No, I will not fix your computer

If you suspect you are infected with Crypto malware (Cryptowall, Cryptolocker, TeslaCrypt, etc) DO NOT follow this guide!

This guide is heavily based on a Reddit post by: /u/cuddlychops06. I have reviewed it and given it two thumbs up!

Purpose & Scope of this Guide:

This guide is designed to assist you in removing malware from an infected system that successfully boots. If you perform the following steps exactly as described, this will solve your problem in over 90% of scenarios. That said, not all malware is created equal, and there will be times that this guide fails in removing malware. It is recommended to only accept advice from a “Trusted” technician. (W0HC is a CompTIA A+ Certified Technician). This guide is written in layman’s terms so that most people will be able to understand it with ease.

Disclaimer:

The following instructions are recommendations only. You take full responsibility for any steps you choose to perform on your computer. While the following recommendations are performed without issue on countless machines, there is always a risk of damaging your Operating System or experiencing data loss on any machine. It is solely YOUR responsibility to save all work and back up any and all important data on your system before proceeding. Also note that once a computer has been compromised with malware, it should not be considered clean until a complete reformat has taken place.

Malware Remediation Steps:

Before proceeding, go into your browser’s extensions and remove all suspicious items. Also go into your browser’s settings and remove any default search providers and unusual homepages. If you are unsure how to do this, proceed to Step 1.

Download and run the following tools in this order. Run all tools unless otherwise instructed. All tools should be run in Normal Mode (not Safe Mode) unless you are unable to boot Normal Mode, or the scans fail in Normal Mode. All tools must be run under an Administrator account. Do not remove any tool-generated logs in the event a helper needs you to post them to further assist you.

1) Run rkill.com. Sometimes it takes a few minutes to finish. Do not reboot when done.

  • Kills running malicious processes
  • Removes policies in the registry that prevent normal OS operation
  • Repairs file extension hijacks

2) Download an updated copy Malwarebytes Anti-Malware. Turn on the “Scan for Rootkits” option.

Then, run a “Threat Scan”

 

  • Successfully removes the vast majority of infections
  • Has an industry-leading built-in rootkit/bootkit scanning engine
  • Has built-in repair tools to fix damage done by malware

3) Run ADWCleaner using the “Scan” option. Then press “Cleaning” when finished and allow it to reboot your system.

  • Removes majority of adware, PuPs, Toolbars, and Browser hijacks
  • Fixes proxy settings changed by malware
  • Removes certain non-default browser settings

4) Run Junkware Removal Tool and allow it to finish. Reboot your computer upon completion.

  • Removes adware, PuPs, Toolbars, and Browser hijacks other tools miss
  • Good at removing unneeded AppData directories left behind by infections

 

Optional, Advanced Step (only run if previous tools fail to solve problem):

5) Run RogueKiller

  • Hereis what RogueKiller can do:

Please note: If malware has prohibited you from browsing the web or downloading files, you can try running the NetAdapter Repair Tool with all options checked which will attempt to restore your internet connection & default browser settings. You may have to download these tools on another computer and move them to a flash drive that you can plug into the infected machine.

If you have run all of the above tools successfully, you should be malware-free.

Follow-up Steps (highly recommended):

  • Using a computer that has not been infected, change passwords to all your online accounts.
  • Consider enabling two-factor authentication on supported apps & sites.
  • Revoke app-specific passwords to things like gchat, Facebook, etc
  • Consider resetting your Windows user account password
  • Install a better anti-virus.

 

 

 

Meteohub

I’ve been working with some nice software called Meteohub to interface a Peet Bros Ultimeter 2100 to the Internet.  Meteohub was originally written to run on a Linksys NSLU2 NAS device, to provide a low power, low cost, very small form factor device. It’s a great concept, and works great, when it works.

The problem I experienced was that stability and reliability was poor, at best.  It started out great, and the box ran flawlessly for a month or more, until the power went out. Then it wouldn’t reboot.  After a couple of attempts it started up and ran fine.  For a week.  Then another week.  Then nothing.

I found that the USB flash drive had stopped working.  Apparently a common problem, as flash memory is of variable quality, especially the mass retailer variety USB thumb drives, that generally aren’t designed for 24×7 operation with software continuously writing to them.

Meteohub has several other “approved” hardware options, but most were more money than I wanted to spend, and required ordering from companies I’d never dealt with, and didn’t really seem to be setup to deal with selling in small quantities to customers.  So my search has begun to find a more reliable platform to run on

Which brings me to where I am now.  An HP Compaq device, originally intended to be a “Thin Client” device on a LAN.  No fans, no hard drives.  Reasonably small, much smaller than a PC, but larger than the NSLU2 devices.  Mine is about 9 inches tall, 8 inches deep, and 2.5 inches wide.  It has an external 24W power supply, so energy consumption is low (I have not yet measured it on my Kill-a-Watt).  It has a LAN port, 4 USB ports, an RS232 port, and even has keyboard and VGA ports, which will help when initially setting the device up.  These units are available in different configurations, memory size, CPU, etc.

Mine had a smallish IDE Flash memory drive in it.  I don’t recall the size, but it was in the MegaByte range, and I need about 4GB of space for MeteoHub to be happiest.  My plan is to pull out the included Flash drive and install a Compact Flash memory card in it’s place.  I found the needed adapter and cable on eBay for a few dollars.

I haven’t yet powered the system up, but I hope to be able to do that soon and see how it works out.  With a little luck I’ll have the Independence weather station reporting into the Weather Underground site again within a couple of days.

Edit to add:  This system worked out great, until the fire station was struck by lightning and killed the power supply and ethernet ports.  I’ve never replaced that system, but since I was given a Davis Vantage Pro station to install at the home QTH I built another Meteohub box from an older Mini-ITX motherboard, and an IDE to CF adapter.  Works great.

Update: March 1, 2021. For at least the past year I’ve been using a Raspberry Pi running WeeWx to upload my data. It seemed as though development of Meteohub and stopped, and WeeWx is well supported but a bit more of a learning curve to setup.