0

My PC got attacked by a hets ransom virus. It corrupted my windows and encrypted all the files on my PC, including the original windows image file that came with the laptop. I now understand the importance of keeping the image file safe on an external drive.

So, now my windows is corrupted. Windows update registry (wuauserv) is missing. I tried importing it from my other laptop. But it keep getting deleted again on every restart. Also, Windows Defender is missing. These are the two major components that I know of, that are missing. I am not sure what else has gone wrong. So, I preferred resetting the Windows instead of repairing it. Because I already had lost all my data, so I had nothing left to lose.

But when I reset the windows, the missing components still stay missing. It's like Windows just removes the installed apps and it's not all together a fresh copy of windows. I believe I needed to install windows from the initial image file in this case, but I have lost that as well. What can I do now to get my original windows back?

Adil Malik
  • 111
  • 5
  • Verify whether the ransomware you were infected with is removable (some are) by searching on StackExchange and via Google... I would also update your question with the file extension of the encrypted files. To prevent this in the future, setup and configure Controlled Folder Access in Windows Defender, as this will prevent your user data from being encrypted. As to re-installing Windows, perform a clean install by using the [Windows 10 Media Creator](https://www.microsoft.com/en-us/software-download/windows10), however, do a _full format_ of all connected HDDs before installing Windows. – JW0914 Dec 04 '19 at 12:56
  • Please note, when doing a clean install, you _must_ install the CPU-related drivers _(chipset, IMEI, potentially thermal)_ manually, _before_ running or installing any Windows Updates. Windows Update will install all other component drivers, but it will not install CPU-related drivers, which can be downloaded from the PC manufacturer's website. – JW0914 Dec 04 '19 at 13:04
  • Make and specific model of PC please. – Moab Dec 04 '19 at 19:14

1 Answers1

0

  1. Using a 4 GB (or larger) flash drive, you can make a Windows 10 installer using another, uninfected PC using the Microsoft Windows 10 Media Creation Tool.

  2. Boot from the flash drive and reinstall Windows 10 from scratch. Be sure to delete all existing partitions before starting the install.

I recommend backing up your encrypted files before proceeding with the clean install in case the decryption key becomes available in the future.

Mr Ethernet
  • 4,191
  • 2
  • 16
  • 28
  • It may prove useful to add information on how to securely back up and access the encrypted files, as it's possible the malware would be included in the backup, potentially compromising the system it's accessed on. – JW0914 Dec 04 '19 at 13:01
  • If I create the installer from another PC, how will it preserve the Original Windows copy on my infected PC? Will I have to provide Windows License key during installation? I don't have the key. Because I bought this used laptop 3 years ago and Original Windows came pre-installed in it. – Adil Malik Dec 04 '19 at 13:03
  • @JW0914 Luckily, in my case the data was not so important. It was my secondary laptop. So, I am not worried about the data. I just want my Original Windows back in its original uninfected condition. – Adil Malik Dec 04 '19 at 13:05
  • @AdilMalik Even if you were able to recover the OEM image, it would longer to update it than it would be to simply clean install. If you like having the ability of that backup image, I always recommend creating the same kind of WIM image backup all OEMs use for the OEM image. See the [Imaging Section](https://superuser.com/a/1503102/529800) of that answer for directions on how to create this image once you reinstall Windows, and after installing all software. If your laptop is UEFI & you also want to manually configure the partitions prior to installing, see _Configure Partitions_ section. – JW0914 Dec 04 '19 at 13:14
  • 2
    "How will it preserve the Original Windows copy on my infected PC? " - You won't that copy cannot be trusted. "Will I have to provide Windows License key during installation?" - Windows 10 will automatically detect your license key and activate itself. I have written dozens of answers about the Windows 10 activation status on OEM hardware. I suggest you read up on the process. – Ramhound Dec 04 '19 at 13:17
  • 3
    @Smock - Nope; You are mistaken. My answers on OEM installations of Windows 10 will explain the entire process. – Ramhound Dec 04 '19 at 15:41
  • @Ramhound Ahh yes, my mistake! I'm thinking more of when the motherboard dies you are in trouble without the license key unless you've attached it to a Microsoft account. (Luckily when mine died I still had a record of the original Win7Pro key and Win10Pro upgraded key, so when it wouldn't activate a quick (3 hour) phone call to Microsoft sorted it out - with a new Win10Pro key) – Smock Dec 04 '19 at 16:12
  • @Smock - Author's machine is a Windows 10 OEM machine by the way. – Ramhound Dec 04 '19 at 17:18
  • @Ramhound which surely makes it tricky when reactivating after a hardware change? (if you've not linked it to your MS account and made it a digital license, and you've also not got the activation key) – Smock Dec 04 '19 at 17:32
  • 1
    @Smock - It actually would not. Any hardware change other than a motherboard change would happen automatically. If it's a motherboard change, the new motherboard, comes with it's own license. *It is a trivial process to activate Windows in a case like that.* However, the author is not dealing a hardware change, just a corrupt install of Windows due to malicious software. – Ramhound Dec 04 '19 at 17:35
  • @Smock reactivating Windows 10 would be the easiest part of the entire process. The OP wouldn't even need to do anything. It would happen automatically within seconds of the PC going online again. – Mr Ethernet Dec 04 '19 at 17:44
  • @Ramhound this must be specific to OEM then, as that certainly doesn't match up with my experience for 'retail' motherboard replacement. Interested to hear more about OEM motherboard replacements having their own license too - Is this done by the guarantee/warranty provider or manufacturer or something? *I guess I just would like some further info for an off-shoot of this discussion really (not a specific question) - maybe we should move to chat? any links giving general info on OEM motherboard replacement would be welcome too* – Smock Dec 06 '19 at 13:50