Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware has me hostage


  • This topic is locked This topic is locked
25 replies to this topic

#1 iTried

iTried

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 22 March 2015 - 08:11 PM

Hello, I have a Dell with xp that has DOJ Ransomware. I get the BSOD when i try to go to any safemode and I have tried Hitman and Kaspersky. What can I try next? TIA!



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 PM

Posted 25 March 2015 - 09:50 AM

Which BSOD Error?

On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used. To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
========== On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt ========== Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 iTried

iTried
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 25 March 2015 - 10:38 AM

Thanks for your response. I will be with the infected PC this evening around 9pm est. I will be able to respond then. Thanks again!



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 PM

Posted 25 March 2015 - 11:12 AM

OK, you are most welcome.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 iTried

iTried
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 25 March 2015 - 09:30 PM

Ok i used the recovery disc to get to the command prompt however when i type in notepad or notepad.exe i get 'The command line is not recognized   Type help for a list of commands.'

 

the BSOD error i get is 

 

***  Stop: 0x0000007B (0xF789E528, 0xC0000034, 0x000000000, 0x00000000)



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 PM

Posted 26 March 2015 - 12:50 PM

Can you make a photo of BSOD and send it to me, please?

Type cd C:\Windows\
then notepad

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 iTried

iTried
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 26 March 2015 - 08:40 PM

I am in the windows folder and when I type dir I see the notepad file but when i try to execute i get the error. I have attached pics.

 

 

Attached File  20150325_220015 (2).jpg   39.22KB   0 downloads

 

 

 

 

 

Attached File  20150326_213746.jpg   50.94KB   0 downloads



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 PM

Posted 27 March 2015 - 08:16 AM

What is the normal drive letter of your USB?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 iTried

iTried
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 27 March 2015 - 02:40 PM

I am not sure. If I plug it in another computer with no other external drives hooked up, would it be the same letter?



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 PM

Posted 27 March 2015 - 02:45 PM

Hmmm, good question. Use the same drive letter which is found at the other system and run FRST.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 iTried

iTried
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 27 March 2015 - 03:07 PM

Ok, will do this evening. Thanks.



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 PM

Posted 27 March 2015 - 03:26 PM

OK, you are most welcome.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 iTried

iTried
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 29 March 2015 - 08:59 PM

Attached File  20150329_214818.jpg   106.41KB   0 downloadsAttached File  20150329_214904.jpg   79.12KB   0 downloads

 

sorry for the delayed response. I was away from the PC until today.

 

I cannot execute anything from the command prompt other than the commands that comes up when i type help. The same list of command comes up regardless of the directory that I am in. Please see attached pics. Thanks



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 PM

Posted 30 March 2015 - 01:24 PM

Do you have a Windows Disc?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 iTried

iTried
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 30 March 2015 - 07:12 PM

Yes i do.


That is what i used to get to the command prompt.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users