Jump to content


Hunting Down and Killing Ransomware, Mark Russinovich’s Blog

  • Please log in to reply
1 reply to this topic

#1 TheJoker


    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,487 posts

Posted 13 January 2013 - 10:59 AM

Interesting article on Mark Russinovich’s blog on ransomware and some ways to attempt to kill it.

Scareware, a type of malware that mimics antimalware software, has been around for a decade and shows no sign of going away. The goal of scareware is to fool a user into thinking that their computer is heavily infected with malware and the most convenient way to clean the system is to pay for the full version of the scareware software that graciously brought the infection to their attention. I wrote about it back in 2006 in my The Antispyware Conspiracy blog post, and the fake antimalware of today doesn’t look much different than it did back then, often delivered as kits that franchisees can skin with their own logos and themes. There’s even one labeled Sysinternals Antivirus.

A change that’s been occurring in the scareware industry over the last few years is that most scareware today also classifies as ransomware. The examples in my 2006 blog post merely nagged you that your system was infected, but otherwise let you continue to use the computer. Today’s scareware prevents you from running security and diagnostic software at the minimum, and often prevents you from executing any software at all. Without advanced malware cleaning skills, a system infected with ransomware is usable only to give in to the blackmailer’s demands to pay.

In this blog post I describe how different variants of ransomware lock the user out of their computer, how they persist across reboots, and how you can use Sysinternals Autoruns to hunt down and kill most current ransomware variants from an infected system.

Read entire article for more:
Hunting Down and Killing Ransomware

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005

#2 The Dark Knight

The Dark Knight

    The Magician

  • Retired Staff
  • PipPipPipPipPip
  • 2,263 posts

Posted 16 January 2013 - 12:10 AM

A very interesting article indeed.


Over at MBAM recently we have had a surge of ransomware infections, and each one is different. Sure, there are some of the same offending files, but there are also plenty that change. Tools like FRST and CF and MBAR help, but it is refreshing to see someone going head to head with a manual approach for a change.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

Posted Image

Member of UNITE
Support SpywareInfo Forum - click the button