Expletive Deleted, Damn This Ransomware!

Got a call this morning about a computer taken over by a ransomware.

Details:

  • The program is called: Clean This
  • One of the malware is named: gog.exe
  • It hijacks Windows Explorer shell.
  • It runs even under Safe Mode.

What to do:

  • Download ComboFix from Bleeping Computer using other computer.
  • Boot the computer into Safe Mode with Command Prompt.
  • Copy the ComboFix into the Computer whichever way you can.
    I accomplished that by launching Task Manager, then do “New Task (Run…)” to copy and run ComboFix.
  • Don’t worry about Recovery Console for the time being.
  • Let ComboFix do its job.
  • Reboot.
  • Go back to Safe Mode with Networking and run ComboFix again.
  • Reboot to Windows XP in Normal Mode.
  • Start > Run > mrt.exe – and do Full Scan
  • Run whichever anti-virus you have and do full scan.
  • Run Spybot – Search & Destroy to clean up the leftover.

That’s basically what I did.

Leave a Reply