Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomeware- locked out of everything


  • This topic is locked This topic is locked
3 replies to this topic

#1 swisstony123

swisstony123

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 15 February 2012 - 10:21 AM

Hi,

Please help!! My brother's living in France and I can usually sort out his computer related problems from here in the UK, but on this occasion I'm stumped and the only advise I can get is in German.

The virus/trojan seems to be called gema and is ransomeware, all advice I've found so far points to using Taskmanager, but it locks him out all together.

I've tried to get him to boot in all safe modes and it locks him out after a few seconds.

any advice would be greatly appreciated.

P.S.
It's a French Laptop, different keys,French language windows, luckily he speaks French so can translate. Not aure if that is worth mentioning, but I thought I would just incase.

Windows 7 laptop

It's similar to the ransomeware that indicates you've downloaded illegal music/software pay 50 euros to release your computer

Edited by swisstony123, 15 February 2012 - 10:23 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:45 PM

Posted 15 February 2012 - 02:03 PM

Hello swisstony123,

Welcome to Bleeping Computer.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:45 PM

Posted 15 February 2012 - 02:03 PM

I moved the topic to malware removal forum.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:45 PM

Posted 22 February 2012 - 02:07 PM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.

Edited by Farbar, 29 June 2012 - 11:11 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users