0

I have had a ransomware attack that has only encrypted some files. Is there any way to find the virus and prevent it from encrypting more files?

EdOverflow
  • 1,246
  • 8
  • 21
  • 2
    It can be removed but the damage done by it may or may not be recovered. – defalt Dec 31 '18 at 20:56
  • So, how can I remove it? – Abdo Saied Anwar Dec 31 '18 at 20:57
  • As is true for most host compromises...your best bet is back up the data you have left and re-image the machine. – DarkMatter Dec 31 '18 at 22:08
  • Well the first thing you need to do is pull the plug immediately. – forest Jan 01 '19 at 02:43
  • How can you remove it? It depends on the type of the ransomware. There ate tools created for specific type of ransomware. – Vini7 Jan 01 '19 at 09:37
  • Unfortunately, we are not a malware removal forum. – schroeder Jan 01 '19 at 15:26
  • You may require assistance to remove ransomware from your PC. You can discuss your problem in [chat](https://chat.stackexchange.com/rooms/151/the-dmz). – defalt Jan 01 '19 at 15:41
  • @DarkMatter Can I trust the files that are not encrypted? at least asking about the non-executable files (docs, images, ...etc). And what about the executable files? Is there any guarantee that the virus will not be executed one I try to install the programs? – Abdo Saied Anwar Jan 01 '19 at 18:38

1 Answers1

0

The best way to deal with a ransomware is to take out the plug immediately and remove the hard disk. You should always have a backup of the hard disk. Removing ransomware from a system is not that easy and a tedious task. The best way is to abandon the system and take a back up of all your data.

  • 2
    Why remove the hard disk after you unplug the power? Abandoning the system is not necessary if you can format and reinstall. – schroeder Jan 01 '19 at 15:26