Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • WannaCry Ransomware Remediation PC 1.1

    Încărcat de

    bernardo1981
    52 vizualizări3 pagini
    wannacry

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    DOCX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    wannacry

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    52 vizualizări3 pagini

    WannaCry Ransomware Remediation PC 1.1

    Încărcat de

    bernardo1981
    wannacry

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 3

    WannaCry Ransomware Remediation PC_How to v1.

    SD will create tickets for confirmed cases to OSS


    o SD will precise in the ticket if its on confirmed list(*) or not
    (*) list with infected pcs

    1. System is on confirmed list?


    a. NO : disconnect system from the network
    2. System is encrypted?
    Check if user received below screen

    Check for files with below extensions:

    .wnry
    .wcry
    .wncry
    .wncryt

    a. NO : perform Backup
    i. Do not backup any files in C:\ProgramData
    ii. Do not backup any files in C:\Windows
    iii. Make sure backup doesnt include :
    1. tasksche.exe
    2. mssecsvc.exe
    3. tasksche.exe
    iv. Avoid backing up any .exe, .bat. cmd etc

    b. Yes : Do not perform Backup

    3. Reimage
    4. Run anti-virus update (automatic or manually)
    ------------------------ Anti-Virus Actions ------------------------------------

    a. Automatic
    b. Manual

    i. Make sure you have the EXTRA.DAT: this file is available for you in the zip file
    on the documentation portal:

    Via link : https://gpmopartner.ts.fujitsu.com/Documentation/


    Or via: Documentation files tab in your OSMQ ticket

    ii. Install Anti-Virus malware remove file

    Click Start, Run, type services.msc, and click OK.


    Right-click the McAfee McShield service and select Stop. Remark : if the service cant be
    stopped please proceed with: a. Automatic

    Copy the Extra.DAT file to the following location:

    32-bit installations
    <installation drive>\Program Files\Common Files\McAfee\Engine

    64-bit installations
    <installation drive>\Program Files (x86)\Common Files\McAfee\Engine

    In the Services window, right-click McAfee McShield and select Start.

    The new detections in Extra.DAT will take effect after the McShield service has started.

    5. Install the Windows update

    ------------------------ Systems upgrade Actions ------------------------------------

    I. Identify the right MS patch file corresponding to your operating systems (32 or
    64 bit, Windows XP or Windows 7) : this file is available for you in the zip file
    on the documentation portal:

    Via link : https://gpmopartner.ts.fujitsu.com/Documentation/

    Or via: Documentation files tab in your OSMQ ticket

    II. Do a double-click on the identified file(s)


    6. Run full scan if all clear continue.
    7. Restore data if available
    8. System is on confirmed list?
    a. YES : Send ticket back to SD for transfer to
    FJTU_END_USER_PROTECTION_EMEA_ISMA_L2 : Close your OSMQ ticket as:
    CLOSED NOT SOLVED
    b. NO : Plug back on network

    S-ar putea să vă placă și