How to remove Scareware/Ransomware:

 

Scareware/Ransomware are a relatively new type of attack, where a user is tricked into downloading what appears to be an antivirus application, which then proceeds to tell you that your PC is infected with hundreds of viruses, and can only be cleaned if you pay for a full license

 

There are many ways to fix this issue and here is my way.

You need the following 3 items:

 

1 - rKill :   (RKill.com Download Link)

RKill is a program developed at BleepingComputer.com that was originally designed for the use in our malware removal guides. It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.

 

2 – For 32BIT operating systems use combofix   (DownLoad Link)

       For 64BIT operating systems use TDSSKiller  (DownLoad Link)

 

3 -   Malwarebytes' Anti-Malware

 

 http://www.malwarebytes.org/mbam.php

 

 

After being infected by a scareware you will soon realize that none of your desktop icons are working... whenever you click on an item you receive a message that the file you are trying to launch is infected.  Short story you are locked out of your pc.

 

At this point you will need to copy the rkill and combofix/TDSSKiller  files on your desktop.

The only way you can copy these files on to an infected pc is by windows safe mode.

 

How to start pc in SafeMode:

You will need to restart your pc and by pressing the F8 key while the system is booting up.

If you are successful then you will see a menu list and the first item on the list  is indicated by “Safe Mode”.

Use this option to start up the windows.

 

Make sure you copy files listed above on the desktop and remember the position.

Once you have the files in place reboot your system to normal mode and as soon as you see the rkill you will need to double click the file. Don’t wait…

If you take your time then the scareware will take over and you will have to start over.

 

Once you get rkill started you should get a log file showing you information regarding applications that had been blocked by rkill.

You can close this file and proceed with running Combofix  or TDSSKiller.

 

Combofix will prompt a few times with questions..

Yes to the first one and no for the second(Asking you if you want to install recovery console).

After that is smooth sailing until its done.

Restart the system.

 

 

 

What to do if you get a blue screen in safe mode:

 

Short of reformatting your hard drive there is not much else you can do unless you know how to access your drive using DOS.

The only thing you can do if you manage to access your drive using DOS is to manually search for files and delete unwanted or unknown files.

If you are not sure about this please contact pcgrunts 818-968-0400.

 

Any other option is to attache the corrupted drive to working PC and then run security software to detect and remove malware.

 

 

when you get your pc up and running again make sure you install HITMAN

Hitman - the Ultimate tool protecting your pc against scareware attacks

 
 

 

 <<<<<<<<Back