How to Fix Wanna Cry Ransomware

Wanna Cry will root your system and install a persistent hidden service that creates a GIBBERISH file name. This file can be deleted but it is automatically recreated. First clean the system with a program such as malwarebytes: https://www.malwarebytes.com/mwb-download. After cleaning the system some file fragments are left over. Next open the gibberish file in notepad or similiar and make a note of it’s name. Delete most of the gibberish code and save it. This has damaged the malware. Now search the registry for this file name and delete all reg entries to this files. Reboot the computer. Now delete the file(s)/folder and it should stay deleted. Run windows update and install all patches. Reboot and double check your system. It should be clean. Restore files from backup drive/tape/NAS or VSS if your shadow copy was on. Search for any .encrypted files and delete them (I do this after restoring from backup so I make sure all original files were restored or which original files were lost – helps to keep track of data loss).

If you still need help, call 314-276-2597.

mpasatieri posted at 2017-5-15 Category: General News