Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to rescue your PC from ransomware

Eric Geier | Jan. 14, 2014
With the nasty CryptoLocker malware making the rounds--encrypting its victims' files, and then refusing to provide the unlock key unless a payment of $300 is made via Bitcoin or a prepaid cash voucher--ransomware is back in the spotlight.

If you don't see the Repair Your Computer option on the Advanced Boot Options menu, you can use your Windows disc (if you have that) to access the recovery tools. Click Repair your computer on the main menu before proceeding with the installation. Alternatively, you can create a Windows System Repair Disc on another PC running the same Windows version, and then boot to that disc on the infected PC to reach the same recovery tools.

If System Restore doesn't help and you still can't get into Windows to remove the ransomware, try running a virus scanner from a bootable disc or USB drive; some people refer to this approach as an offline virus scan. My favorite bootable scanner is from Bitdefender, but more are available: Avast, AVG, Avira, Kaspersky, Norton, and Sophos all offer antivirus boot-disk software, as we mentioned in PCWorld's recent roundup of the best boot-drive programs.

If you still have no luck after trying Safe Mode and an on-demand scanner, performing a System Restore, and running an offline virus scanner, your last resort is likely to perform a factory restore. Most ransomware isn't that tenacious, however.

Recovering hidden and encrypted files
With that out of the way, it's time to repair the damage. If you're lucky, your PC was infected by malware that didn't encrypt your data, but merely hid your icons, shortcuts, and files.

You can easily show hidden files: Open Computer, press the Alt key, select Tools, and click Folder Options. On the View tab, select Show hidden files, folders, and drives, and then click OK.

If your data reappears after you elect to show hidden files, that's great — it means there's an easy fix for your woes. Open Computer, navigate to C:\Users\, and open the folder of your Windows account name. Then right-click each folder that's hidden, open Properties, uncheck the Hidden attribute, and click OK.  Boom! Done.

If you still can't find your data, and your files really have been malware-encrypted, you're in trouble: Usually it isn't possible to just decrypt or unlock your hostage files, because the decryption key is typically stored on the cybercriminal's server. Some victimized users have reported that some pieces of malware will keep their promise, decrypting and returning your files once you pay (in particular, CryptoLocker's handlers have been diligent about releasing the files of infected users who pay the ransom demand), but I don't recommend paying. 

This is why we constantly tell you to back up your PC on a regular basis.

If you previously set and created backups, scan them for viruses on another PC (one that is not infected) if at all possible. If all of your important files are backed up, you can proceed in removing the malware and then simply restoring your backed-up files.

 

Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.