How to remove WannaCry virus from your computer. - technogratis

728x90 AdSpace

Trending

How to remove WannaCry virus from your computer.

Hi friends, In this article, I am sharing with you an important subject about How to remove WannaCry virus from your computer.



WannaCry ransomware is a major ransomware attack that has hit thousands of computer systems across in the world. Follow these steps to remove the virus from your computer.

A few days back, the whole world experienced the wrath of a major ransomware attack called WannaCry. This is one of the largest ever cyber attacks that hit over 100 countries at the same time taking down thousands of computer systems.

There are different types of malware that can affect a computer and these include those that are meant to steal your information and those that just erase all the data on your computer. But ransomware is different. It is a kind of malware that prevents you from accessing your device and data stored on it until a specific amount is paid to the hacker or the creator of the same. Ransomware locks computers and encrypts the data stored on it and also prevents apps and software from running.

Due to the WannaCry ransomware attack, critical infrastructure across the world including airports, police department, banks, telecom networks, and stock markets were affected. Everyone is asked to take necessary precautionary steps to stay safe from the crippling ransomware attack.

Stay safe from ransomware 




First, you need to know how you can stay safe from ransomware. You can do it by following the below-mentioned steps.  

  • Backup your data immediately 
  • Update your system with the recent fix from Microsoft 
  • Update the operating system
  • Clear the suspicious emails and websites 
  • Use a firewall to prevent ransomware from entering your system 
  • Do not open emails with suspicious attachments  
  • Don't pay the hackers


How to remove WannaCry virus from your computer?

Here are a few steps that you need to follow to remove the Wanna Cry ransomware from your system. In order to troubleshoot the issue and remove the Wanna Cry ransomware from your computer, you need to enter the Safe Mode on your system.



Spot the process 

The next step is to spot the process. To do this, you need open the Task Manager by pressing Ctrl + Shift + Esc and go to the processes tab. Here you need to find out for the shady entries from the list of processes. Remember that malicious processes will consume a large amount of CPU and RAM and miss out on the description. On spotting the process that contains the virus, you need to right click on the same and select Open File Location. Then, decent all the contents of the folder than opens. Head back to Task Manager and end the harmful process.



System Configuration Startup Programs 

Go to the Windows search bar and type System Configuration in the Windows search bar and open the first result. Head on to the Startup tab and take a look at the list of startup programs. If there are any shady or unknown programs, uncheck those entries and click OK.



Registry 

The next step is to open the Run window (WinKey + R), type Regedit and hit Enter. Once the Registry Editor opens, press Ctrl + F and type the name of the specific virus. Select Find Next and delete whatever is found with the virus name. The same has to be done with all the search results.



Deleting potential virus files 

Open the Start Menu and type each of the following locations: %AppData% %LocalAppData% %ProgramData% %WinDir% %Temp% separately. Open these folders and sort their contents by the modified date. Now, you need to delete the most recent files and folders. Delete all the contents in the Temp folder.


Block the following IP numbers, websites, and files with the antivirus or firewall

IP Address
  • 16.0.5.10:135
  • 16.0.5.10:49
  • 10.132.0.38:80
  • 1.127.169.36:445
  • 1.34.170.174:445
  • 74.192.131.209:445
  • 72.251.38.86:445
  • 154.52.114.185:445
  • 52.119.18.119:445
  • 203.232.172.210:445
  • 95.133.114.179:445
  • 111.21.235.164:445
  • 199.168.188.178:445
  • 102.51.52.149:445
  • 183.221.171.193:445
  • 92.131.160.60:445
  • 139.200.111.109:445
  • 158.7.250.29:445
  • 81.189.128.43:445
  • 143.71.213.16:445
  • 71.191.195.91:445
  • 34.132.112.54:445
  • 189.191.100.197:445
  • 117.85.163.204:445
  • 165.137.211.151:445
  • 3.193.1.89:445
  • 173.41.236.121:445
  • 217.62.147.116:445
  • 16.124.247.16:445
  • 187.248.193.14:445
  • 42.51.104.34:445
  • 76.222.191.53:445
  • 197.231.221.221:9001
  • 128.31.0.39:9191
  • 149.202.160.69:9001
  • 46.101.166.19:9090
  • 91.121.65.179:9001
  • 2.3.69.209:9001
  • 146.0.32.144:9001
  • 50.7.161.218:9001
  • 217.79.179.177:9001
  • 213.61.66.116:9003
  • 212.47.232.237:9001
  • 81.30.158.223:9001
  • 79.172.193.32:443
  • 38.229.72.16:443


Websites

  • iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com
  • Rphjmrpwmfv6v2e[dot]onion
  • Gx7ekbenv2riucmf[dot]onion
  • 57g7spgrzlojinas[dot]onion
  • xxlvbrloxvriy2c5[dot]onion
  • 76jdd2ir2embyv47[dot]onion
  • cwwnhwhlz52maqm7[dot]onion
Files


  • @Please_Read_Me@.txt
  • @WanaDecryptor@.exe
  • @WanaDecryptor@.exe.lnk
  • Please Read Me!.txt (Older variant)
  • C:\WINDOWS\tasksche.exe
  • C:\WINDOWS\qeriuwjhrf
  • 131181494299235.bat
  • 176641494574290.bat
  • 217201494590800.bat
  • [0-9]{15}.bat #regex
  • !WannaDecryptor!.exe.lnk
  • 00000000.pky
  • 00000000.eky
  • 00000000.res
  • C:\WINDOWS\system32\taskdl.exe
How to remove WannaCry virus from your computer. Reviewed by ASM Design on May 15, 2017 Rating: 5 Hi friends, In this article, I am sharing with you an important subject about How to remove WannaCry virus from your computer. Wa...

No comments: