Jump to content

Victim of .qewe ransomware

Recommended Posts

Hold on.   There is another way to go about a clean rebuild.   You will need a clean USB of at least 8 GB  storage space.

and to boot the machine off of that USB ....that is, after that USB has been used to create a Windows Media Creation tool output   ( media that is the source for installing new Windows 10).

Hold on  I will dig up the how-to.

Do you have a USB of at least 8 GB?

Link to post
Share on other sites

You will need to use the Clean computer to make the Media Creation tool    ( for the formatting, downloading & the creation)

Please remember, before inserting the USB into any machine to 1st,  press and hold the SHIFT -key down on keyboard before inserting it in ....on any of your machine.

We need to take that USB-drive to the clean machine.   Press SHIFT key & hold it before and during insertion of the USB-flash.

Then we need to Reformat the USB.   Start the Windows Explorer  & look for the usb drive.

right click on it direct and select Format. Quick option.


This  plan is to essentially rebuild the whole operating system.
You will need a separate USB-thumb drive   ( a new one is best )
It needs to be at least 8 GB in storage capacity.
The Media Creation tool will be used to make a Windows 10 installation  media source.  The stuff will come from Microsoft.
Afterwards, you will set the BIOS on this system to be set to boot from USB.
You would then reboot  the machine  once after you have that built-up USB inserted.
You would then follow a set of directions.
1   Get a new USB   and make the "Media Creation tool".
The link for this tool is at the page cited below.
You will pick 'Create installation media for another pc"
Next, you will select "USB flash drive "
When completed, and the run was good,  the USB  will have all that is needed to do a clean new fresh setup of Windows 10.
Keep that USB safe.
This link ( the top of it ) is a good guide  https://www.thewindowsclub.com/windows-10-media-creation-tool-create-installation-media-upgrade 


In this current situation, you want to select the "Create media for another pc"

and during the rebuild process on the infected-machine, you want to NOT keep any files   ( from the old Windows).

This means no user files & documents & you will need to reinstall all your user programs.



2.  You need to research on computer-manufacturer  Support site for the proper keyboard function key that needs to be used at machine startup  so you can adjust the BIOS device-boot-startup sequence  option.
It needs to be adjusted so that it boots from the USB connection first.
One other note by the way, do not start the actual new-install process until you are well rested and have a block of quiet time.



Link to post
Share on other sites

Sorry for being ambiguous.

I have installed windows.

Downloaded an AV solution. Performed Windows Updates. Started to download drivers (it is a gaming laptop). 

Starting to populate it :)

I think this thread can be marked as Fixed.



Even though those 2 days could be resumed to just a simple windows reinstall, still i am very gratefull for your support. I learned a few new things and you assisted me during the procedures and helped me! So, Thank you, again!

Link to post
Share on other sites

You are welcome for the help.  I do believe you should do a new report run with FRST64  for my review.   That is one thing.  


1: Please download FRST64 from the link below and save it to your desktop:

"Download link for 64-Bit Version Windows"

Please wait and look toward the top or bottom of your browser for the option to Run or Save.
Click Save to save the file to the Downloads folder

Run report with FRST64

Right-click on FRST64 icon and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.

Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen.


Click YES when prompted by Windows U A C prompt to allow it to run.
Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.

Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).
Press Scan button and wait.



The tool will produce 2  logfiles on your desktop: FRST.txt , Addition.txt 
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.


Thank you.

Link to post
Share on other sites

P.S.  Windows 10 comes pre-built with a free & excellent antivirus.  The Windows Defender antivirus.   There was not a need to get some other antivirus.

you should though have the Premium Malwarebytes for Windows to have real-time protections, including the anti-ransomware.

Link to post
Share on other sites

Thanks for the reports.  This needs to have the Windows System Restore service to be set to ON.   Be sure it is ENABLED.

See  https://www.tenforums.com/tutorials/99782-enable-disable-system-restore-windows.html


Then do one Create System Restore point.



Also, now is a good time to make a full image backup of this setup to offline storage media.    Backup is your best friend.

AND save and keep safe the USB with the Media Creation tool.  It can be used as a lifesaver.


Backup is your best friend.  Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Free games & free programs are like "candy". We do not accept them from "strangers".

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

Do a Windows Update.

Make certain that Automatic Updates is enabled.

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"


I am glad to see that this Windows 10 has the current release Build for Windows 10.   You did well here.

Please stay safe.   I wish you all the best.





Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you



Link to post
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.