In this post I’m gonna explain the basic and common steps to get rid of Ransomeware (well, title explains the what I’m gonna write). You should be thinking from where I got Ransomeware, any bad sites? No, honestly saying I worked really hard to get infected (well that’s odd thing), it was first time for me to search through internet to download virus to get infected. But ultimately somehow I managed to get one. Download reached 100 % and at same instant MSE said it is cleaning viruses. I worked so hard to get that file and MSE removed it, grrr. Anyways, I restored it from quarantine and turned off MSE (turned off its Real Time Protection). The virus MSE detected was Trojan:Win32/Urausy.E. I don’t know why but Ransomeware didn’t install correctly and all I got was a White screen like this:
OK now its removal part. Ransomeware are very broad, some only infect single user and some even disable Safe mode. First thing you should try is to do a System Restore in Safe mode. See this article for accessing safe mode:
How to start Windows in Safe Mode
Do a Restore to a point where you know your PC was OK. How to do a System Restore:
For XP: http://support.microsoft.com/kb/306084
For Windows Vista, 7, 8: http://windows.microsoft.com/en-IN/windows7/products/features/system-restore
(I know article is for Windows 7, but method is same for others)
Screenshot when I did it:
If System Restore didn’t work then you can use HitmanPro.Kicstart. Since I am doing all this in a Virtual PC and since booting from USB is not supported, I have used HitmanPro.Sidekick (It is used alternate way of booting i.e. booting from CD, you must have Kickstart USB connected for it to work). When I started my virtual PC with Sidekick and Kickstart I got this:
As mentioned in Options, you should first select Option 1, if it doesn’t work then 2 and then 3. After selecting an option your PC will start normally, as if you didn’t use anything. But you will get through ransomeware and will be able to scan your PC with HitmanPro (comes in Kickstart USB). When I ran the scan following result came:
If you got sharp eyes you will notice many things. First is that I hid the name of file found, that’s because I don’t want you to know its name, its not suitable for public view. Second is Ransomeware was found on desktop (although you can see Desktop don’t have any file, because I hid all my files on Desktop by editing this image) and in Temporary Internet Files (yes I use IE 6 because of its vulnerabilities!). Third is that MSE and Security Center are red. If you remember, I have mentioned I turned off MSE, that’s why both are red. Now when the removal process is finished I got screen like this:
After all this removal process I restarted my PC, this time without HitmanPro and White screen is gone!
I know I may have failed to explain in understandable words so please feel free to comment if you have anything to ask/say/have feedback, etc.