Corrupted windows and lost image file

0

My PC got attacked by a hets ransom virus. It corrupted my windows and encrypted all the files on my PC, including the original windows image file that came with the laptop. I now understand the importance of keeping the image file safe on an external drive.

So, now my windows is corrupted. Windows update registry (wuauserv) is missing. I tried importing it from my other laptop. But it keep getting deleted again on every restart. Also, Windows Defender is missing. These are the two major components that I know of, that are missing. I am not sure what else has gone wrong. So, I preferred resetting the Windows instead of repairing it. Because I already had lost all my data, so I had nothing left to lose.

But when I reset the windows, the missing components still stay missing. It's like Windows just removes the installed apps and it's not all together a fresh copy of windows. I believe I needed to install windows from the initial image file in this case, but I have lost that as well. What can I do now to get my original windows back?

Adil Malik

Posted 2019-12-04T12:50:40.493

Reputation: 101

Verify whether the ransomware you were infected with is removable (some are) by searching on StackExchange and via Google... I would also update your question with the file extension of the encrypted files. To prevent this in the future, setup and configure Controlled Folder Access in Windows Defender, as this will prevent your user data from being encrypted. As to re-installing Windows, perform a clean install by using the Windows 10 Media Creator, however, do a full format of all connected HDDs before installing Windows.

– JW0914 – 2019-12-04T12:56:35.737

Please note, when doing a clean install, you must install the CPU-related drivers (chipset, IMEI, potentially thermal) manually, before running or installing any Windows Updates. Windows Update will install all other component drivers, but it will not install CPU-related drivers, which can be downloaded from the PC manufacturer's website. – JW0914 – 2019-12-04T13:04:39.487

Make and specific model of PC please. – Moab – 2019-12-04T19:14:00.640

Answers

0

  1. Using a 4 GB (or larger) flash drive, you can make a Windows 10 installer using another, uninfected PC using the Microsoft Windows 10 Media Creation Tool.

  2. Boot from the flash drive and reinstall Windows 10 from scratch. Be sure to delete all existing partitions before starting the install.

I recommend backing up your encrypted files before proceeding with the clean install in case the decryption key becomes available in the future.

Mr Ethernet

Posted 2019-12-04T12:50:40.493

Reputation: 3 563

It may prove useful to add information on how to securely back up and access the encrypted files, as it's possible the malware would be included in the backup, potentially compromising the system it's accessed on. – JW0914 – 2019-12-04T13:01:04.990

If I create the installer from another PC, how will it preserve the Original Windows copy on my infected PC? Will I have to provide Windows License key during installation? I don't have the key. Because I bought this used laptop 3 years ago and Original Windows came pre-installed in it. – Adil Malik – 2019-12-04T13:03:21.510

@JW0914 Luckily, in my case the data was not so important. It was my secondary laptop. So, I am not worried about the data. I just want my Original Windows back in its original uninfected condition. – Adil Malik – 2019-12-04T13:05:15.317

@AdilMalik Even if you were able to recover the OEM image, it would longer to update it than it would be to simply clean install. If you like having the ability of that backup image, I always recommend creating the same kind of WIM image backup all OEMs use for the OEM image. See the Imaging Section of that answer for directions on how to create this image once you reinstall Windows, and after installing all software. If your laptop is UEFI & you also want to manually configure the partitions prior to installing, see Configure Partitions section.

– JW0914 – 2019-12-04T13:14:16.240

2"How will it preserve the Original Windows copy on my infected PC? " - You won't that copy cannot be trusted. "Will I have to provide Windows License key during installation?" - Windows 10 will automatically detect your license key and activate itself. I have written dozens of answers about the Windows 10 activation status on OEM hardware. I suggest you read up on the process. – Ramhound – 2019-12-04T13:17:50.857

3@Smock - Nope; You are mistaken. My answers on OEM installations of Windows 10 will explain the entire process. – Ramhound – 2019-12-04T15:41:31.580

@Ramhound Ahh yes, my mistake! I'm thinking more of when the motherboard dies you are in trouble without the license key unless you've attached it to a Microsoft account. (Luckily when mine died I still had a record of the original Win7Pro key and Win10Pro upgraded key, so when it wouldn't activate a quick (3 hour) phone call to Microsoft sorted it out - with a new Win10Pro key) – Smock – 2019-12-04T16:12:55.393

@Smock - Author's machine is a Windows 10 OEM machine by the way. – Ramhound – 2019-12-04T17:18:27.513

@Ramhound which surely makes it tricky when reactivating after a hardware change? (if you've not linked it to your MS account and made it a digital license, and you've also not got the activation key) – Smock – 2019-12-04T17:32:33.367

1@Smock - It actually would not. Any hardware change other than a motherboard change would happen automatically. If it's a motherboard change, the new motherboard, comes with it's own license. It is a trivial process to activate Windows in a case like that. However, the author is not dealing a hardware change, just a corrupt install of Windows due to malicious software. – Ramhound – 2019-12-04T17:35:32.200

@Smock reactivating Windows 10 would be the easiest part of the entire process. The OP wouldn't even need to do anything. It would happen automatically within seconds of the PC going online again. – Mr Ethernet – 2019-12-04T17:44:40.813

@Ramhound this must be specific to OEM then, as that certainly doesn't match up with my experience for 'retail' motherboard replacement. Interested to hear more about OEM motherboard replacements having their own license too - Is this done by the guarantee/warranty provider or manufacturer or something? I guess I just would like some further info for an off-shoot of this discussion really (not a specific question) - maybe we should move to chat? any links giving general info on OEM motherboard replacement would be welcome too – Smock – 2019-12-06T13:50:46.017

Asked: 2019-12-04T12:50:40.493

Viewed: 44 times

Active: 2019-12-04T15:10:10.893