Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad version of ICE Virus, Nothing Seems to Work...


  • This topic is locked This topic is locked
8 replies to this topic

#1 ddrcan

ddrcan

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 01 October 2013 - 03:37 PM

Hello, I'm running Windows 64 bit and have recently gotten what looks to be a bad version of the ICE Ransomware virus.

I am unable to login to my account normally due to the ransom screen popping up immediately and going to the BSOD after several moments.

None of the safe-mode options work. Even safe-mode with command prompt which is what I usually due in this kind of situation. I've always been able to use the rstrui.exe to solve this type of issue but not this time. When I enter my password and try to login in safe-mode it says "shutting down" and then "restarting" which it proceeds to do.

When I put in my Windows installation disc and boot from it I know it's supposed to go to a screen where you can either repair, format and reinstall or restore previous state. When I boot from CD/DVD it just goes to a BIOS screen where it says at the top "Windows failed to load" or something like that. It then lists the same options that I have already tried.

-Safe-mode
-Safe-mode with networking
-Safe mode with command prompt

I've also tried Hitman.Pro Kickstart and got the message MRB Failed to load. The only thing that worked with Kickstart was the boot normally option which ended up getting the ransomware screen again.

The only thing I haven't tried yet is Kaspersky 10 Repair disc which I will try tonight, but I'm not holding my breath.

Every forum I've seen on this issue seems to say if safe-mode doesnt work use your installation disc, repair disc or Kickstart. Otherwise if you don't have a disc or it's not working to use safe-mode with command promt. But Nowhere could I find a forum about what to do if neither of these things are working.

If anyone could help me with this I would be extremely grateful. I am fully prepared to format and reinstall but i'm not even able to do THAT at his point. I haven't tried putting the drive in a different computer and trying to format but I don't see how that would really make a difference. Can a virus spread beyond the hard drive? I may just buy a new hard drive but i'm still holding out some hope that this can be fixed somehow. Iv'e never had a virus this bad before to where none of the common methods are not wotking.

Thank you for you help!



BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:12:55 AM

Posted 01 October 2013 - 03:44 PM

Take a look here: ICE Cyber Crime Center Ransomware Removal Guide

Just curious what the purpose of all the links http://www.techsupportforum.com/forums/# is supposed to mean? Ordinarily this could be construed as spam.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 ddrcan

ddrcan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 01 October 2013 - 06:56 PM

I'm sorry, I just copied what I had posted there and pasted it here, I didn't realize it would make all those links. I will be more careful with what I post in the future.

 

Also I did try what the above guide suggested and used HitmanPro to make the Kickstart USB drive. I got to the part where it gives you 3 boot options.

 

1. Bypass master boot record

 

2. Regular boot

 

3. Legacy boot

 

1 and 3 gave me the message:

 

"MBR Read"

 

"Failed to boot"

 

And the regular boot option let's me get past the login screen without restarting but the ransomware image pops up instantly before I can CTL + ALT + DEL or anything.



#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:12:55 AM

Posted 01 October 2013 - 07:27 PM

So you're saying you're being helped at http://www.techsupportforum.com/forums ? Is that right?

And then also posting here at the same time? I would suggest you choose one forum or the other. By posting at multiple forums you run the risk of getting information at one forum that negates the efforts of those helping you at another. Not to mention it's really confusing for you to try and follow the steps from one forum to the next. Let us know which forum you wish to work with and we can go from there.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#5 ddrcan

ddrcan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 01 October 2013 - 09:07 PM

I will stick to this forum then. Thank you for your help. :thumbup2:



#6 ddrcan

ddrcan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 02 October 2013 - 04:54 PM

So I have an update to my situation. I tried the Windows install disk again and got it to work, sort of. The part where it asks me to choose an operating system to repair or restore has nothing to choose from. It asks me to load the drivers for the hard disk which I don't remember ever having to do before. My hard drive model is Western Digital WD5001AALS. I went to their website and it seems that Western digital drives mostly use drivers that are built into the OS so I'm not sure what to do now.

 

I'm glad that I'm able to at least get this far but I'm stumped as to what to do next.



#7 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:12:55 AM

Posted 02 October 2013 - 08:09 PM

I will ask for assistance in the staff area to get more eyes on this. Please be patient.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,985 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:55 AM

Posted 03 October 2013 - 02:57 AM

Hello, please try the following:
  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
    :spacer:
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
    :spacer:
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,985 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:55 AM

Posted 20 October 2013 - 09:30 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users