Yesterday, my mom sent me a screenshot of her laptop that displayed warnings from Windows Defender about a malware infection. A bit later, she messaged me again, saying Defender was disabled as of February 22nd. I quickly looked up how to perform an offline scan with Defender and sent her the main steps. She followed my instructions well, and the laptop rebooted successfully. I thought running the offline scan would help since it operates outside of Windows, and, ideally, wouldn't be affected by any malware. However, once she logged back into Windows, we discovered that files on the laptop had been encrypted. I advised her to shut down the laptop and planned to check it out later using a Hiren's USB. Now I'm worried about the situation and wondering if there was anything I could have done differently or better to avoid this outcome.
5 Answers
Reinstalling Windows from a USB stick is usually the best move after a malware infection. It gives you a fresh start and clears out any lingering problems.
Make sure to explore what you can recover from OneDrive if any files were synced there. It might save you some important data.
Check out No More Ransom for any potential solutions that might help you unlock those encrypted files. You never know!
Honestly, you didn’t do anything wrong. That offline scan might have triggered some responses from the ransomware. After Defender was disabled, it was pretty much a losing game. The best case would’ve been to shut down quickly and use recovery tools as you’re doing now. Good luck!
It seems like the damage was likely done before the offline scan could even start. Once Defender was disabled, the ransomware probably had free reign. Not much could've been done at that point.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures