Neoshnx 0 Posted May 18, 2021 Share Posted May 18, 2021 I've been recently infected by RansomWare (STOP.djvu, the "pcqq" variant), and I've been trying to erase all of it's leftovers, there is one that I can't erase though. And it's this: As you can see, the malware is located on the MBR sector, but I don't know how to erase it. If you need any more information please tell me. I am sorry for my broken English. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,238 Posted May 18, 2021 Administrators Share Posted May 18, 2021 Since the infection is in MBR, fix MBR as per the instructions at https://neosmart.net/wiki/fix-mbr/ for instance. Link to comment Share on other sites More sharing options...
Neoshnx 0 Posted May 21, 2021 Author Share Posted May 21, 2021 I tried doing that, but when I type "bootrec /FixBoot" it says "Access denied". I tried doing it through System Recovery and not through a Recovery USB. Link to comment Share on other sites More sharing options...
itman 1,743 Posted May 21, 2021 Share Posted May 21, 2021 (edited) 5 hours ago, Neoshnx said: I tried doing it through System Recovery and not through a Recovery USB. Per the linked Neosmart article for a Win 10 installation, the MBR repair must be performed from Win 10 installation or recovery drive media: Quote The instructions are: Boot from the original installation DVD (or the recovery USB) At the Welcome screen, click Repair your computer Choose Troubleshoot Choose Command Prompt When the Command Prompt loads, type the following commands: bootrec /FixMbr bootrec /FixBoot bootrec /ScanOs bootrec /RebuildBcd Press Enter after each command and wait for each operation to finish Remove the DVD from the disk tray Type exit Hit Enter Restart your computer and check if Windows 10 can now boot -EDIT- Also according to this article: https://www.pcworld.com/article/3113585/how-to-repair-windows-master-boot-record-and-fix-your-bricked-pc.html , running bootrec /FixMbr should have worked via Win 10 Recovery Environment cmd prompt option. Note: you need to be running from the default local admin account when booting to the recovery environment; not a standard user account. Edited May 21, 2021 by itman Link to comment Share on other sites More sharing options...
Recommended Posts