The 2nd Worst Virus I’ve Ever Seen (and how it was finally fixed)
My neighbor was obviously distressed as he began to explain to me what was happening on his computer.
“I can’t even use my computer. This thing pops up blocking my entire screen. It says it’s from the FBI and that I’ve broken some law and I have to pay a $250 fine. Is this true?”
“No, you probably haven’t. It’s just a virus.” Ha! “Just a virus” hardly begins to describe this abomination. “Don’t you have a virus protector?” He did. Norton.
I went over there to have a look. It was as bad as he said. I had heard of these before- they are commonly called ransomware, and come in two basic types. The first one that simply blocks your screen demanding money informing you that you have broken the law. They claim to be from the FBI, Homeland Security, etc. The second kind not only blocks your screen, but encrypts your files as well so you have no access to them until you pay. The second kind will be discussed in another article. My neighbor had the first kind.
I tried booting into safe mode and doing a system restore going back as far as was feasible. It booted straight back into the ransomware screen.
I did some checking around and found where the files were most likely hidden.
Holding down the off switch until it almost shut down, I was able to get access to the PC, for a few moments at least. Then a pop-up box would come up and begin the shut-down process. I was clicking ‘OK’ and then it would shut down. I tried the ‘Cancel’ button. That did give me access to the PC. I removed the files from the start-up folder and a few other locations.
It rebooted beautifully. Suddenly, Norton came on and informed me it had quarantined some files. Whoop, whoop! I thought I had it all, now.
Wrong answer. I rebooted and there was another screen block, different from the one before. I went through the whole process all over again, both startup folder and hidden files. Norton did not try to help again.
Nothing worked. I managed to get in and backup his critical files. He did not want me to take the Norton off as he had just paid for a year of it. That was a handicapping factor. He did not have a Windows OS restore CD or partition.
I had an AVG boot disk virus cleaner. I used that- it was a bit dated, but not that much. That did not work either.
I tried a bunch of things- so many I literally cannot think of them all. I decided to download the Kaspersky Rescue Disk which can be found here.
You must make it an ISO file whether you create it for a thumb drive or a CD. There are directions on the Kaspersky site. You need to set your computer to boot from whichever method you choose. You can’t run it from inside your infected system as far as I know.
Again this all leads up to one of the most important things you can do for yourself. The feeling of panic is much less if you Backup, Backup, Backup!
If you actually get the one where they encrypt your data, and you have a backup, you can joyfully stick your nose up in the air at them, use the Kaspersky rescue disk, and get a good virus protector/ malware protector installed on your computer and continue to enjoy your life.
For more PC tips, check out the ZookaWare facebook page.