Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer ransomed and still can't get it to work despite reading forums...


  • This topic is locked This topic is locked
8 replies to this topic

#1 kosmar

kosmar

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 10 June 2014 - 04:31 PM

Dear all,

 

Thanks so much if you can help.

 

My browser got ransomed yesterday and i can't figure out how to sort it out. I'm a teacher and have all my marks on the computer and can no longer do anything so it's a bit of a nightmare as the end of term comes...

 

My browser turned into one of these "you have to pay us 100 euros for watching child pornography" screens (or something to that effect) and I switched my pc off - that's when all these problems started... (although i guess maybe switching my pc off abruptly could have caused it? seems like too much of a coincidence though no?

 

My pc now no longer boots to Windows 8. It just freezes to a black screen, I can move the mouse around but that's it. I've used the Maj F8 key to boot to the options screen in order to try a system restore, but my password no longer works for my admin account so i can't actually do any of the things such as system restore or refresh. I've also tried doing log in with safe mode and networking but this just reboots my computer to a black screen again.

 

Any other procedures I can follow before I go to the shop??

 

Thanks so much

 

Mark


Edited by kosmar, 10 June 2014 - 06:14 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 kosmar

kosmar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 10 June 2014 - 05:40 PM

And I now no longer seem to be able to boot to menu using maj F8 either now after a few trial reboots..

Edited by kosmar, 10 June 2014 - 07:01 PM.


#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:30 AM

Posted 21 June 2014 - 07:09 PM

Hello kosmar, and Welcome to Bleeping Computer! :thumbsup:

 

My name is bloopie, and I will be assisting you with your malware problems! :thumbup2:

We apologize for the delay in response to your topic! Your topic has not gone "overlooked", but the severity and gravity of the issue, may have contributed to the lack of a response here. Fortunately, I am now here to assist you!

I'd first like to ask you if you would still like assistance with this issue? If so, I will stay here until your malware issue is fixed! :)

 

==========

I have moved this topic back to the Malware Removal Logs forum where it will stay, so that I can help you directly, and without any other interference.

Unfortunately however, there are rare cases in which we will not be able to help you fix your machine...but those cases are rare, and most of the time, your issue will be handled effectively.

I only ask that you please try to follow my instructions as closely and diligently as you can, to avoid user error, and to be patient with me while I check your logs. Logs take time to analyze, and it would really help if you didn't do anything to change those logs while I look them over...(i.e. install/remove programs, run antimalware scans without instruction...that kind of thing :) ).

==========

Firstly, please try again to access any of the safemodes (including safemode with command prompt). If successful, that will radically change our removal methods and the time it takes us to do so! :wink:

If you cannot access any safemodes, please try to unplug the ethernet cable from the back of the machine (or disable the wifi on the laptop), and then please try again to enter any of the safemodes.

Please let me know if you are successful with any mode (even command prompt)!

====================

Please also let me know if you have your original Windows Installation CD available...that could help us quite a bit if we run into that as well.

Please let me know where you stand on these issues and I'll do my best to help you clean your machine! :thumbsup:

bloopie



#4 kosmar

kosmar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 22 June 2014 - 05:53 AM

Hi Bloopie,

 

Thanks so much for your response. I have a feeling unfortunately nothing can be done, as I can't access any menu whatsoever any more. Right now, when I switch my computer on, I get the Vaio logo pop up and despite hitting maj f8 frantically the next thing that happens is a little circular thing with dots (like when the computer is loading windows) for about a second before just turning to a black screen where i can't do anything, although if i touch the screen (it 's a vaio all in one touch screen) a little white pointer comes up. I can't turn off wireless as there is no switch to do so and I don't have an ethernet cable plugged in. There are 4 possible lights that turn on at the top right of my screen - the wireless one is green, the hard drive activity one in blank, battery one is blank and power is green. That's about all the details I can give for now. I'm going to keep trying booting to a safe mode until i hear back from you but i don't see what can be done!

 

Thanks

 

Mark



#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:30 AM

Posted 22 June 2014 - 12:51 PM

Hello Mark,

 

Thanks so much for your response.

It's my pleasure!

 

 

What you describe, doesn't sound good, but there are still other things we could try! :) I have fixed many a machine with ransomeware, but I haven't fixed them on Windows 8 before. As long as we have a couple of things, I'm confident we can fix this machine!

 

==========

 

Do you have your Original Windows Installation disk that we could use to boot the laptop from? Or, do you have access to another "clean" computer so that we can make a boot disk if possible, and/or copy tools and programs with a removable media (such as a flashdrive)?

 

If we have these things, then we should be able to get you back up and running. The only worry that I have is if your files have been encrypted with the Cryptolocker malware. I don't think that's what we're dealing with, but we have to first be sure.

 

==========

 

Let me know what we have to work with and we'll see what we can do! :wink:

 

bloopie



#6 kosmar

kosmar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 22 June 2014 - 04:51 PM

Hello!

 

I don't have a windows boot cd, in fact the computer didn't come with one. Windows was installed on it, but i didn't get any cd. In fact, the computer doesn't physically have a cd drive. However, I do have an external dvd drive that i can plug into it.

 

I have usb keys that i can plug in, as well as a clean computer  which is the laptop i am currently using.

 

Thanks,

Mark



#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:30 AM

Posted 22 June 2014 - 05:29 PM

Hello again,

Okay, let's try this: You will need a flashdrive and a clean computer:

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer

  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB. If that doesn't work, let me know. Booting from USBs is different depending on your BIOS.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Click File and navigate to your USB...it's likely \mnt\sdb1, but it may be sdc1, etc. You can tell you're there when you see xPUD_userinit_fix
  • double-click xPud_userinit_fix
  • When it's done, click Home & power off the computer.
  • Remove the xPud flash drive, put it in your working computer (already booted to Windows) and copy/paste the contents of UserinitReport.txt in your reply to me.

bloopie


Edited by bloopie, 22 June 2014 - 05:30 PM.


#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:30 AM

Posted 28 June 2014 - 07:55 PM

Hello again,

 

It has been several days since my last post. Do you still need help with this issue? If so, please follow the instructions in my last post. If not, please let me know!

 

If you do not respond in another 24-hours, I will be forced to close this topic!

 

bloopie



#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:30 AM

Posted 29 June 2014 - 04:26 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me a PM and I will re-open it for you. Please include a link to the topic in the PM.

If your response is over a week old, it's best that you begin a new topic.

Everyone else, please begin a new topic.

Thank you.

Edited by bloopie, 29 June 2014 - 04:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users