Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Laptop with ransom ware, can't Prep Guide, no DDS

  • Please log in to reply
3 replies to this topic

#1 Jeepz72


  • Members
  • 5 posts
  • Local time:09:13 AM

Posted 03 August 2013 - 10:25 PM

boopme said to run DDS and then post a new thread whether or not I could run DDS.  Here's my new thread.


My Pop's laptop has been hit with what I thought was a ransom ware virus.  When I first saw his laptop infected, I know it said something about the FBI or some other security agency locking down the laptop until we paid a fine.  Thing is, now I don't see any of that, I just get a white screen.


Let me step back.  The laptop specs as I know them:

HP Pavilion g7 laptop with i3 processor running Win7 32-bit


Just tried logging into safe mode and it got to the Windows login screen, typed in the user password, and it booted only to get to the desktop and then restart automatically and reboot into normal mode.  At that Windows login I typed the password, got to the desktop and everything went white.  Zero functionality.


Because I cannot do anything once I've logged in, whether in normal or safe mode, I cannot run DDS.  So where does this leave me?




BC AdBot (Login to Remove)


#2 GodfatherKing


  • Members
  • 587 posts
  • Gender:Male
  • Local time:04:13 PM

Posted 04 August 2013 - 03:04 AM



Let's try this strategy:


Disconnect the LAN-cable so the infected machine hasn't internet. Ten start up your infected machine. Is the ransomware now there?


If that doesn't work try this:

  1. Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt.
    Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen.
  2. Use the arrow keys to select the Safe mode with a Command prompt option.

  3. In the command promp enter explorer.exe


Do you now have access to your computer environment?  




Transfer the tools with a flash drive if necessary. 




:step1: Run Rkill http://www.bleepingcomputer.com/forums/t/308364/rkill-what-it-does-and-what-it-doesnt-a-brief-introduction-to-the-program/


       Note: Sometimes AV's thinks Rkill is infected, this isn't true, it's just a false-positive. Just let it terminate the malware processes. 


:step2: Provide the Rkill log.


:step3: Download Emsisoft Emergency Kit

  • Open EmsisoftEmergencyKit by  double-click Start.exe.
  • A new window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Deep Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply


:step4:  Install and run MBAM

:step5:   Running TDSSKiller to obtain log


Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run


  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:

#3 Jeepz72

  • Topic Starter

  • Members
  • 5 posts
  • Local time:09:13 AM

Posted 04 August 2013 - 01:29 PM

Guys, just wanted to say thanks. I couldn't get logged into safe mode of any flavor without it automatically restarting into normal mode. While I was pushing f-buttons to get into various menus during startup, I found something that appears, at this moment, to have restored the laptop to factory fresh install of Win7.  I currently have control of the laptop and am downloading the likes of firefox, thunderbird, advanced system care, and avast antivirus.  If this doesn't stick, I'll be back, but for now this appears to have solved my problem.  Thank you for your willingness to help. I'll be sure to bookmark this site for future help. 




#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,762 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:13 AM

Posted 04 August 2013 - 05:15 PM

Advanced SystemCare is an optimization suite and registry cleaner by IObit that purports to improve performance, make repairs and tune up a computer.

Advanced SystemCare Free...Why waste money on expensive "registry cleaners" to fix your PC when Advanced SystemCare Free will repair, tune, and maintain it for you for free

Advanced SystemCare with Antivirus incorporates the same optimization/registry cleaning features alongside its anti-virus capabilities.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons.
Please read: Why you should not use Registry Cleaners and Optimization Tools
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users