PCPartPicker

  • Log In
  • Register

Forum Search

Guidelines

  • Be respectful to others
  • No spam
  • No NSFW content
  • No piracy or key resellers
  • No link shorteners
  • Offensive content will be removed

Topic

EimantasArm 24 days ago

So yesterday my kid got a GandCrab virus on my computer, what should i do to remove it?

Comments Sorted by:

TheShadowGuy 10 points 24 days ago

If you already know enough to identify it as GandCrab, you also probably have seen the effects. A ransom note, for example. There are currently limited decryption tools available.

Before starting, identify the version of the virus you have. From Malwarebytes' article: Version 1 gives the .gdcb extension, Version 2 and 3 give the .crab extension, Version 4 gives the .krab extension, Version 5 gives a randomized 5 letter extension.

If you have version 2 or 3, you are currently out of luck. You can either wait (not using the computer AT ALL) until a decryption tool is available, or chalk it up as a total loss and clean install your OS.

Step One is going to be removing any present active infections using scanning/removal tools. I'd recommend running two: Malwarebytes and Kaspersky Virus Removal Tool. Run one after the other. If both find infections, maybe even run another, such as Comodo Cleaning Essentials.

Step Two is downloading Bitdefender's decryption tool and using it. It can handle V1, V4, and V5. link including information

Step Three is basically postmortem. You may want to try to see what your kid was doing on your computer. While its possible an exploit in Flash or Adobe Reader or something may have been the vector of installation, there is also the potential of this coming from infected emails (in which case, a conversation about spam and email safety is probably in order), or GandCrab is also commonly spread by pirated software sites (sometimes fake ones). Whatever you find, I'd recommend uninstalling Flash (it's losing support, and is a common vector of infections), ensuring your programs are up to date, and double check that you have a good antivirus solution (I like Bitdefender Free right now). Backups are also a good practice so you don't lose important files.

It also wouldn't be a bad idea to change any passwords you used on that computer/accounts that shared those passwords, especially if the original scans found more infections.

I'm a little paranoid, so I'd probably recover what data I could, run virus scans on that data using another device, and then wipe the infected computer. Clean installs are nice anyway.

EimantasArm submitter 1 point 24 days ago

Thank you!

m52nickerson 1 Build 1 point 23 days ago

+1 Nice response.

Granddy 1 point 22 days ago

Pay the 400 dollars to remove it /s

ssjg5rlly 2 points 9 days ago

That expensive price makes me wannacry.

Ice44 1 Build 1 point 18 hours ago

I see what you did there.