I have had a ransomware attack that has only encrypted some files. Is there any way to find the virus and prevent it from encrypting more files?
Asked
Active
Viewed 282 times
0
-
2It can be removed but the damage done by it may or may not be recovered. – defalt Dec 31 '18 at 20:56
-
So, how can I remove it? – Abdo Saied Anwar Dec 31 '18 at 20:57
-
As is true for most host compromises...your best bet is back up the data you have left and re-image the machine. – DarkMatter Dec 31 '18 at 22:08
-
Well the first thing you need to do is pull the plug immediately. – forest Jan 01 '19 at 02:43
-
How can you remove it? It depends on the type of the ransomware. There ate tools created for specific type of ransomware. – Vini7 Jan 01 '19 at 09:37
-
Unfortunately, we are not a malware removal forum. – schroeder Jan 01 '19 at 15:26
-
You may require assistance to remove ransomware from your PC. You can discuss your problem in [chat](https://chat.stackexchange.com/rooms/151/the-dmz). – defalt Jan 01 '19 at 15:41
-
@DarkMatter Can I trust the files that are not encrypted? at least asking about the non-executable files (docs, images, ...etc). And what about the executable files? Is there any guarantee that the virus will not be executed one I try to install the programs? – Abdo Saied Anwar Jan 01 '19 at 18:38
1 Answers
0
The best way to deal with a ransomware is to take out the plug immediately and remove the hard disk. You should always have a backup of the hard disk. Removing ransomware from a system is not that easy and a tedious task. The best way is to abandon the system and take a back up of all your data.
Ritwik Saini
- 1
- 1
-
2Why remove the hard disk after you unplug the power? Abandoning the system is not necessary if you can format and reinstall. – schroeder Jan 01 '19 at 15:26