Inactive WRUI Ransomware Virus

Status
Not open for further replies.
I have been struck by the WRUI Ransomware Virus. Most of my documents and photos are backed up, but my videos and extensive music collection is encrypted. Apparently here is no solution yet to decrypt these files without the (online) key.
In the meanwhile my PC is running OK now after an offline cleanup with a Comodo boot disc and several on-line scans. BUT, after merging them with the registry, the following registry keys (see https://www.tenforums.com/tutorials/57567-restore-default-services-windows-10-a.html) get removed after reboot:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense

What is causing this?
Thanks
PS (Comodo and MalwareBytes and Windows Defender are running on my PC)
 

Broni

Posts: 55,918   +506
In case of such heavy infection, in my opinion, the best way to solve the issue is fresh, clean Windows reinstallation, instead of "offline cleanup" whatever it means.
If you don't format your hard drive and install new copy of Windows there is no guarantee you won't end up with some infection remnants.
 
Thank you very much for your reply Broni.
Well, if you are reticent about piecemeal repairs then I will certainly take your advice.
A couple of points:
1. By 'offline cleanup' I meant using a (Linux) Comodo bootable USB drive and scanning the Windows drive while Windows was not running.
2. I am really keen to try to keep my (many) apps and settings. So I am going to try doing a repair as described in https://www.intowindows.com/repair-windows-10-install-without-losing-apps-data/ and see if that at least fixes the registry issue I have. If anything else strange happens I'll have no choice it seems but do a fresh install. What do you think?
 
Status
Not open for further replies.