Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
RansomOff vs Ransomware
Message
<blockquote data-quote="HeiDef" data-source="post: 784659" data-attributes="member: 60542"><p>RO recommends a reboot if it detects that a system process was injected. The only way to fully clear the infection is to kill the system process (which can be bad itself) or to reboot. It would not have fixed that issue at the end. That piece of ransomware screws with some registry settings to change default file actions for a variety of file types (shortcuts being one of them which is why they all turned blank). The latest RO update adds protection against that kind of damage and will restore some of the modified values.</p><p></p><p></p><p></p><p>For executables that are loaded in memory, you can't modify the file on disk. You can rename the file and recreate a new one named the exact same thing but it won't have any impact on the processes that are currently using that file. And for system files especially, due to caching probably won't have any impact to new processes that also use that file (it will just use the cached copy). Now, when the system reboots and the original file was renamed and there is a new file in its place or none at all then that will cause all sort of problems. So still plenty of ways to cause havoc without actually having to encrypt.</p></blockquote><p></p>
[QUOTE="HeiDef, post: 784659, member: 60542"] RO recommends a reboot if it detects that a system process was injected. The only way to fully clear the infection is to kill the system process (which can be bad itself) or to reboot. It would not have fixed that issue at the end. That piece of ransomware screws with some registry settings to change default file actions for a variety of file types (shortcuts being one of them which is why they all turned blank). The latest RO update adds protection against that kind of damage and will restore some of the modified values. For executables that are loaded in memory, you can't modify the file on disk. You can rename the file and recreate a new one named the exact same thing but it won't have any impact on the processes that are currently using that file. And for system files especially, due to caching probably won't have any impact to new processes that also use that file (it will just use the cached copy). Now, when the system reboots and the original file was renamed and there is a new file in its place or none at all then that will cause all sort of problems. So still plenty of ways to cause havoc without actually having to encrypt. [/QUOTE]
Insert quotes…
Verification
Post reply
Top