HitmanPro

October 4, 2013

A day fighting with Ransomeware


In this post I’m gonna explain the basic and common steps to get rid of Ransomeware (well, title explains the what I’m gonna write). You should be thinking from where I got Ransomeware, any bad sites? No, honestly saying I worked really hard to get infected (well that’s odd thing), it was first time for me to search through internet to download virus to get infected. But ultimately somehow I managed to get one. Download reached 100 % and at same instant MSE said it is cleaning viruses. I worked so hard to get that file and MSE removed it, grrr. Anyways, I restored it from quarantine and turned off MSE (turned off its Real Time Protection). The virus MSE detected was Trojan:Win32/Urausy.E. I don’t know why but Ransomeware didn’t install correctly and all I got was a White screen like this:

rgfefgv

OK now its removal part. Ransomeware are very broad, some only infect single user and some even disable Safe mode. First thing you should try is to do a System Restore in Safe mode. See this article for accessing safe mode:
How to start Windows in Safe Mode

Do a Restore to a point where you know your PC was OK. How to do a System Restore:
For XP: http://support.microsoft.com/kb/306084
For Windows Vista, 7, 8: http://windows.microsoft.com/en-IN/windows7/products/features/system-restore
(I know article is for Windows 7, but method is same for others)

Screenshot when I did it:

If System Restore didn’t work then you can use HitmanPro.Kicstart. Since I am doing all this in a Virtual PC and since booting from USB is not supported, I have used HitmanPro.Sidekick (It is used alternate way of booting i.e. booting from CD, you must have Kickstart USB connected for it to work). When I started my virtual PC with Sidekick and Kickstart I got this:

gfghujk

As mentioned in Options, you should first select Option 1, if it doesn’t work then 2 and then 3. After selecting an option your PC will start normally, as if you didn’t use anything. But you will get through ransomeware and will be able to scan your PC with HitmanPro (comes in Kickstart USB). When I ran the scan following result came:

fsdgfxcb

If you got sharp eyes you will notice many things. First is that I hid the name of file found, that’s because I don’t want you to know its name, its not suitable for public view. Second is Ransomeware was found on desktop (although you can see Desktop don’t have any file, because I hid all my files on Desktop by editing this image) and in Temporary Internet Files (yes I use IE 6 because of its vulnerabilities!). Third is that MSE and Security Center are red. If you remember, I have mentioned I turned off MSE, that’s why both are red. Now when the removal process is finished I got screen like this:

trfghj

After all this removal process I restarted my PC, this time without HitmanPro and White screen is gone!

I know I may have failed to explain in understandable words so please feel free to comment if you have anything to ask/say/have feedback, etc.

September 21, 2013

Can I use any other antivirus or Malwarebytes Pro or any other second opinion scanner along with Microsoft Security Essentials?


Well, other antiviruses and/or Malwarebytes Pro and/or any other paid (or trial) software provide Real Time Protection i.e. they work in background and scan your files and network traffic to prevent malwares (just like your antivirus). It is not recommended to have two or more Real Time Protection software running at the same time. They slow down your PC, slow down PC startup, causes system instability, increase PC resource usage, conflict with each other and sometimes even one stop other one from removing a threat, as a result, PC security is decreased (contradictory to what you wanted from two antiviruses).If you want a second opinion scanner then you can install these tools:

  1. Malwarebytes(Free)
  2. SUPERAntispyware(Free)
  3. HitmanPro (Recommended by me over others)
  4. AdwCleaner (Removes Adwares only)

Now question arises – What is the difference between these tools and the paid versions?
The main difference between these and paid ones is the Real Time Protection, these didn’t work in background. Free ones don’t have Real Time Protection (but they will ask you to buy their paid ones, never do that). These tools are considered as good second opinion scanner. If you think your PC is infected or your antivirus detected any malware and you want to be sure about its removal then you have to just open these tools, update them and full scan your PC.

People often complain one thing – I downloaded Free one but Paid one is installed!
It happens when you install their trial paid version (an available option with free software). See solution for this for different products below:
1. Malwarebytes
After you install it, you can see three check boxes, one for Launching it, one for Updating and one for enabling free trial version. Uncheck the one with free trial option (see red ellipse in image below) and click on Finish.

Image

2. SUPERAntiSpyware

After installing SUPERAntiSpyware you will see this window. Click on Decline to use free version, not the trial one.

Image