Protection against encoding apps. Part 2

May 22, 2023 Author: korjeek

1. Customize your computer settings.
Starting with Windows Wista, the OS includes a system protection service across all drives, which backs up files and folders during a backup or creation of a system restore point. After installing the OS, this service is enabled only for the system partition, usually drive C. For additional protection, it is recommended to enable this service for all drives.

2. What to do if the files are encrypted.
If an antivirus program is installed on the computer, then in the settings you need to do the following:
– disable automatic removal of detected malware.
– set to place suspicious files in quarantine.
– If you find a suspicious file, the launch of which has led to computer infection and file encryption, you can send it for analysis, for example, to Kaspersky Lab by e-mail [email protected]. Pack the files for analysis into an archive with the infected password (using the WinRar archiver). When setting a password, select the Encrypt file names check box.
– It is necessary to create a copy of all encrypted files.
– You can try to recover files using File History for Windows Vista, Windows 7, Windows 8, Windows 10.
– You can also try using Kaspersky Lab utilities for decryption: RectorDecryptor utility; XoristDecryptor utility; RakhniDecryptor utility.

Before running the utility, be sure to make copies of all files.
– List of places where files of the ransomware can be located:
APPDATA
OS Windows NT/2000/XP:

Drive:Documents and Settings%UserName%Application Data
%USERPROFILE%Local SettingsApplication Data

OS Windows Vista/7/8:

Drive:Users%UserName%AppDataRoaming
%USERPROFILE%AppDataLocal

TEMP (temporary directory)
%TEMP%???????.tmp (example: tempvum35a5.tmp)
%TEMP%???????.tmp?? (example: temp7ze5418.tmpmp)
%TEMP%??????? (example: temppcrdd27)
%WINDIR%Temp

Internet Explorer temporary directory
OS Windows NT/2000/XP: %USERPROFILE%Local SettingsTemporary Internet Files

OS Windows Vista/7/8:

%LOCALAPPDATA%MicrosoftWindowsTemporary Internet Files
..temporary internet filescontent.ie5
..temporary internet filescontent.ie5???????? (? — a-z, 0-9)

Desktop
%UserProfile%Desktop

Recycle Bin
Drive:Recycler
Drive:$Recycle.Bin
Drive:$Recycle.Bins-1-5-21-??????????-??????????-??????????-1000 (? — 0-9)

System directory
%WinDir%
%SystemRoot%system32

User document directory
%USERPROFILE%Мои документы
%USERPROFILE%Мои документыDownloads

Directory for downloading files in a web browser
%USERPROFILE%Downloads

Startup directory
%USERPROFILE%Главное менюПрограммыАвтозагрузка

Leave a Reply

Your email address will not be published. Required fields are marked *

Begin work on your project today
Contact us on Telegram. Ask a question and get a quick response.
or
Message
in Telegram
By clicking the button, you give your consent to the processing of personal data and agree to the privacy policy.