Wanna Cry (Wanna Cprypt0r) ransomware spreads at breakneck speed, preventing users from taking action. This is the largest global cyber-attack ever. Once hacked into the computer they will automatically encrypt all data, then require users to pay a $ 300 to redeem.
To prevent WannaCry ransomware from attacking the system, users absolutely must not open links with .hta extension or links with no clear structure, shortened links. So what to do when the computer is infected with WannaCry? Invite you to follow the article below of Download.com.vn:
How to remove WannaCry Ransomware?
To get rid of WannaCry ransomware, you need to do it in Safe Mode. How to turn on Safe Mode on each operating system will be different:
- Windows XP and Windows 7 : Press F8 before Windows starts. On the Boot Menu , select Safe Mode with Networking , and then press Enter.
- Windows 8 and Windows 8.1 : Go to Start Menu> Control Panel> Administrative Tools> System Configuration . Then find and select Safe Boot and select Networking> Restart . Soon the computer will switch to Safe Mode.
- Windows 10 : On the Start Menu> Settings> Update and Security> Recovery . Under Advanced Startup , click Restart Now to restart the computer. When the device allows to choose Choose Option Screen , click on Troubleshoot> Advanced Options> StartupSettings> Enable Safe Mode with Networking Option and press Enter.
Then follow the instructions below to remove WannaCry Ransomware from the computer:
Eliminate the infected process
Right-click on the Taskbar, select Task Manager or press Ctrl + Shift + Esc to open the Task Manager dialog box.
At the Process tab , find the processes running on the computer related to WannaCry. Typically, malicious processes consume system resources. You just need to look at the CPU, Memory field to see which process is abnormal, right-click, select Open the File , and then delete everything related to the folder.
The programs launch
Type the keyword System Configuration into the search box, then click on the first result. Those who are using Windows 10 can see startup programs right in the Startup tab of Task Manager. Then, check to see if any program has a strange developer name, if in doubt, click it, select Disable.
Registry
Press the Windows + R key combination to open the Run dialog box . Then type the keyword regedit in the Open box and click OK.
When the Registry Editor window appears, press Ctrl + F and type the name of the virus. Then, delete all related names and select Find Next to find the next results. According to Kaspersky Lab security firm, the following viruses are related to WannaCry:
- Trojan-Ransom.Win32.Scatter.uf.
- Trojan-Ransom.Win32.Scatter.tr.
- Trojan-Ransom.Win32.Fury.fr.
- Trojan-Ransom.Win32.Gen.djd.
- Trojan-Ransom.Win32.Wanna.b.
- Trojan-Ransom.Win32.Wanna.c.
- Trojan-Ransom.Win32.Wanna.d.
- Trojan-Ransom.Win32.Wanna.f.
- Trojan-Ransom.Win32.Zapchast.i.
- Trojan.Win64.EquationDrug.gen.
- Trojan.Win32.Generic.
Virus infected files
Finally, type each of the following options:% AppData%,% LocalAppData%,% ProgramData%,% WinDir%,% Temp% in the search bar. When searching will appear a folder, you just need to click on it, then filter by time and delete the most recent directory, file. In the Temp folder, you can delete everything in it.
Hopefully this article will help you get rid of the WannaCry malware that has been driving the community for the past few days!
I wish you successful implementation!