Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I know I have a Ransomware, but the tutorial is not helping...


  • This topic is locked This topic is locked
18 replies to this topic

#1 everseeker

everseeker

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 20 June 2013 - 11:54 PM

Attempted to follow the tutorial  http://www.bleepingcomputer.com/virus-removal/remove-your-computer-has-been-locked-ransomware

Made the USB key fine

cleared the desk

inserted key, powered up, set to reboot to USB

Powered up - went to USB - '1'

 

At this point, the tutorial and I parted company...

I am running Windows 8/64

soon as Win 8 became aware, it ran a removal tool of its own... which failed. then it gave me the option to turn the PC off, or to load into Windows anyway

when I tried that... got the Ransomware (and, even better, my USB key no longer worked.

Every new attempt involves reimaging of the key... kinda annoying

 

So, how does someone running Win 8 fix this problem?

 

 



BC AdBot (Login to Remove)

 


#2 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:10:58 AM

Posted 21 June 2013 - 12:56 AM

Please try option two. Then post your results. ~Zestypanda

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#3 everseeker

everseeker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 21 June 2013 - 03:54 AM

The exact same thing:

 

To Wit:

 

Options  came up

Selected 2

Preparing Automatic Repair

Diagnosing your PC

Attempting Repairs

Automatic Repair could not repair your PC <Shutdown> <Advanced>

<Advanced> = various versions of "You get to loose all your stuff" or Boot to command prompt (which is comprimized)

So, still stuck



#4 everseeker

everseeker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 22 June 2013 - 12:22 AM

Please try option two. Then post your results. ~Zestypanda

Thoughts?



#5 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:10:58 AM

Posted 22 June 2013 - 12:34 AM

Personally, I would get a Linux distro, burn it to a USB, then boot it, it should mount the windows hd then go and delete the ransom ware from app data, then boot back into windows and run a scan with mbam.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#6 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:10:58 AM

Posted 22 June 2013 - 07:50 PM

Bump. Do you still require help? ~Zestypanda.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#7 everseeker

everseeker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 22 June 2013 - 08:52 PM

Only On The Part After"...Personally"

#8 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:10:58 AM

Posted 22 June 2013 - 09:19 PM

I would use Linux mint linuxmint.com/rel_olivia.php then use the utility at pendrivelinux.com to burn it to a USB then plug it into your computer, boot off it, and select "run Linux mint live"

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#9 everseeker

everseeker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 23 June 2013 - 04:23 PM

Proceeding according toyour instructions. Let me see if they're correct:  

1. download the following Linux Distro: linuxmint.com/rel_olivia.php (Where to get it? Who knows... I'll hunt) (Done. Got Version 15) 2. Use "The Utility" at pendrivelinux.com to burn it to a USB (Used Universal USB installer and stuck it on a thumb drive)

3. Mount Linux (Boot to it from the Thumb Drive) (Worked!)

4. I hope it will mount the windows hd by itself because I have NO idea how to use the command line any more (Worked)

5. Go and delete the ransom ware from app data. (Uh Oh)

        %LocalAppData%\KB8456137\
        %LocalAppData%\KB8456137\KB8456137.exe
        File Location Notes:  %LocalAppData% refers to the current users Local settings Application Data folder.

By default, this is C:\Documents and Settings\<Current User>\Local Settings\Application Data for Windows 2000/XP.

For Windows Vista, Windows 7, and Windows 8 it is C:\Users\<Current User>\AppData\Local.

 - See below -

6. boot back into windows and run a scan with mbam.

 

Ring Bell, Read Book, Light Candle......


Edited by everseeker, 24 June 2013 - 01:30 AM.


#10 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:10:58 AM

Posted 23 June 2013 - 07:54 PM

%LocalAppData%\KB8456137\
%LocalAppData%\KB8456137\KB8456137.exe
File Location Notes:

%LocalAppData% refers to the current users Local settings Application Data folder. By default, this is C:\Documents and Settings\<Current User>\Local Settings\Application Data for Windows 2000/XP. For Windows Vista, Windows 7, and Windows 8 it is C:\Users\<Current User>\AppData\Local.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#11 everseeker

everseeker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 24 June 2013 - 01:34 AM

OK, Got to the file system.

Went to

C:\Users\Everseeker\AppData\Local

 

looked for \KB8456137\KB8456137.exe...no such file/folder

went "up" to

C:\Users\Everseeker\AppData

and did a search...no such file/folder

went up to

C:\Users\Everseeker

Same thing.

am now in C:\Users....after 15 minutes, nothing yet



#12 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:10:58 AM

Posted 24 June 2013 - 01:41 AM

Ok, while in the mint file browser, press ctrl and h to reveal hidden files. Then look under the same location. Also, lets assume that the ransom ware randomly generates the file/folder name. Are there and folders under C:\Users\Everseeker\AppData\Local? Any that look out of the ordinary?

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#13 everseeker

everseeker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 24 June 2013 - 01:52 AM

Nothing out of the norm...

Well, there's a folder... Application Data... this seems to be some odd self-nexting thing. (Every time I click it, I get a copy of the current file tree, 1 level "deeper"

So, I have renamed this, and let's see what rebooting does:



#14 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:10:58 AM

Posted 24 June 2013 - 01:58 AM

That may be the way Linux handles the windows file system..keep me posted.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#15 everseeker

everseeker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 24 June 2013 - 02:39 PM

Got into task manager and am running mabm (3x) when done, I will have an additional issue. The computer is booting to a blank, black
Screen. I have to alt-cntl-del and load the task manager to launch mbam




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users