Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ICE Hijack Ransomware GreenDot Scam can't access Safemode


  • Please log in to reply
12 replies to this topic

#1 tomcruise24

tomcruise24

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 04 June 2014 - 02:40 PM

Hi,

Trying to remove the ICE ransomeware.  all Safemode options just cycle reboot. In trying to troubleshoot I used msconfig to try and get it to boot into safemode so now the computer just cycles trying to boot into safemode and i cant access normal boot mode. Please advise.

Thanks in advance,


Edited by hamluis, 04 June 2014 - 03:36 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,285 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 04 June 2014 - 02:49 PM

Hello and Welcome

 

You will need access to a clean computer and download Hitman Pro. Then use Kickstarter.

 

Follow this guide

 

http://www.bleepingcomputer.com/virus-removal/remove-fbi-cybercrime-division-ransomware



#3 tomcruise24

tomcruise24
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 04 June 2014 - 03:05 PM

Thanks!
Unfortunately i have a clean 64 bit computer, but the infected computer is 32 bit.



#4 JohnC_21

JohnC_21

  • Members
  • 24,285 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 04 June 2014 - 03:07 PM

I would download the 32bit version of Hitman Pro. It should still install on your Windows 64bit computer.

 

Edit: But I can't guarantee it will work as this is an unusual problem. You could contact HitmanPro and confirm if it is possible.

 

Edit Edit: See this thread for contact info.


Edited by JohnC_21, 04 June 2014 - 03:12 PM.


#5 tomcruise24

tomcruise24
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 04 June 2014 - 03:11 PM

Unfortunately it says it detects a 64 bit version and halts the install.



#6 JohnC_21

JohnC_21

  • Members
  • 24,285 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 04 June 2014 - 03:15 PM

I would try the 64 bit install and see if it will work on the infected computer. If not, see my link above for contact info. In this thread I explain using Kaspersky Rescue Disk to remove the ransomeware using WindowsUnlocker in the Kaspersky Rescue Disk



#7 tomcruise24

tomcruise24
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 04 June 2014 - 03:30 PM

I don't see any Kaspersky info on the linked page



#8 JohnC_21

JohnC_21

  • Members
  • 24,285 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 04 June 2014 - 03:33 PM

Look at my Post #4



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,084 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:36 PM

Posted 04 June 2014 - 03:54 PM

Hi,

You need to download the 64 bit version of HitmanPro onto your clean computer, it will still work fine even though your infected one is 32 bit. This is if you want to try HitmanPro.

xXToffeeXx~

Edited by xXToffeeXx, 04 June 2014 - 03:55 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 tomcruise24

tomcruise24
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 04 June 2014 - 08:05 PM

So i used msconfig to have it boot into safemode with minimal services before i asked for help.  So I cant get it to boot normally, even with hitman. can i use recovery command prompt to edit startup config somehow to set it back to normal?



#11 tomcruise24

tomcruise24
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 04 June 2014 - 08:57 PM

ok so i got it to bootnormally and the hitman thing does its thing but requires an internet connection?!



#12 JohnC_21

JohnC_21

  • Members
  • 24,285 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:36 PM

Posted 05 June 2014 - 09:06 AM

Hitman Pro is cloud based. Can you attach an Ethernet cable from the computer to the router or modem. According to the Kickstart manual it will allow connection to the internet wirelessly without entering your Wifi Crendentials.



#13 imichaelw1

imichaelw1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 09 June 2014 - 02:28 PM

I also have been FBI highjacked and I'm trying to use the Hitman kickstart USB method to fix, but my screen is blank and won't call up the Hitman window.  Let me ask something; do I need internet service just to have the Hitman Pro menu to appear on the monitor or for full function of the Hitman software? I ask because I have a blank screen when I call on the Hitman from the USB port, and of course I have no internet on the infected machine. I just need to know which tree to bark up in solving my problem. Thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users