Inactive WRUI Ransomware Virus

Not open for further replies.
I have been struck by the WRUI Ransomware Virus. Most of my documents and photos are backed up, but my videos and extensive music collection is encrypted. Apparently here is no solution yet to decrypt these files without the (online) key.
In the meanwhile my PC is running OK now after an offline cleanup with a Comodo boot disc and several on-line scans. BUT, after merging them with the registry, the following registry keys (see get removed after reboot:

What is causing this?
PS (Comodo and MalwareBytes and Windows Defender are running on my PC)


Posts: 55,918   +506
In case of such heavy infection, in my opinion, the best way to solve the issue is fresh, clean Windows reinstallation, instead of "offline cleanup" whatever it means.
If you don't format your hard drive and install new copy of Windows there is no guarantee you won't end up with some infection remnants.
Thank you very much for your reply Broni.
Well, if you are reticent about piecemeal repairs then I will certainly take your advice.
A couple of points:
1. By 'offline cleanup' I meant using a (Linux) Comodo bootable USB drive and scanning the Windows drive while Windows was not running.
2. I am really keen to try to keep my (many) apps and settings. So I am going to try doing a repair as described in and see if that at least fixes the registry issue I have. If anything else strange happens I'll have no choice it seems but do a fresh install. What do you think?
Not open for further replies.