How to remove Ransom:Win32/WannaCrypt.A!rsm Virus

I have SCCM server. SCCM server detects the virus Ransom:Win32/WannaCrypt.A!rsm for windows 7 pcs. But it can not completely delete that virus. After scanning those PCs with SCCM server, it detects that virus. But after someday it come back to those pcs. Around 1421 pcs of windows 7 are affected with that virus. Our whole system are in vulnerable condition. Is there any way to remove Ransom:Win32/WannaCrypt.A!rsm Virus Completely from Windows 7 PCs?
Md. Shamiul IslamJr. Systems EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alex GreenProject Systems EngineerCommented:
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/Wannacrypt.A!rsm


Full guide there, I'm assuming you must be running some sort of malware protection, that would normally remove it as well.

Thanks
alex
0
Alex GreenProject Systems EngineerCommented:
0
John TsioumprisSoftware & Systems EngineerCommented:
To me it seems that somewhere you have an infected machine that keeps infecting the other so maybe you should try to "divide and conquer" split you infected machines to small groups  and isolate them from your network... try to see if after the cleaning process remain clean...if you encounter a group that is clean you return it to the normal network...if not you keep splitting the group until you reach the source of infection.
Maybe its a good idea to train the employees of performing the cleaning process using extra 3rd party tools.
Also check for update MS17-010  that block a vulnerability that WannaCry exploits to infect other machines....
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
Why is sccm scanning for such ransomware, it would have been the anti virus or Anti-malware - for Windows its defender AV is doing the job to prevent ita infection.

But relying on AV does not suffice if the machine is not patched (minimally MS17-010 but go for latest release as it is accumulative to close up known vulnerabilities), not hardened (need Applocker to allow authorised appl to run, disable SMBV1 to prevent infection spread and exploitation onto system having same network shares) and any user is login as default administrator (which should be given user role only).

May want to see the faq on preventive measures
https://www.experts-exchange.com/articles/28059/TL-DR-Ransomware-Infected.html
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.