Sunday morning I got infected with the Mandiant Ransomware virus. Got it by stupidly clicking a comments link on YouTube of all places! But my computer was NOT totally locked up.
My computer: a Dell Latitude laptop, running XP Home Version, with Office 2003. I surf using Firefox, exclusively.
I surf the net with a limited authority User account, and have separate Administrator (unlimited) and Guest (also limited) accounts. The virus did NOT activate on boot; it only activated and froze the screen when I accessed my User account. So I was able to go into my Guest account and research the problem.
I found many solutions, both written out step-by-step and on YouTube.
Most of them involved booting in Safe Mode with Command Prompt and deleting two files under the "Users" directory. I could not find a Users directory. My system has "All Users" instead. I think these fixes were designed for Windows 7 systems.
Also, I could NOT find the two suspicious files, anywhere (using Administrator with setting for showing ALL files. They were probably named something else. (???)
I also found a piece of software called Hitman. I downloaded Hitman on my wife's laptop, created a boot thumbdrive, and booted my system from it. The computer started normally. Then I activated my User account, and the virus activated, freezing the screen. The Hitman screen did NOT come up.
I got the impression that Hitman is designed to work with systems that do NOT have various accounts.
So I said what the hell, copied the few data files I had in my User directories, and deleted the whole freaking User account. I then created a new User account.
Voila! No screen freeze,
I then updated and ran Security Essentials, Malwarebytes, and Hitman. All came up clean.
So, did I get rid of the damned virus, or not?
Curious (and fearful) minds want to know.
BTW, all of my Office software now has to be reconfigured to the way I like them, and I lost all of my Firefox bookmarks. I did NOT lose my current emails, since I use Webmail to filter all email prior to downloading into Outlook. I did, unfortunately, lose several years of archived Outlook email (AFAIAC not too much of a problem, actually).
Old Guy in Stanton (Steve)
Here's what happened
Edited by Old Guy in Stanton, 08 October 2013 - 04:15 PM.