Home

How to deal with Ransomware Like Petya or WannaCry

The short answer is to do a combination of things such as perform a reliable backup, make sure your PC is protected and use automated removal tools if the worst happens. These things can be a solid defence against the growing menace of Ransomware.

Ransomware does not sneak into your PC like ordinary malware does. It suddenly appears and demands cash, otherwise it may encrypt all the files on your Windows PC.

A form of Ransomware similar to Petya has attacked the Ukraine and other sites around the globe, encrypting files until a ransom has been paid. Researchers, though, have moved quickly to block the spread of the Ransomware, also known as Petrwrap, exPetr, Petna, and SortaPetya.

There is no real way to remove Petya Ransomware, but researchers have come up with a few ways to immunise your Windows PC and malware companies are working hard to block it completely.

We will just have to wait a while until these ‘solutions to the threats’ are applied to defeat the current crop of Ransomware.

Petya is the second major Ransomware outbreak in the last two months, following WannaCry, which appeared to leverage software the National Security Agency developed, and was then turned into malware. It struck the U.K. National Health Service and several other banks and organisations.

Ransomware Hits You Where It Hurts – So Prepare Well Against Possible Attacks

A few common-sense habits can help limit your exposure to malware and Ransomware.

Keep your computer up to date via Windows Update. WannaCry doesn’t even try to attack Windows 10, choosing instead Windows XP and other older Windows operating systems.

Ensure you have an active firewall and anti-malware solution in place. Windows Firewall and Windows Defender are barely adequate, so a good third-party anti-malware solution is far better. WannaCry patches are already available, even for Windows 8 and Windows XP.

Ensure that Adobe Flash is turned off, or surf with a browser like Google Chrome, that turns it off by default.

Turn off Microsoft Office macros, if they are happen to be enabled (In Office 2016, you can ensure they are off from Options – Trust Center – Trust Center Settings – Macro Settings).

Never open questionable links, either on a webpage or especially in an email. The most common way you will encounter Ransomware is by clicking on a bad link. Likewise, stay out of the bad corners of the Internet. A bad ad on a legitimate site can still inject malware if you are not careful, but the risks greatly increase if you end up surfing where you should not.

For dedicated anti-malware protection, consider Malwarebytes 3.0, which is advertised as being capable of fighting Ransomware. RansomFree has also developed what it calls anti-ransomware protection. Typically, however, anti-malware programs reserve anti-ransomware for their paid commercial suites.

You can download free anti-ransomware protection like Bitdefender’s Anti-Ransomware Tool, but you will only be protected from four common variants of ransomware. Kaspersky also claims that it can block Petya or Petrwrap by simply rolling back changes via its System Watcher component.

Backing Up Your PC Could Be a Good Strategy

Ransomware encrypts and locks up the files that are most precious to you so there’s no reason to leave them vulnerable. Backing them up is a good and solid strategy.

Take advantage of the free storage provided by OneDrive, Google Drive and others, and back up your data frequently. (But beware, your cloud service may back up infected files if you don’t act quickly enough.)

Better yet, invest in an external hard drive, such as the WD 1TB Elements Portable External Hard Drive, to save some less-frequently accessed “cold storage.” Perform an incremental backup every so often, then detach the drive to isolate that copy of your data.

If You are Infected

How do you know you have Ransomware? You will just know. Ransomware tends to be obvious, the imagery associated with most Ransomware is designed to invoke stress and fear in its victims.

Don’t panic. Your first move should be to contact the authorities, including the police and the UK’s National Fraud and Cyber Crime Reporting Centre. Then ascertain the scope of the problem, by going through your directories and determining which of your user files is infected. (If you do find your documents now have odd extension names, try changing them back – some Ransomware uses “fake” encryption, merely changing the file names without actually encrypting them.)

Identification and Removal

If you have a paid anti-malware solution, scan your hard drive and try contacting your vendor’s tech support and help forums. Another excellent resource is NoMoreRansom.com’s Crypto-Sheriff, a collection of resources and Ransomware uninstallers from Intel, Interpol, and Kaspersky Lab that can help you identify and begin eradicating the Ransomware from your system with free removal tools.

If all Else Fails

If you have good copies of your data saved elsewhere, online and on an external hard drive, all you may need to do is reset your PC, reinstall all your applications and restore your data from the backups.

How to remove your login password from Windows 10

While strong account passwords are important (and recommended by QBS PC Help) not every user wants or needs to enter a password every time they boot their Windows 10 PC. Thankfully, there is an easy way for users to disable or bypass the Windows login screen and automatically log directly into their account when booting.

All you need to do is log into your Windows 10 user account as you normally do by entering your password at the login screen. Next, click Start (or tap the Windows Key on your keyboard) and type netplwiz. The ‘netplwiz’ command will appear as a search result in the Start Menu search. Hit Enter on your keyboard or click on the result to open it.

A new window labeled “User Accounts” will appear, listing all the user accounts on your Windows PC. Click on your user account to select it and then uncheck the box at the top labelled “Users must enter a user name and password to use this computer.”

You’ll be prompted to enter the user account’s password (this is a safeguard to ensure that other users on the PC can’t change the settings for accounts they don’t have access to). Enter your account’s password and then click OK to close the window.

Finally, test the new setting by saving all open work and rebooting your PC. If all steps above were performed correctly, Windows 10 should bypass the login screen and load directly into your user account without prompting you for the account’s password.

Bypassing the Windows 10 login screen is relatively safe if there is a low chance of someone else gaining physical access to your PC. If you work in a shared office space or use a laptop that travels outside of your home or office, for example, you probably shouldn’t configure your account to bypass the Windows 10 login screen.

But if you’re a home user with a desktop PC or laptop that never leaves the house, and you don’t have a history of break-ins or nosy children, it’s relatively unlikely that an unauthorised user will gain physical access to your PC.

Back up your third-party hardware drivers in Windows 10

Tracking down drivers and control software for internal and external hardware devices after a clean reinstall of your Windows 10 Operating System doesn’t have to be a tedious job. The secret is to back up the driver file repository that Windows 10 kindly maintains for you.

Windows 10 includes a full library of class drivers that allow most devices, internal and external, to function without requiring any additional software. This core library is copied during Windows setup to a protected system folder, which means that most devices will work immediately after you finish Windows 10 Setup.

But unlocking the full capabilities of a device sometimes requires a third-party driver and control software, which can be installed by an OEM on a new PC or delivered via Windows Update. (You can also acquire up-to-date drivers by downloading them from the hardware vendor’s website and running an installer program.)

Regardless of how they’re acquired, all these added drivers (along with setup information files and supporting files required for installation) are saved in their own sub-folders within a special system folder. Back up that folder and you can save yourself hours of searching for drivers if you ever need to reinstall Windows from scratch on that device.

To back up your current collection of drivers, open File Explorer and go to C:\Windows\System32\DriverStore. Copy the FileRepository subfolder to a backup location, such as a USB flash drive or removable hard drive. (This folder and all its sub-folders can be several gigabytes in size, so make sure you use a big enough backup drive.)

After your clean install is complete, you can quickly reinstall any custom drivers by using the Update Driver option from Device Manager and specifying the backed-up copy of the FileRepository folder as the location where you want Windows to look for new driver files.

How to show the taskbar on only one display in Windows 10

Windows 10 has some nice features for multi-monitor setups. One of which is the ability to display the taskbar on only one monitor.

Changing this setting really comes down to your own personal preferences as there are clearly some good reasons to keep the taskbar on both monitors.

For example, since the Anniversary Update the taskbar clock is displayed on both monitors. If you play games or are watching a movie this gives you an easy way to keep an eye on the current time.

Nevertheless, some people prefer the cleaner look of having the taskbar on a single display. In Windows 10, this is really easy to set up, but first you must make sure you have the right display chosen as your main monitor because once you’ve made this change it will only show up on your primary display.

So if you have a multi-monitor set up Go to Start > Settings > System > Display. Here you will see your two monitors labelled 1 and 2. Click on the monitor you wish to use as your main display and then check the box labelled ‘Make this my main display.

Now go to Settings > Personalization > Taskbar and scroll down to the Multiple displays heading. Switch off the slider labelled ‘Show taskbar on all displays’ Your taskbar will now only appear on your main display.

How to find out what’s slowing down your Windows PC

The Windows Resource Monitor can help you to track down the resource hog’s that are slowing down your Windows computer.

If your using Windows 7 click Start, and then Run and type ‘resmon’. For Windows 10 users fire up Cortana’s ‘Ask Me Anything’ Box and type ‘resmon’. Now hit Enter and click on resmon.exe in the resulting search list.

For monitoring slowdown issues take a look at the Memory tab. This tracks usage and shows you how much memory a program or service is consuming. Also check the CPU and Disk tabs and see what particular program or service is causing your PC to slow down the most. Look particularly at the programs you’ve recently installed or uninstalled and see if any of those are using the bulk of your PC’s available resources.

All the memory hogging and performance sapping programs, services and modules can make your Windows computer less stable so its also a very good idea to check the Windows Reliability monitor too. For Windows 7 and Windows 10 users search for ‘Reliability History’ and select ‘View Reliability History’ from the resulting list.

Take a look at the blue trend line which may be flat or downward sloping. A sudden sharp drop is certainly worth checking out. If multiple programs are shown to be unstable perhaps something you recently installed or uninstalled is the culprit.

Click on the columns representing dates to see a list of the ‘activity’ for that particular day. This will show you what was successfully installed or run and what was unsuccessful. You may be able to fix the instability problem if ‘Check for a solution’ appears under the Action column at the foot of the screen.

Use these two tools to keep your Windows PC in good shape and to nip problems in the bud before they start to get out of hand!

How to change Windows 10’s default web browser

When you upgrade to Windows 10 from another version of Windows the ‘express installation’ option sets your default web browser to Microsoft’s Edge, even if you chose to use Chrome, Firefox, Opera, or another web browser, in Windows 7 or 8.

And Microsoft’s Edge has a nasty habit of resetting itself as the default browser if you update Windows 10 or even try to install another browser.

Fortunately, Windows 10 doesn’t uninstall your previous browser of choice, so it’s easy to change the operating system’s default web browser back again to your browser of choice – if you know where to find the settings to change this.

First, open the Start menu and select Settings, then click on the System option.

In the options that appear, select Default apps in the left-hand pane, then scroll down and click on Web browser, which likely has Microsoft’s Edge icon showing if you just upgraded from a previous version of Windows.

A list of browsers installed on your system will pop up. Select the browser you’d like Windows 10 to use by default. If you don’t see your browser of choice then it is not installed on your PC, so you will have to download it and walk through this very simple process again.

Once you’ve selected your preferred browser just return back to the main Settings page and your choice will be automatically saved.

From now on, all web links will open in Chrome, Firefox, Opera, or whatever alternative browser you want to use.

How to remove Cortana from Windows 10

If you have Windows 10 Professional or Enterprise you will be able to shut down Cortana by simply typing gpedit.msc in the search box to open the Group Policy Editor. Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Search. Double-click on the policy named Allow Cortana.

When the policy window appears just click Disable. That’s all you need to do shut down Cortana.

However, if you are using Windows 10 Home, you will need to edit the Windows Registry. Do not tackle this step unless you have experience editing the Registry. Additionally, you should set a restore point now in case things go sideways.

So if you are confident about working in the Registry Type Regedit into the search box in and open the Registry Editor. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search. That final key (Windows Search) may not be present in the Registry. If it is not present, right-click the Windows directory and select New > Key. Name it Windows Search.

Now select that new key. In the right-hand pane, right-click and select new DWORD and name it AllowCortana. Then right-click that value and make sure it’s set to 0, which means “off”.

Now sign out and back in again or restart your PC and you should notice that Cortana has been replaced with a generic search box.

How to turn off forced restarts when Windows 10 Updates

windows10-desktopIn the past you may have been used to setting up Windows Updates so that they wouldn’t install automatically. Even though Windows 10 handles post-update reboots pretty well, you may still like to have some control over these updates from the outset.

There is a simple workaround for users running Windows 10 Professional. From the Start Menu, search for ‘Group Policy‘.

From the search result pick ‘Edit Group Policy/Control Panel‘ from the top of the list.

Expand Computer Configuration in the left-hand pane and navigate to Administrative Templates\Windows Components\Windows Update. Double-click Configure Automatic Updates in the list, select the Enabled radio button, and in the left-hand box select 2 – Notify for download and notify for install. Now click OK, and you’ll be notified whenever there are updates – unfortunately, they will be a daily irritation if you’re using Windows Defender.

The Group Policy Editor isn’t available on Windows 10 Home, but you can at least open Windows Update, click Advanced options and select Notify to schedule restart from the ‘Choose how updates are installed’ list. While you’re here, all Windows 10 users might want to click Choose how updates are delivered and ensure that Updates from more than one place is either off or set to PCs on my local network.

How to shut down Windows 10 OneDrive completely

windows-10-file-explorer-favouritesOneDrive and Windows 10 are joined at the hip. So tightly, in fact, that OneDrive gets its own quick access link in File Explorer and its sync client runs automatically when you start up your PC.

Of course you don’t have to use OneDrive’s cloud storage. You may prefer a cloud service from another provider such as Google Drive, or perhaps you just do not like the idea of storing your files in the cloud. No matter what your reason may be, you are completely free to ignore OneDrive in your backup plans.

If you are not currently using OneDrive the sync client may keep asking you to sign in using your Microsoft Account. When the message pops up asking you to sign in, just click Cancel. Cancelling OneDrive still leaves the OneDrive icon in the navigation pane of File Explorer. To make this disappear, you will need to make a simple Registry edit.

In Windows 10 Pro or Enterprise, you can use the Group Policy editor to make this change. Open the Local Group Policy Editor by putting Gpedit.msc in the Windows 10 search box and go to Computer Configuration > Administrative Templates > Windows Components > OneDrive. Double-click the policy Prevent The Usage Of OneDrive For File Storage and set it to Enabled.

After you restart your PC, you’ll find that the OneDrive icon is no longer in the navigation pane and the sync client no longer runs.

On devices running Windows 10 Home, where Group Policy isn’t available, you have to edit the registry manually. Open the Registry Editor by typing regedit into the Windows 10 search box, select regedit from the top of the resulting list. In regedit navigate to HKLM\Software\Policies\Microsoft\Windows\OneDrive. (If that key doesn’t exist, you will need to create it). Add a new DWORD value, DisableFileSyncNGSC, and set it to 1. Restart the PC to make the policy setting effective (Note that this change applies to every user of the selected device).

If you previously synced your files to OneDrive, they remain in the local OneDrive folder but are no longer linked to their cloud counterparts.

How do you open Safe Mode in Windows 10?

windows-safe-modeNothing gets you out of trouble like Windows Safe Mode. This was always easy to open by simply pressing the F8 or Shift+F8 keys as a PC started up.

In Windows 10 you can no longer enter Safe Mode by pressing F8 or Shift+F8 at boot. Although it is still available you have to boot into Windows first, then either restart holding the left Shift key or via an option within Update & Security which can be found in the Settings app. However, neither option is helpful if your computer cannot boot into Windows 10 in the first place.

To get around this serious limitation, you will need to create a boot time Safe Mode option before any trouble arrives.

Hit Win+x (The Windows Key and X key) and select Command Prompt (Admin) from the list of options. Now type bcdedit /copy {current} /d “Windows 10 Safe Mode” and hit Enter.

From the Start Search Menu type msconfig, run System Configuration in the results and navigate to the Boot tab. Now highlight the Windows 10 Safe Mode option that you just created, tick Safe boot and select Minimal under the Boot options and – if necessary – reduce the Timeout value so you won’t be inconvenienced – the minimum value is three seconds. Tick Make all boot settings permanent (in fact you can simply return here later and delete the Safe Mode entry) and click OK.

When you restart your PC you should now have a boot menu offering a choice of your normal Windows Operating System and the New Windows 10 Safe Mode option you just created.

So if you cannot boot into Windows, by restarting your PC you can now select Windows 10 Safe Mode.

To find out more about Windows Safe Mode see the article Safe Mode and It’s Uses.

Free PC Tips Newsletter


Follow QBS on Twitter