[SOLVED] How do I deal with EFDC ransomware virus ?

[porcopine]

Hi! so i have been attacked by a ransomware due to my stupidity and luckily the encryption lock was only on my drive D, although after reformatting drive D I've seen some files called EXT_GT4.dds.efdc, EXT_Banner.dds.efdc etc. (yes efdc is a virus attack that encrypted my D drive).

Even after scanning the computer with eset and malwarebytes, I also removed all the websites ip from the system32 hosts file. These files seems to stick and cannot be detected. There are more files I believe that are on a efdc file format and it seems that i cant find them all. I also tried to open its file path but it takes me to "This PC" , there are also map network drive, disconnect network drive (I tried this but no choices was revealed).

I gave up at finding it and decided to ask help here because this laptop hasn't been using the internet since the attack (I closed it to avoid remote controls from the virus) It would be nice if I can use the laptop for surfing again (

 

[COLGeek]

Sounds like time for a full, clean installation of Windows and your applications.

How To - Windows 10 clean install tutorial

If you are looking for the Windows 11 Clean install tutorial, you can find that here: Windows 11 Clean install tutorial (Click here) Otherwise, welcome to the Windows 10 Clean install tutorial This tutorial is intended to help you, step by step, to perform a clean install of Windows...

forums.tomshardware.com

 

[USAFRet]

Full wipe and reinstall.
Or, recover from the full system backup you made before this happened.

 

[digitalgriffin]

Hi! so i have been attacked by a ransomware due to my stupidity and luckily the encryption lock was only on my drive D, although after reformatting drive D I've seen some files called EXT_GT4.dds.efdc, EXT_Banner.dds.efdc etc. (yes efdc is a virus attack that encrypted my D drive).

Even after scanning the computer with eset and malwarebytes, I also removed all the websites ip from the system32 hosts file. These files seems to stick and cannot be detected. There are more files I believe that are on a efdc file format and it seems that i cant find them all. I also tried to open its file path but it takes me to "This PC" , there are also map network drive, disconnect network drive (I tried this but no choices was revealed).

I gave up at finding it and decided to ask help here because this laptop hasn't been using the internet since the attack (I closed it to avoid remote controls from the virus) It would be nice if I can use the laptop for surfing again (

You likely have a root bootkit virus. Unless you are an expert with the appropriate tools, save what files you can on a burnable cd NOT USB stick. Do not connect it to a network or another computer.

UEFI Boot from windows install usb. Re fdisk it. Wipe the partition and mbr and recreate using windows install. I hope you have a key.

Other option is to swap drive with new one. Install new OS on new drive. Add good active antivirus...ie bitdefender. Attach a drive dock with old drive. Scan with bitdefender. Copy what vital files you can. Little riskier but doable. Plus bitdefender might find the rootkit easier as the virus isn't loaded from a dock drive USUALLY. If bitdefender finds it all you might be able to swap it back into service. But that is a risky option. Usually viruses add more viruses to create a false sense of security in the user when 1 or 2 are removed.

Don't use a USB stick to copy from infected system. They can be infected in nasty ways. That's how stuxnet was spread.