Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ACMA Ransomware Removal help please


  • Please log in to reply
3 replies to this topic

#1 subby6

subby6

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 31 January 2014 - 05:08 AM

I have this PC with Australian Communications and Media Authority Ransomware on it. Cannot access desktop or anything.

 

I've Attemped System Restore, but fails with error.

 
System Restore failed due to an unspecified error.
The file or directory is corrupted and unreadable. (0x80070570)
 
Attempted HitmanPro Kickstart, but it also gets an error which i can't see behind the Full Screen Ransomware webpage.
 
Attempted Anvi Rescure Disk but it only found 1 trojan which wasn't related to the ACMA Ransomware.
 
Have tried Safe Mode, it also has the ACMA Ransomware webpage load up too.
 
If i was to take the HD out and plug it into my computer via a HD caddy, would scanners be able to find it then?
 
OS is Windows Vista 32bit

Edited by subby6, 31 January 2014 - 05:19 AM.


BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:31 AM

Posted 02 February 2014 - 07:09 PM

:welcome: to BC forums, subby6!

 

Any chance you can boot to Safe Mode with Command Prompt?

If not, right now, two options come to mind...

 

:step1: Using a Windows Vista System Repair Disk.

However you need access to another computer with Windows Vista 32-bit to create a System Repair Disk.

 

 

:step2: Using Puppy, a Linux operating system that focuses on ease of use and minimal use of resources.

It runs easily from a USB drive or a CD, and once you are done with it, you just remove the USB drive. There is no need for installing.

 

 

If i was to take the HD out and plug it into my computer via a HD caddy, would scanners be able to find it then?

 

 

A scanner may or may not be able to find the crucial files, however, ransomware also plants itself in the Windows Registry, and I am not aware that it will be accessible if the drive is connected to a different computer.


Old duck...


#3 subby6

subby6
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 02 February 2014 - 07:18 PM

I was able to fix this by downloading Kasperskys Rescue Disc 10, and booting up to that and running a scan. It found 1 file and removed it. And that was able to let me boot into windows without the Ransonware showing. Then i ran my using scanners to remove malware.

 

1. Kaspersky TDSSKiller

2. Rkill

3. Malwarebytes Anti-Malware

4. HitmanPro

5. RogueKiller

6. AdwCleaner

7. Junkware Removal Tool

8. Online Scanners Emsisoft, and Eset

9. Tweaking.com's Windows Repair tool.

 

And computer running smoothly since.

 

So topic can be marked as Solved now.


Edited by subby6, 02 February 2014 - 07:20 PM.


#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:31 AM

Posted 02 February 2014 - 07:56 PM

Good job!!

 

Another approach that came to mind was using Kaspersky WindowsUnlocker. It would also take care of Registry changes.

 

However, with all the tools you ran, one of them did that job.

 

Thanks for the update.  :)


Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users