10 months ago
So yesterday my kid got a GandCrab virus on my computer, what should i do to remove it?
If you already know enough to identify it as GandCrab, you also probably have seen the effects. A ransom note, for example. There are currently limited decryption tools available.
Before starting, identify the version of the virus you have.
From Malwarebytes' article:
Version 1 gives the .gdcb extension,
Version 2 and 3 give the .crab extension,
Version 4 gives the .krab extension,
Version 5 gives a randomized 5 letter extension.
If you have version 2 or 3, you are currently out of luck. You can either wait (not using the computer AT ALL) until a decryption tool is available, or chalk it up as a total loss and clean install your OS.
Step One is going to be removing any present active infections using scanning/removal tools. I'd recommend running two: Malwarebytes and Kaspersky Virus Removal Tool. Run one after the other. If both find infections, maybe even run another, such as Comodo Cleaning Essentials.
Step Two is downloading Bitdefender's decryption tool and using it. It can handle V1, V4, and V5. link including information
Step Three is basically postmortem. You may want to try to see what your kid was doing on your computer. While its possible an exploit in Flash or Adobe Reader or something may have been the vector of installation, there is also the potential of this coming from infected emails (in which case, a conversation about spam and email safety is probably in order), or GandCrab is also commonly spread by pirated software sites (sometimes fake ones). Whatever you find, I'd recommend uninstalling Flash (it's losing support, and is a common vector of infections), ensuring your programs are up to date, and double check that you have a good antivirus solution (I like Bitdefender Free right now). Backups are also a good practice so you don't lose important files.
It also wouldn't be a bad idea to change any passwords you used on that computer/accounts that shared those passwords, especially if the original scans found more infections.
I'm a little paranoid, so I'd probably recover what data I could, run virus scans on that data using another device, and then wipe the infected computer. Clean installs are nice anyway.
+1 Nice response.
Pay the 400 dollars to remove it /s
That expensive price makes me wannacry.
I see what you did there.