Technology

Tech Q&A: Fighting the CryptoWall hacking scam

Q: I received a screen message that said all my files had been encrypted (locked so they can’t be opened) by CryptoWall, and that if I wanted the files back I would have to pay for the encryption key. I refused to pay and asked the Geek Squad for advice. They said paying the ransom, usually $500, was risky, because the hackers don’t always unencrypt the files. They suggested wiping the hard drive clean and starting over, but I said no. Any suggestions besides paying?

John Parranto, Eagan, Minn.

A: There is an alternative to paying the blackmail. Use the free version of Malwarebytes to remove the malicious CryptoWall program from your PC. After that, the free programs Recuva or Data Recovery Wizard may be able to recover of your files, although there are no guarantees.

Why is recovery uncertain? CryptoWall makes copies of your files, encrypts the copies and then deletes the originals. The recovery programs try to find these deleted original files, which remain on your hard disk until they are overwritten by new stored data.

But the recovery task becomes more difficult if CryptoWall tries (not always effectively) to overwrite the original files when you start to remove it from the PC. As a result, you won’t know if all the files can be recovered until you try.

If you’d rather not risk losing some of the files during the recovery process, you could pay the ransom. But that would reward criminals, which you don’t want to do, and once the hackers get your money they might not bother to unencrypt your files.

To uninstall CryptoWall and recover the deleted original files, see tinyurl.com/h8u2qw2. Also read the tips for avoiding CryptoWall in the future. It’s often downloaded as fake updates for legitimate software that are found on disreputable websites, or via spam e-mail attachments.

Q: My Windows 7 PC is displaying the message “The User Profile Service failed the logon. User Profile cannot be loaded.” A Microsoft online technician guessed that my PC’s registry was corrupted. Can I repair that myself, or must I take the PC to a repair shop?

Chuck Happach, West St. Paul, Minn.

A: Your User Profile is a list of your preferences for the way Windows operates. When it fails, there is usually corruption in the PC’s registry, a database of settings.

The simplest solution is to download Microsoft’s automated repair software, called “Microsoft Fixit.” See tinyurl.com/pglzv43. If that doesn’t work, there are two other choices.

You can manually change the PC’s registry by following the directions at the same website. I advise you not to try this, because if you make a mistake it can cause many other problems.

It’s better to try a more middle-of-the-road solution that’s only modestly technical. Instead of fixing the registry, you can manually create a new User Profile, then copy the files from the old profile to the new one. See tinyurl.com/ksyfet9.

  Comments