Reset Windows 8.1 with full cleanse leaves evil desktop
I had CTB-Locker virus. Reset this win8.1 box. Chose the fully cleanse option. Told it my email address. Desktop still says "Your personal files are encrypted by CTB-Locker."
It is displaying a Synced Theme desktop background which is
decrypt all files nwwagfl - a garbage file .
Why is there this garbage file displaying on my desktop after a full reset?
It is displaying a Synced Theme desktop background which is
decrypt all files nwwagfl - a garbage file .
Why is there this garbage file displaying on my desktop after a full reset?
ASKER
i did a reset with full cleanse.
If you indeed did, than it seems either the cleanse has not succeeded or you re-infected yourself already. Reinstall after formatting.
ASKER
just got off with Microsoft. it seems the reset even with fully cleanse the drive goes and installs apps afterwards. pieces like desktop background file and internet explorer bookmarks get put back into appdata.
ASKER
so the reset in windows 8 isn't really as 'clean' as i would have liked.
Did you choose the Remove everything and reinstall Windows option or did you opt for to Refresh it?
The Remove everything and reinstall Windows option will remove all your personal files and programs and basically wipe it back to its factory default settings if it came with a recovery partition.
The Remove everything and reinstall Windows option will remove all your personal files and programs and basically wipe it back to its factory default settings if it came with a recovery partition.
ASKER
I did remove everything and reinstall windows. My understanding from Microsoft is that this does not wipe the partition. That is why desktop background file and internet explorer favorites of the customer where not initialized. I am getting the impression while it may reinstall the O/S, it sets aside some personalizations and then puts them back.
This would explain why the desktop image file (which was installed by malware) did not clear.
I have also seen some internet explorer add-ins remain (specificially the awful Vosteran hijacker).
I'm so unhappy with the Windows 8 reset. Most customers do not have windows media to reinstall as we did in the old days.
This would explain why the desktop image file (which was installed by malware) did not clear.
I have also seen some internet explorer add-ins remain (specificially the awful Vosteran hijacker).
I'm so unhappy with the Windows 8 reset. Most customers do not have windows media to reinstall as we did in the old days.
Create your own setup DVD as shown here: http://windows.microsoft.com/en-us/windows-8/create-reset-refresh-media
Are you using a Microsoft account to sign into your Windows 8.1 machine? Perhaps that's how these tidbits keep coming back
Sure... of course that could be it.
ASKER
Yes I am using a Microsoft account to sign in.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you! I can see from my own machine that the default is ON for all the One Drive Sync Settings. That explains a lot and I am so happy I asked on Experts-Exchange!
ASKER
Awesome. Thank you! This clears up a lot.
Thank you and very happy to have helped!
Your files are lost unless you choose to pay the ransom, so you could take a setup disk and re-install, this time formatting the partition(s).