Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to access BIOS, Boot Menu, or anything else!!! Ransomware!!


  • This topic is locked This topic is locked
5 replies to this topic

#1 Atombomb

Atombomb

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 29 June 2014 - 04:36 PM

I posted this in the Windows 8 section as I thought it was a problem with such. However, I believe the Ransomware has a lot to do with the problem. So here is the issue:

 

Mother Board: Gigabyte 3.2GHZ

HDD: SATA 1 TB

OS: Windows 8.1

 

Problem: When the computer is powered on it boots normally. However, all function keys or cmd keys to get into BIOS (F2), BOOT Menu (F8), Set up menu (F12) are disabled.

 

Possible Cause: Ransomware, I know for a fact my son installed a .exe file that put ransomware on his computer due to the HDD being locked and inaccessible. Also, when logging into his user he is prompted with the ransom log on by GoTLINKS.

 

Attempted Fixes: I've tried removing the HDD cables and booting in hopes of getting forced into the boot menu. However, no drives are detected and I am prompted to insert the OS Disk and hitting ENTER. Upon doing so all KBoard keys are disabled and computer must be restarted. At this point the computer will boot from the OS Disk and allow for a install of windows or windows repair. Upon trying to reinstall the OS (after plugging the HDD back in) the OS Key states it is not retrievable, even though it is on the tower of his desktop. This happens after the key is inserted. (The key has been registered prior to this all happening). When going into windows repair from the disk I am given 3 options. System Refresh, System Reset, and Advanced Options.

 

System Refresh: Error: A Valid OS must be selected. Please select a valid OS and restart your system. 

 

System Reset: Error: The disk drive is locked. Please unlock the disk drive in order to proceed.

 

Advanced Options: CMD prompt is available but will not allow access into C:/ only into default X:/. System Restore pulls up the same error as system refresh and so on.

 

Hitman Pro: Put it on a USB drive, but the BIOS loads and ignores any function command going straight to user log on. For example, the F8, Shift+F8, or even Ctrl+Alt+S commands are ignored completely and brings me back to square one.

 

Jumper Switching (Tried) and Battery Removal <- (Not an Option): Tried them both to no avail.

 

USB Bootable Flash Drive: Attempting this now, but I'm almost certain the same problems will occur.

 

CMD Prompt: Tried DEBUG to force the BIOS back to default but cannot obtain the specific drive. Tried DISM.... ScanHealth Online/Offline but same problem occurs with the specific drive.

 

At this point I am all out of ideas, which is why I have come here. I'm assuming Windows quickstart option is preventing the use of functions through the reboot of BIOS. However a shutdown or restart (from user logon) should put windows back into a long restart, but it doesn't.

 

End Note* If the HDD is plugged in during booting of the system then no user options or function commands work. I am just directed to the user log on. CMD Prompt is unavailable, and so are any options to restore/reset/ or refresh the system. I can get into the BOOT Menu via holding the Shift Key while restarting the computer. However, all keys are disabled and the computer freezes on the Boot Menu window not even allowing me to hit ENTER to restart the computer.



BC AdBot (Login to Remove)

 


#2 Atombomb

Atombomb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 29 June 2014 - 04:44 PM

Update: I am putting Ubuntu onto a dvd and trying it that way. I will let you know the outcome. Any other suggestions while I am in this process are welcome as well.



#3 Atombomb

Atombomb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 29 June 2014 - 05:14 PM

Update: I was able to boot into Ubuntu and get into the HDD however, I cannot format it because it says I am not the owner. I can only edit mounting options. Any other suggestions?



#4 Atombomb

Atombomb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 29 June 2014 - 06:18 PM

Update: Finally found a fix to my problem. I will post the steps taken in order to help those who get infected with the Ransomware GoTLINKS (FBI Ransomware).


Edited by Atombomb, 29 June 2014 - 06:18 PM.


#5 Atombomb

Atombomb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 29 June 2014 - 06:33 PM

Problem: Ransomware (GoTLINKs.com, FBI Ransomware) .exe file installed onto computer.

 

Steps to remove problem:

 

Step 1: Installed Kaspersky Rescue Disk and burned the ISO.img to a DVD.

 

Step 2: Unplugged the SATA Cable to my Hard Drive.

 

Step 3: Turned on desktop and waited for prompt to boot from CD/DVD. Inserted burned DVD into the CD/DVD drive and hit ENTER to boot from it.

 

Step 4: Ran Kaspersky Rescue Disk in Graphics Mode.

 

Step 5: Opened a terminal (Same place the start menu icon is with windows OS) and typed in (Windowsunlocker). Typed in 1 hit ENTER, Then 0 hit ENTER, then typed EXIT.

 

Step 6: Shut down the computer. Reconnected the SATA Cable from the Hard Drive to the Mother Board.

 

Step 7: Was able to access BIOS through F2.

 

Step 8: Changed Boot Options to boot from CDROM and removed the option to boot from HDD.

 

Step 9: Restarted computer booting from the CDROM which was Kaspersky Rescue Disk. Repeated Steps 4 and 5. However Type 1 hit ENTER, Type 2 hit Enter, then Type 0 hit ENTER, then Type EXIT hit ENTER.

 

Step 10: Ran a FULL OBJECTS SCAN on the C drive. (Ransomware was detected and removed). Restarted computer.

 

Step 11: Went back into BIOS and changed boot menu option back to HDD as primary. Restarted Computer.

 

Step 12: Ransomware has been removed and full functionality has been restored.

 

Thanks for the help!!!



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,084 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:27 PM

Posted 04 July 2014 - 12:14 PM

Nice job on getting the computer booting again :)

 

Seeing as you have resolved this issue in this topic, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users