. In fact even encrypted files are not infected, they are just encrypted. Do you own any paid anti-virus product? If not, you can get a free antivirus product and it can scan the entire computer, but you may have to ask it to scan a USB drive. It depends on the product. Some products, when you plug in a USB device, it will ask if you want to scan it.
I don't know what you mean about "email anti-virus". I suppose some email hosts will scan email for incoming viruses in attachments but I wouldn't count on that being the norm.
I think you are over-worrying. I would get all your data on a clean system. Install anti-virus. Scan all disks and flash drives. Then I would back up my data somewhere for safety. Then nuke the original computer and reload the O.S. Apply all Windows updates and then transfer your data.
If the files are not encrypted, I don't think they can be infected. In fact even encrypted files are not infected, they are just encrypted. Do you own any paid anti-virus product? If not, you can get a free antivirus product and it can scan the entire computer, but you may have to ask it to scan a USB drive. It depends on the product. Some products, when you plug in a USB device, it will ask if you want to scan it.
I don't know what you mean about "email anti-virus". I suppose some email hosts will scan email for incoming viruses in attachments but I wouldn't count on that being the norm.
I think you are over-worrying. I would get all your data on a clean system. Install anti-virus. Scan all disks and flash drives. Then I would back up my data somewhere for safety. Then nuke the original computer and reload the O.S. Apply all Windows updates and then transfer your data.
- Thread starter
- #30
If the files can be 'cleaned' the laptop would only be a test... I would have no difficulty in re-building the laptop; it's just that the files are extremely useful. I'm actually using them on the infected machine; that's how important they are. They still work on the infected rig...
That's what I was hoping. My son has a website and I've sent *.zip copies to him for him to inspect. I have a copy of Bitdefender that's purchased. Is there one that is better? for ransomware?
I was wondering if they had an eMail anti-virus program. When I get the 'clean' files back, I would send them to myself by eMail as a final check of their integrity.
Yup... even for sites that I know are safe... I'm quite concerned. First thing I did after installing the clean HD on my new machine was to back it up. All my computers are up to date with patches...
Thanks, so much.
Dik
Dik,
Just a side note. Your quotes of some other TT members look 'funny'. In the 'Who?' pop-up box you just enter the name of the person you quote, not the text of the quote. Use Preview before posting.
Not a big deal though... ;-)
---- Andy
"Hmm...they have the internet on computers now"--Homer Simpson
Just a side note. Your quotes of some other TT members look 'funny'. In the 'Who?' pop-up box you just enter the name of the person you quote, not the text of the quote. Use Preview before posting.
Not a big deal though... ;-)
---- Andy
"Hmm...they have the internet on computers now"--Homer Simpson
- Thread starter
- #32
I generally just post the quote... no disrespect intended. It's intended to show the comment that I'm replying to and if there is any question about the comment, it's not to identify the poster. A habit from your sister site, "Eng-tips" where I've hung out for over 20 years. I appreciate all the help provided and usually reflect that in the reply.
Thanks for the comment.
Dik
Thanks for the comment.
Dik
- Thread starter
- #33
Just got around to the link... it's great and spooky. I worked with a Chinese engineer 50 years back that used an abacus... I can still hear it rattling. My current calculator uses a motorola 68000 chip... which was a pretty powerful processor back then.
Thanks...
goombawaho
MIS
I think anti-virus is like anything else. It's a matter of which product and a point in time - which product gets updated for a specific threat first. A lot of the infections happen due to unpatched OS, Office, or web browsers. But sometimes, regardless of anti-virus, you can get an infection by simply visiting a site. We're not even talking about opening an attachment or going to a crazy link in an email. In those ArsTechnica articles I read, it seems that quite often they mention that Kaspersky finds the "super secret stealthy malware" of the day. Not a recommendation but just something I have noticed.
- Thread starter
- #35
I've got my uninfected machine up and running, almost as complete as the encrypted one. I've likely lost a couple of files... time will tell. It was purely by accident that I had recently replaced the HDD for a larger one, and still had the old one.
My son has used Linux to 'zero' the infected drive. I'll reformat it on my one laptop, just in case. I'm still a little spooked.
My other son has checked the 'good' files from the encrypted machine with his anti-virus programs and they are clean. You noted that they likely were... he has quite a suite of anti malware programs; he runs a website.
I did a complete backup of my new install last night, and the HDD is not currently connected to the machine. I'll be a lot more careful in future; it could have been a lot worse. Windows defender was the only anti-virus program running at the time. Time to reformat the offending computer and to rebuild. I'll reformat the encrypted SSD's excewpt for the one. I'll send it to my website son, in case an encryption key turns up in the future. I'll look into Kaspersky.
Thanks very much, gentlemen.
My son has used Linux to 'zero' the infected drive. I'll reformat it on my one laptop, just in case. I'm still a little spooked.
My other son has checked the 'good' files from the encrypted machine with his anti-virus programs and they are clean. You noted that they likely were... he has quite a suite of anti malware programs; he runs a website.
I did a complete backup of my new install last night, and the HDD is not currently connected to the machine. I'll be a lot more careful in future; it could have been a lot worse. Windows defender was the only anti-virus program running at the time. Time to reformat the offending computer and to rebuild. I'll reformat the encrypted SSD's excewpt for the one. I'll send it to my website son, in case an encryption key turns up in the future. I'll look into Kaspersky.
Thanks very much, gentlemen.
-
1
- #36
I am glad that you made the good decision and did not pay the villains, because if you paid you would only continue to sponsor their activities. I would never pay, and if I did, it would only be to hunt down the bad guys. Maybe a decade back I had a similar experience. They blocked my user profile on my home Windows PC and extorted money from me to unlock the profile again. But I still had another user profile with administrator rights on the PC, I logged in there, deleted the infected profile and created a new one.
However, this negative experience severely undermined my confidence in the Windows operating system and since there I have switched to Linux on my home PCs. I still use Windows at work, but it's up to my employer to take care of security.
However, this negative experience severely undermined my confidence in the Windows operating system and since there I have switched to Linux on my home PCs. I still use Windows at work, but it's up to my employer to take care of security.
- Thread starter
- #37
spamjim convinced me of the downside... I thought my system was pretty secure. Not the case... and I'll improve things so this won't likely happen in future. I'm currently looking for a method that can 'clone' my system. Something that I can have a HDD copy that will 'create' an identical install on a computer HD that includes the OS and current apps.
Macrium Reflect. Even the free version will do what you need... and should already have been doing.
That's it from me... this thread is already way too long... <snore>
That's it from me... this thread is already way too long... <snore>
-
1
- #39
goombawaho
MIS
Macrium Reflect - That was my suggestion way above. The paid version gets you file/folder backup vs. only image. I swear by it. Create your bootable rescue media on USB and keep it SAFE and labeled.
Yes - too long, but a lot from me. Rebuild system, use A-V (non-windows product), do backup/imaging, don't worry (too much).
Yes - too long, but a lot from me. Rebuild system, use A-V (non-windows product), do backup/imaging, don't worry (too much).
- Thread starter
- #40
- Status