Ransomware

Hi, I got hit by a ransomware software on a contaminate USB drive from work. My home computer was infected. Files were encrypted. Will reformatting and re-installing Win 10 remove all traces of the ransomware program. Will the infected files still contained the ransomware software and be able to re-installed itself and infect my files again. I didn’t get good info on-line.
Thanks,Wayne

If you delete the partition and reformat the hard drive on your machine when you install windows 10 then you should have a clean operating system with no ransomware on it. All that will be on the machine at that point is Windows 10 and all personal files will be gone. However, if the infected files are on the USB drive then it is my opinion that your machine will be reinfected when you reinsert the USB drive into the machine.

Will the ransomware installed itself in other partitions or hard drives in my computer when this happens so it can re-install itself again when I do what you propose. I want to make sure this virus is gone completely from my computer. I have multiple hard drives in my computer. This is my first encounter with this attack, I don’t want to leave any chance of this virus still lurking in my computer. Do you know if the encrypted files will do further harm to my other files the ransomware did not encrypted? (ie. encrypted files will not attack my other files) Thanks for your quick reply,Wayne

In the majority of cases the ransomware will only encrypt your documents and photos and the person will demand a ransom to provide you with the key to unlock the files. Other times they simply take the money and run leaving you with a machine that has a bunch of encrypted files on it that can’t be accessed. Normally the encrypted files won’t do additional harm as long as they were simply data files on the machine. You say you have multiple drives on your computer. What is stored on the additional drives? Before you do anything I would suggest that you get a backup program like ToDo Backup from EaseUS or Backupper from Aoemi, or Macrium Reflect and create a emergency rescue disk. Then boot your machine up from the rescue disk and make a partition backup of all the drives on your machine. That way you can always restore you machine back to the state it is in now. Each of these backup programs are free so you won’t be out any money.

No problem running my computer. I did a immediate shut down of my computer when I noticed my computer was running funny. Basically, files you mention as well work related. The stuff encrypted have back-up, or stuff not back-up not vital. I just want to make sure that this virus is gone from my computer so I won’t worry it will continue to do its nasty deed. I don’t have time to transfer the encrypted files to new hard drives. I want to check every file folders to see if any files was not touched. So, you are saying it is safe to use the hard drives presently installed or do I need to remove them. As well, there are software programs saved in one of the hard drive. Some of them was encrypted and most of them was not. I can get replacement from work. So, no worries.

There was some trigger that started the ransomware program running. As long as that program was on drive C then you would most likely be okay. Of course you would have to locate the encrypted files on the other drives and delete them. The only way to be 100% sure that you cleared out all of the corrupt files would be to format all of the hard drives and start over. However, what do you have to lose by formatting drive C and reinstalling Windows 10? If the ransomware returns then you know for sure that you have to format all of the drives.

I do partition backups every week to prevent this type of occurrence from happening. My backups are automated and run every Wednesday. I store 5 backups so basically I can restore my machine to 5 earlier slices in time if I need to. It takes about 15 minutes to restore a backup and have my machine back just like it was. I use a program called True Image which isn’t free, but it does an outstanding job.

You can simply instruct your machine to restore windows 10 and delete all of the extra files which makes the entire reconstruction fairly simple. Here is a link that describes the process https://www.easeus.com/todo-backup-resource/reinstall-windows-10-without-cd.html. Good Luck.

I would use bootable antivirus software running from USB flash drive to scan all the drives before doing any OS installation.

I do not know anything about Windows 10, yet.

But I know that in some of the earlier versions of Windows, deleting a partition does not actually delete it.
It just removes the pointer to the data and if you then recreate a partition of the same size, it just goes back to the original partition.

Similarly, with some earlier versions of Windows, if you reformat the drive, it defaults to a “Quick Format” which simply re-writes pointers in the file table and the data is still there in bits and pieces.

So, based on those experiences, I would recommend a Full Format which usually requires the OS installation disc to perform. Alternately, you could do a single pass erase with a program like Parted Magic https://partedmagic.com/ which activates the drive’s built-in single bit overwrite to all 0’s and then do a format command which will re-format the drive.

Just sharing some thoughts.
HTH

Thanks for all the advise. I did multiple partition deletion and formatting and re-installing Win 10. It appears the ransomware virus is gone. All my file so far is secure and untouched. If there is any change ,I will provide update