Jump to content

Remedy for screenlockers


Recommended Posts

I just read Malwarebytes’ article on how to combat ransomware. One remedy recommended for a “Screenlocker” attack was to do a full “System Restore … from a USB or CD … to some previous Restore Point”. HOW? If the only thing going on with your PC is a LOCKED SCREEN, how on earth is that PC suddenly capable of reacting to a USB or CD or anything else? Does not make sense.

Link to post
Share on other sites

System backups, and particularly Windows System Restore, makes backups of *settings* periodically.  Normally when you get infected by malware, there has to be some manner in which that malware can run as soon as you boot up and / or log in.  Those are settings that were changed by the Malware that infected you, and reverting to pre-infection settings MAY (but may not) allow you to get to a normal desktop so that you can then run security software to analyze and clean your machine.

The caveat requiring a different device that is not currently attached to your computer is because modern malware developers figure out really quickly that in order to prevent System Restore from giving the user the ability to fight back, they have to poison the existing System Restore repositories as well, so that even performing a System restore from a device connected to the infected machine will not, most likely, remove the settings the malware needs to load on boot / login.

Edited by John L. Galt
Added second paragraph
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.