Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Will not load Windows XP Media Center Edition or Safe Mode!


  • This topic is locked This topic is locked
15 replies to this topic

#1 firestormerc

firestormerc

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 AM

Posted 10 May 2013 - 12:48 PM

I have the FBI MoneyPak Ransomware or the Reveton Trojan on a Windows XP Media Center Edition desktop. I am typing this from a laptop. The guide suggest booting up in Safe Mode with Networking but it won't let me go in Safe Mode at all. Is it now time to use a Bootable Antivirus CD?


Edited by hamluis, 10 May 2013 - 01:05 PM.
Moved from XP to Am I Infected -- Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:25 AM

Posted 10 May 2013 - 06:06 PM

I'll report this topic to appropriate helpers.

Hold on there...


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 firestormerc

firestormerc
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 AM

Posted 10 May 2013 - 11:11 PM

I stated the wrong one it is the FBI Cybercrime Division ransomware. Here is a update bootable antiviruses do not find it.



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:25 AM

Posted 11 May 2013 - 07:28 AM

Hello, firestormerc.
 
My name is etavares and I will be helping you with this log.  I have moved this to the virus removal forum.
 
Here are some guidelines to ensure we are able to get your machine back under your control.
 
  • Please do not run any unsupervised scans, fixes, etc.  We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so.  Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned.  Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first.  There's no harm in asking questions!
  •  
     
    Since you have XP we can't use my go to tool for this.  We have other options.  First a few questions:
     
    1.  Can you boot into Safe Mode w/ Command Prompt?
    2.  Turn off your computer, unplug the internet cable (or disable the wireless as soon as it powers on) and boot.  Some variants will not load if not connected to the internet.  Are you still locked out after disabling internet?
     
    -etavares
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #5 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:25 AM

    Posted 11 May 2013 - 07:29 AM

    PS>  Please don't miss my post above.  I suggest you subscribe to this topic.  At the top right you'll see a button saying "follow this topic", click that and follow the prompts.  Then you'll have an alert in the site toolbar at the top and an email (if selected) when I reply to this topic.



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #6 firestormerc

    firestormerc
    • Topic Starter

    • Members
    • 27 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:06:25 AM

    Posted 11 May 2013 - 10:44 AM

    Hey Etavares,

     

    It is not plugged up to the internet and it will not boot up into any safe mode(Safe Mode w/Command Prompt, Safe Mode w/Networking, Safe Mode)

     

    I am still locked out of the computer. I have followed this post. :thumbup2: I have knowledge about what I am doing. I took classes for computers at the high school and college levels.

     

    Right now the option is to run a Window XP Media Center Edition disc to try and repair start up. To see if that will allow me to get on either in Safe Mode or regular mode.


    Edited by firestormerc, 11 May 2013 - 01:11 PM.


    #7 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:25 AM

    Posted 11 May 2013 - 07:04 PM

    Hello, firestormerc.
     
    Startup repair won't help this one.  We'll go in and find the root cause.
     
    Step 1
     
    You will need a blank USB drive.
     
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh -f
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:
  • skype.dat
  • Press Enter
  • If succesful, the script will search this file.
  • After it has finished a report will be located in the USB drive as filefind.txt
  •  
    Please note - all text entries are case sensitive
     
    Copy and paste the filefind.txt for my review
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #8 firestormerc

    firestormerc
    • Topic Starter

    • Members
    • 27 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:06:25 AM

    Posted 12 May 2013 - 07:34 PM

    Hey Etavares,

     

    I have good news for you. I was able to get rid of the FBI Ransomware screen by using the windowsunlocker on the Kaspersky Rescue Disk which I didn't know about until I came across it on the web reading around. Once you boot up Kaspersky Rescue Disk in Graphic Mode you click the K which is the Start Menu then click Terminal. When the Terminal loads up type in windowsunlocker and hit Enter. Now you hit 1 - Unlock Windows when that is done hit 2 – Save boot sector copies then 0 - Exit.

     

    Then boot into Windows Normally and run Malwarebytes Anti-Malware which removed Trojan.FakeMS.zb. I am futher scanning with Emsisoft Emergency Kit and Microsoft Security Essentials my antivirus protection.

     

    I believe the trojan/FBI Ransomware got put on the computer from a outdated Java or Adobe Flash Player. What is the best way to check and make sure Java, Adobe Flash Player, etc is up to date?

     

    Thank you!



    #9 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:25 AM

    Posted 13 May 2013 - 07:18 PM

    Hi,

    Thanks for posting the way you solved the problem.  That will help others.

     

    Would you like me to look over your computer to ensure they are clean?

     

    To keep those updated, I would either a) go to the website and download it and install; or B) use Secunia PSI, run a scan, then update what it tells you to do.  I personally prefer to go to the website directly to upload, but I believe Secunia PSI offers to do it from within the program.

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #10 firestormerc

    firestormerc
    • Topic Starter

    • Members
    • 27 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:06:25 AM

    Posted 13 May 2013 - 09:24 PM

    Hey Etavares,

     

    You are welcome! I couldn't load into Safe Mode because it had deleted the registry key for it.

     

    Yes, please! Thank you!

     

    I will try Secunia PSI. :)

     

    firestormerc



    #11 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:25 AM

    Posted 14 May 2013 - 05:37 AM

    Hi firestormerc,

     

    OK, please start by following these instructions and post the requested logs in reply to this message.  Please copy/paste the contents directly into your post. Please break across posts if it's too long for a single post.

    Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

     

    Next, are you still having the safe mode issues or did you already fix that?  We have tools that can help.

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #12 firestormerc

    firestormerc
    • Topic Starter

    • Members
    • 27 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:06:25 AM

    Posted 17 May 2013 - 09:28 PM

    Hey Etavares,

     

    Thank you for posting that information. I am good right now.

     

    Yes, I fixed the Safe Mode issue! Is it common for the Windows loading screen to flash twice? Should I run those tools?

     

    firestormerc :)



    #13 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:25 AM

    Posted 19 May 2013 - 05:27 AM

    Hi firestormerc,

     

    Glad to hear it's working.  The flashing could be your graphics card.  Mine doesn't do that, but I had a computer in the past that did it.  If you want me to look at your computer for a second opinion to ensure it's clean, please run those tools and post the log.  If you're confident it's cleaned up, no need to run them.  In that case, please post back here so I can mark this as resolved.  Your choice!

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #14 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:25 AM

    Posted 22 May 2013 - 07:29 PM

    Did you want to have me look over the logs or close this thread?



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #15 firestormerc

    firestormerc
    • Topic Starter

    • Members
    • 27 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:06:25 AM

    Posted 22 May 2013 - 08:33 PM

    Hey etavares,

     

    You can mark it as resolved or close the thread! Thank you!

     

    firestormerc






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users