We see in this post several tools that become a real salvation when your computer is hit by a rather powerful virus of which I will tell the story. My father, not at all an expert in computer science but not too naive, one day he turned on the computer and had a bad surprise.
The desktop screen had gone completely black, the icons almost all disappeared, the start menu half empty, the document folder was also empty.
The disturbing window appears on the desktop with a very clear message: all the files in the documents have been encrypted and to read them again I have to pay 500 Euros and receive the decryption key.
This is the Cryptolocker virus, which locks and takes PC files hostage.
The guide that follows certainly goes to remove this virus and also applies to other famous malware that takes hostage the PC and the files inside it such as those of the Postal Police, Cryptolocker or fake antivirus or programs like SMART Check HDD Data Recovery .
READ ALSO: Prevent viruses by blocking the installation and unauthorized execution of programs
These Malware Ransomware have a disruptive effect, at least at first glance: everything disappears on the PC and you can hardly do anything except surf the internet; pity that the navigation is always redirected to clearly harmful sites.
This is the typical fake program that takes the machine hostage and has the purpose of making you pay for the purchase of the software.
This is an example of a Rougueware virus, explained in the guide on the types of malware and the differences between Trojans, Worms and Viruses, which can be presented as a fake antivirus or as a tool to optimize and repair your computer or hard disk.
None of the reported problems are real, they are used only to scare the user and lead him to purchase the SMART antivirus, thus stealing the credit card data.
The normal antivirus installed on the computer tries to clean up the machine from infections but fails.
Cleaning in fact fails when Windows restarts because the rootkit automatically recreates all the files that the antivirus had deleted.
Since there is no specific removal tool for almost any of these malware and certainly there is no SMART virus, I recommend reading or keeping this guide that contains the links to download several fundamental tools to free the PC from this but also from many other types of malware that appear to be immune to normal antivirus scans .
To remove a virus of this type, which is based on a visible program, there are three things to do:
- Stop the malicious program and any processes related to it;
- Scan with an antimalware
- Remove the effects of the virus (not always possible).
First of all, we need to calm down for a moment: in no case should we buy this fake antivirus that holds the PC hostage and, above all, no files have been deleted.
The files are no longer visible because they have been hidden by the virus .
The steps of removing the SMART virus, in addition to solving the problem in a clean way, are also very interesting for learning how to reason with malware.
1) Remove all floppy disks, CDs and DVDs, and restart your computer in Safe Mode with Networking by pressing F8 on the initial black screen, before the Windows logo appears.
In the boot menu options screen, use the arrow keys to highlight Safe Mode with Networking and then press ENTER.
Then log on to Windows with an administrator user account.
2) Remove (if any) the SMART proxy server .
SMART Virus can add a proxy server that prevents the user from accessing the Internet or browsing without redirects.
To remove the proxy, open Internet Explorer, enter the internet options (Iin IE9 from the gear icon at the top right) and, in the connections tab, press the LAN Settings button.
Where Server Proxy is written, check that the square is not flagged and delete whatever is written in the address field.
3) Stop the virus or close any process related to malware or Cryptolocker.
To stop the execution of the malware, go to the Internet from Safe Mode with Networking and download a tool called Bleeping Computer's RKill .
RKill is a program that tries to terminate all the malicious processes that the antivirus cannot stop.
This important tool is valid for any type of infection and is like an automatic task manager that automatically recognizes any harmful or at least doubtful and non-Windows related process to end it.
With RKill you can be sure that the virus is no longer running (it is still on the computer so you don't have to restart your pc now).
To use RKill just double click on the executable file icon.
If SMART Checker displays an error related to RKill, ignore it leaving the warning on the screen and run RKill again.
If you are unable to run RKill because it is blocked by the virus, you can download another version with a different name, from the bleeping Computer download page.
When RKill has completed its task, a text file is displayed indicating the success of the operation.
4) Without restarting the PC and remaining in safe mode, you can reopen the browser and download Malware Bytes Antimalware free version .
Follow the installation and update procedure of the antimalware without making changes, rejecting the trial period of the full version and without ever restarting the PC, even if required.
From Malware Bytes, in the SCanner tab, perform a complete scan of the computer (not the fast one).
Then wait for the scan to finish, press OK make sure that each virus found is selected with the cross and remove everything.
Malwarebytes Anti-Malware will now ask you to restart your pc to clean the infections and, this time, consent to the request.
5) The computer can now be used in normal mode and should be virus free even if the icons and files are not yet visible.
It is highly recommended, however, to check and check if the PC is truly free from the SMART VIrus, by downloading the Hitman Pro antivirus.
Hitman Pro can has the ability to be able to be started in forced mode ( Force Breach ) which terminates all active processes, including any malware.
Then run the scan on the disk and, if other viruses are found, remove them by activating the free 30-day license and restarting the PC if required.
6) Bring back files and folders that had disappeared .
SMART Virus modifies the file system so that all files and folders are hidden.
To restore the default settings of Windows, and eliminate the effects of the virus, there are two small alternative tools.
You can download Unhide or Tweaking.com Unhide Non System Files to make all files and folders visible again.
If the former does not discover all the files, launch the latter as well.
These tools are simple and automatic, the only thing to do and launch them.
As for Cryptolocker, however, the files made illegible can no longer be recovered.
Refer to this article on how to recover files locked by Cryptolocker without paying the ransom .
7) Restore the links and remove any residual registry keys created by the virus .
SMART Virus has moved the shortcut files to the temporary Internet folder and has added some registry keys that are harmful to the installation of Windows and has changed the desktop background.
To restore the files and to get everything back as before, you must finally download RogueKiller, the best program to eliminate fake antivirus .
Even with RogueKiller, start the scan and then delete the malicious registry keys that are found, restore the links ( Shortcuts Fix ) and perform all the other cleaning actions.
If the Windows desktop screen remains black, go to the screen settings from the Control Panel and select the default theme or another of your choice.
8) Restore locked links on the taskbar and other missing icons .
This terrible SMART virus has moved system tray items and other Start menu icons and shortcuts to a temporary folder called 'smtmp'.
To bring them back to their original position, (so as to find all the programs) download and run the Repair Missing Start Menu Icons Removed By Infections tool.
That's all then, summarizing : Safe Mode -> Remove Proxy -> Rkill to stop the virus -> Malware Bytes to scan and clean -> Hitman Pro for a confirmation check -> Unhide to make the files and files reappear Windows folders -> RogueKiller to eliminate residues and restore shortcuts and desktops -> Repair Missing Icons to return the programs visible in the Start menu.
Hoping it should never serve you, I recommend saving this guide so that you are always ready if necessary.
