Tech Q&A: Recovering files after your PC is attacked

Q: I read your column about CryptoWall (, the malicious software that encrypts your files and holds them for ransom. Can normal PC operations be restored by reloading the original files from a previous backup of my entire PC hard drive?

Dennis Le Vesque, Brooklyn Center, Minn.

A: It depends on which of the two types of hard drive backup you’ve made.

One type, called a “disk image,” copies literally everything from your PC’s hard drive, including the files and the blank spaces between files. If you put a backup like this on your PC, you will have done two things: replaced the encrypted files with normal ones, and eliminated CryptoWall (it, like anything else installed since your last backup, will be overwritten by blank disk space).

The other type of backup is called a “system image.” It just copies your files and ignores the empty hard disk space between them. When you put that type of backup on your hard drive, it replaces the encrypted files with normal ones, but doesn’t overwrite anything that was installed or stored on the PC since you made the backup. As a result, CryptoWall is still on the PC.

In theory, CryptoWall shouldn’t be able to run after that kind of drastic change to the hard disk. But there’s no point in taking a chance, so before returning your “system image” backup to the PC, run the security program Malwarebytes ( to get rid of CryptoWall.

If you’re not sure which type of backup you have, run Malwarebytes first to be safe.

Q: I’m having two problems with a new HP PC that has Windows 10.

The Windows email program has stopped updating my inbox with new messages from Microsoft’s own email service. But when I look on the website, newly received emails are there. Also, when I try to turn off the PC using the Power menu, it only shuts down part of the way and the disk drive keeps running. What should I do?

Mike Holly, Roseville, Minn.

A: The mail problem could be caused by several things. You may need to remove, then recreate your email account on your PC, as well as adjust how often the account updates with new email (see If those things don’t work, it’s possible that some non-Microsoft firewall software is interfering with email updates. You can open the firewall software and see if it lets you give permission to the Windows email program to update.

The PC shutdown problem is probably caused by software that controls the PC’s processor chip, called the “Intel Management Engine Driver.” Go to HP’s “software and driver downloads” page at, then click “identify now” to let the website determine which drivers your PC needs. If that doesn’t work, go to Intel’s website ( and download the newest “Management Engine Driver” for your version of Windows 10 (either 32-bit or 64-bit, a designation that refers to the length of the memory addresses the chip uses).