Some malware makes such profound changes to the operating system of desktop computers, laptops or notebooks that they cannot be repaired even with sophisticated security solutions. The best way to remove the infection is therefore to reformat the system drive and restore pre-saved system image files. In the event of ransomware infection, this is followed by the reconstruction of the data and, if necessary, of user programs from backup copies. In many situations, this procedure is less complex and therefore easier than a complete new installation. At the same time, it is significantly safer than any attempt at clean-up.
However, the method recommended here for eliminating infections requires the availability of up-to-date backups – of your operating system as well as all data and programs. Therefore, I strongly recommend regular data backups. Up-to-date backups are not only an effective prevention against the rampant blackmail attempts with ransomware, but also prevent data loss in case of hardware defects.
If you suspect a malware infection, you should stop working quickly but as usual. Above all: Do not panic!
Turn off the computer.
If you are not an expert, it is best to seek professional advice. After all, eliminating a malicious program can sometimes be a tricky, technically challenging task. The best way to do this is to use a so-called rescue solution, which many antivirus software providers offer for free download. Such solutions are often offered as so-called ISO files, which should be downloaded from another, infection-free computer and burned onto a CD or saved on a USB stick. This provides you with a clean boot medium to start your computer without having to resort to the infected operating system.
After you have inserted the CD or USB stick, switch your computer on again and call up the computer’s firmware (the so-called UEFI or BIOS) immediately after starting up. Select the menu item BOOT and set either the CD drive or the USB port as the first position in the boot sequence – depending on the data carrier on which you have saved the rescue solution. If you now exit the BIOS or UEFI settings via the EXIT-SAVE option, the computer will load the operating system not from the potentially contaminated hard disk, but from the clean CD drive or USB stick.
If not already done: Back up important data. Most rescue solutions have an appropriate tool for this purpose.
Check the PC or laptop with the scan function of the rescue solution.
If the scan has identified a malware, select the option to remove the detected malware in the rescue solution. If this does not work automatically, you may find instructions on the manufacturer’s website using a malware database, which usually describes the recommended procedure for the specific case step by step.
Check all data media again, including the system hard disk, to ensure that the malware has been completely removed. If this is the case, shut down the computer and, after a restart, set your system hard disk to the first boot position as previously described.
If the malware has deleted, encrypted or modified data or programs, you can reconstruct them from backup copies – if available.
Finally, you should now try to get to the bottom of the source of the malware infection.
If only an original data carrier can be used as the source, please inform the manufacturer and your IT service provider. If the malware came to your system via a file or e-mail, you should check whether you know the creator of the file or the sender of the e-mail and notify them if this is the case. If in the meantime you yourself have sent or passed on data from an infected computer, then warn all recipients.