Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware fix using Android tablet


  • This topic is locked This topic is locked
109 replies to this topic

#1 Depthcharge

Depthcharge

  • Members
  • 248 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 14 August 2014 - 06:53 AM

I have a computer running Windows 7 that has been locked up for some months now. It is a Toshiba Portege ultrabook (no disks). I found the thread used to get rid of the virus using a program called Hitman which requires running the program for a 32 or 64 bit machine. The only other machine I have is my Toshiba Thrive. Can I somehow get the program and run it from this machine, so that I can get it onto a jumpdrive and then to the infected machine? I hope that was clear. I will do my best to answer any questions. Thanks in advance


Edited by hamluis, 14 August 2014 - 07:04 AM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 14 August 2014 - 07:50 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Let´s do this manually:

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Depthcharge

Depthcharge
  • Topic Starter

  • Members
  • 248 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 14 August 2014 - 08:27 AM

First and foremost, I am unsure whether my machine is 32 or 64 and seeing as I am unable to get past the password entry screen, I cannot ask the computer. I queried in another thread if there is a way to determine which using the key/serial # or what have u on the stickers beneath the computer. Please forgive my ignorance. Any suggestions? Thank you

#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 14 August 2014 - 09:32 AM

Start the windows Explorer, hit "My Computer" with the right mouse button, select "Properties".

You´ll find the information you´re searching for at "System type". :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Depthcharge

Depthcharge
  • Topic Starter

  • Members
  • 248 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 14 August 2014 - 11:22 AM

I cannot get past the password screen. After I enter my password the screen goes blank white and nothing I do changes it. This is different than the FBI cybercrime page that popped upon login but equally as frustrating I can do NOTHING I am completely frozen out. No menu, no nothing.

#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 15 August 2014 - 02:56 AM

Download both files, for 32 as well as 64bit and save them to your flash device.

Boot the sick computer and try to run both files. If you don´t get an error message displayed, you ran the right file. :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Depthcharge

Depthcharge
  • Topic Starter

  • Members
  • 248 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 15 August 2014 - 03:27 AM

I completed the steps as you outlined above, I now have two files on my jump drive. FRST.exe and FRST64.exe I can open neither. ''There is no associated application for this file type'' I'm not sure how to cut n paste a file I can't open but I may be able to send it as an attachment...

#8 Depthcharge

Depthcharge
  • Topic Starter

  • Members
  • 248 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 15 August 2014 - 03:42 AM

I tried to download a .txt reader application, but all I got upon opening the file was some kid of encoded gobblygook/nonsense. The app was TextReader if that makes a difference. Useless.

#9 Depthcharge

Depthcharge
  • Topic Starter

  • Members
  • 248 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 15 August 2014 - 03:56 AM

I'm not sure why the log file did not save. Should I try again?

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 15 August 2014 - 04:03 AM

No, you have to boot the sick computer into recovery environment and scan it with FRST following my instructions above.

FRST will make two text files on your usb drive, FRST.txt and Addition.txt.

 

You don´t need to open them - use the forum´s "More reply options" on the bottom right to upload both files here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Depthcharge

Depthcharge
  • Topic Starter

  • Members
  • 248 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 15 August 2014 - 04:09 AM

Sorry, this is the only way I could figure out how to copy the file.

Attached Files

  • Attached File  FRST.txt   111.75KB   6 downloads


#12 Depthcharge

Depthcharge
  • Topic Starter

  • Members
  • 248 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 15 August 2014 - 04:10 AM

No Addition.txt One moment...

#13 Depthcharge

Depthcharge
  • Topic Starter

  • Members
  • 248 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 15 August 2014 - 04:13 AM

I've checked and rechecked. No Addition.txt simply the file I sent as an attachment in my previous post

#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 15 August 2014 - 04:21 AM

My mistake - as you´ve scanned within Recovery Environment, addition.txt is not created. I greatly apologize.

I´m currently reviewing your log, please be patinet with me meanwhile.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Depthcharge

Depthcharge
  • Topic Starter

  • Members
  • 248 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 15 August 2014 - 04:30 AM

Than you very much. I powered on the sick machie again and have been wait I g for it to complete a sleu of updates




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users