Hi – been properly infected by one of these viruses which encrypts all your files and gives you a ransom demand… Would like to completely refresh my laptop – starting with a blank hard drive. Any tips for making sure its properly wiped, including anything lurking in the MBR? Planning to put Hiren’s boot CD on a USB drive and use one of the drive wiping tools.. Will that do it?

low level format?

Take the opportunity to upgrade to an SSD if you haven’t already? Then scrap the drive.

Prices have come down hugely and speed improvement over traditional disk is huge.

You clearly have backups available so just continue to do those and you’re fine.

wwaswas makes a good case, but if you really want to keep the drive, look up DBAN and see whether that would do the job. An SSD has the added advantage of being much faster than spinning rust.

You could also potentially add it as a second drive on a linux machine and kill the whole thing with shred, but I don’t know whether that would get rid of the boot sector and everything in it. Booting off a linux live CD would do the same thing.

DBAN would be my first choice, closely followed by a power drill and a tube of mastic or expanding foam.

+1 for DBAN

From a linux live cd

dd if=/dev/zero of=/dev/sdX count=1k bs=1k

where /dev/sdX is the device of the drive.

Then just install windows on it. Anything more than this is just making uneeded work for yourself.

Oh, and work out what you did to get the virus in the first place and don’t do it again!

Thanks for the tips. I think a weak password on my vnc did for me..

Thought I had a good backup regime but not sure how much I can get back. Everything was synced with Google drive but as the files got encrypted they were duly updated on drive then nicely downloaded to my other machines so that the encrypted versions are everywhere. Looks like Google allows access to previous versions but only one by one so 10000 photos is going to takes some serious time..

Which ransomware was it? Some had the private keys released the other day, and somebody has subsequently written a decrypter for it.

And also, VNC? Exposed to the internet?

Hang your head in shame…

Which ransomware was it?

Twas some nastiness which calls itself “cerber”.. will google when I have a machine I can trust enough to switch the router back on.. Would be nice to get the pics of my kids back!

And also, VNC? Exposed to the internet? Hang your head in shame…

I know – brought it on myself – who knew “password” isn’t a strong password?? And I tried to blame it on kids downloading minecraft hacks.