Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware infection


  • Please log in to reply
7 replies to this topic

#1 Rusty1520

Rusty1520

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 16 May 2017 - 08:57 AM

Can anyone identify this ransomware from the screen picture and tell me what removal tool I need. I have a friend who has this. Tried to remove it with an eset scan of his drive but it did not work. Thanks in advance. I have removed all data files and could format the drive for him if that is the only option. Please help. Sorry I thought I could upload a screen picture. The text of the message is: This computer is configured to require a password in order to start up. Please enter the Startup Password below.



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:53 AM

Posted 16 May 2017 - 09:11 AM

What is the Operating System? Are you able to reach the Recovery Environment Command prompt?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:53 AM

Posted 16 May 2017 - 09:18 AM

Sorry I thought I could upload a screen picture.


You should be able to upload the picture to a image hosting service (like imgur.com or flickr.com or photobucket.com) and then post a link to the picture here.

#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:53 AM

Posted 16 May 2017 - 09:55 AM

Does it look like this?

 

syskey.png

 

If so, it is SysKey. One solution here: http://triplescomputers.com/blog/casestudies/solution-this-is-microsoft-support-telephone-scam-computer-ransom-lockout/

 

It isn't ransomware.


Edited by Demonslay335, 16 May 2017 - 09:55 AM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 Rusty1520

Rusty1520
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 16 May 2017 - 01:07 PM

What is the Operating System? Are you able to reach the Recovery Environment Command prompt?

Xp, the drive is out of the computer at the moment. Thanks for the info from everyone here I have some things to try now.



#6 Rusty1520

Rusty1520
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 16 May 2017 - 01:11 PM

Does it look like this?

 

syskey.png

 

If so, it is SysKey. One solution here: http://triplescomputers.com/blog/casestudies/solution-this-is-microsoft-support-telephone-scam-computer-ransom-lockout/

 

It isn't ransomware.

Then there must be other info I did not get because there was a phone number to call to a fake Microsoft tech who was asking for money. I will have to get the whole computer to check the rest out. Thanks for the info.



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:53 AM

Posted 16 May 2017 - 02:01 PM

All you need to do is to perform a system restore to a date prior to the onset of the issue.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 AM

Posted 16 May 2017 - 02:32 PM

Actual ransomware usually will have obvious indications (signs of infection)...it typically targets and encrypts data files so you cannot open them on your computer (and all connected drives at the time of infection), in most cases it appends an obvious extension to the end or beginning of encrypted filenames (although some variants do not), demands a ransom payment by dropping ransom notes in every directory or affected folder where data has been encrypted and sometimes changes Windows wallpaper. Less obvious symptoms include adding or modifying registry entries and deletion of Shadow Volume Copies so that you cannot restore your files from before they had been encrypted but leaves the operating system working so the victim can pay the ransom. Further, when dealing with real ransomware, the cyber-criminals generally instruct their victims to contact them by email or website for decryption...they do not provide a phone number to call for assistance.

If there are no obvious extensions appended to your file names, no ransom notes, no demands of payment, your data is not actually encrypted and a phone number is provided to call, then you most likely are dealing with fake ransomware, a fake web page in your browser, some version of a Tech Support Scam or something else.

For more information about how these scams work and resources to protect yourself, please read Beware of Phony Emails & Tech Support Scams.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users