Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected


  • Please log in to reply
2 replies to this topic

#1 jackal313_3

jackal313_3

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 09 May 2011 - 04:07 PM

Am I infected with
Your PC is blocked.
All the hard drives were encrypted.
Browse www.safe-data.ru to get an access to your system and files.
Any attempt to restore the drives using other way will lead to inevitable data loss !!!
Please remember Your ID: , with its help your sign-on password will be generated.
Enter password:

what can i do

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:25 AM

Posted 09 May 2011 - 09:51 PM

Hello. do not panic this is fixable. You will need a USB drive. Do you have one?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:25 PM

Posted 10 May 2011 - 01:26 AM

Hello jackal313_3,

You will need access to a working computer, a CD and a USB to do the following:

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and when finished, it will open BurnCDCC which will be ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
Now we need to prepare the USB, It doesnt necessarily need to be formatted, but might help if it is >
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Next download ransom.sh to your USB drive
  • Remove the USB and insert it into the infected computer
  • Boot the infected computer with the CD you just burned
  • The computer must be set to boot from the CD (varies from PC to PC > but generally F12, F11 or F9 will access the boot menu)
  • Follow the prompts
  • A Welcome to xPUD screen will appear > select your language
  • When xPUD opens > Click on File
  • Expand mnt
  • sda1 or sda2 will usually correspond to your HDD > sda1 and/or sda2 may not be visible with this infection, > this is typical
  • sdb1 is likely your USB
  • Expand your USB (sdb1)
  • Confirm that you see the file ransom.sh that you previously downloaded
  • Press Tool on the top menu bar
  • Choose Open Terminal
  • Type bash ransom.sh
  • You should see the message

    ransomware mbr code detected on /dev/sda
    repairing mbr on /dev/sda
    mbr code OK on /dev/sdb

  • A log file named log.txt will also be created on the USB
  • this should only take a brief moment to complete
  • Once completed > type exit to close the Terminal Window
  • Now go to Home > restart > remove the xPUD CD from the machine before it starts to reboot to allow the machine to reboot normally.
  • If the script was successful, your machine should now be booting normally

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users