Anticipation of wannacryptor ransomeware virus | The opportunity this time I will share how the handling of the virus that is popular in mei 2017 direct checks:
Program name: Wannacryptor
Type: Computer Virus
Active: April 2017
Spreads Active: May 2017
Purpose: scare the windows user and ask for ransom
Greatness:
Spread via the Internet can be through the file atachment email or via web infected / deliberately placed virus link.
Spread fast in the network.
Many antivirus who can not detect this virus.
Weaknesses:
Do not disable safe mode so you can kill process through safe mode.
It does not infect system restore so that if the process has been killed
the virus file is removed. Then in the restore the victim's pc can
return to normal.
How to handle if already infected:
Enter safe mode
Remove startup virus
Kill process and service virus
Check the next folder to find suspicious files
% TEMP%
% APPDATA%
% ProgramData%
Check the host file, because it can corrupt the same Virus
Location of host: C: \ windows \ System32 \ drivers \ etc Remove host leads to strange website. Edit with notepad
5. Delete the following file name (in the hiden state so show all the files in the menu options folder dihide dihide)
Readme.txt.WCRY
License.txt.WCRY
History.txt.WCRY
! Please Read Me! .txt
! WantDecryptor! .exe
6. Immediately restore to date before infected
7. All files are back to normal
No comments:
Post a Comment