Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Please Help - Ransomware Attack

  • This topic is locked This topic is locked
2 replies to this topic

#1 Morgane


  • Members
  • 59 posts
  • Gender:Female
  • Local time:04:48 PM

Posted 28 August 2017 - 02:26 PM

Hi There,
I may have become a victim of a ransom ware attack. It blocked my PC and I panicked and forced it close.
I managed to boot into Windows safe mode. Can I find out from here if the PC has been infected?
I should be most grateul if you would advise me on what to do next.
PC is an HP All-In-One TouchSmart IQ830be with a dual boot Vista/Ubuntu.
Many thanks in Advance,
PS meanwhile my daughter managed to boot into Ubuntu (which works fine).., How do I get back into Windows SafeMode??????

Mod Edit.. moved from Vista to Ransomeware Support ~ boopme

Edited by boopme, 28 August 2017 - 05:44 PM.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,953 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:48 AM

Posted 29 August 2017 - 07:01 AM

From what you describe, it sounds like a browser pop-up scam scam.

Tech Support Scamming through unsolicited phone calls, browser pop-ups and emails from "so-called Support Techs" advising "your computer is infected with malware", “all your files are encrypted" and other fake messages has become an increasing common scam tactic over the past several years. The scams may involve web pages with screenshots of fake Microsoft (Windows) Support messages, fake reports of suspicious activity, fake warnings of malware found on your computer, fake ransomware and fake BSODs all of which include a tech support phone number to call in order to fix the problem. If you call the phone number (or they called you), scammers will talk their victims into allowing them remote control access of the computer so they can install a Remote Access Trojan in order to steal passwords and other sensitive personal information which could then be used to access bank accounts or steal a person's identity.

These are a few examples.

For more information about how these scams work and resources to protect yourself, please read Beware of Phony Emails & Tech Support Scams...there are suggestions near the bottom for dealing with scams and a list of security scanning tools to use in case the usual methods do not resolve the problem or you allowed remote access into your computer.

If you need individual assistance with a malware infection, you should start a new topic in the Am I infected? What do I do? forum.

OR follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

As for your PS...try some of the suggestions in How do I get back into Windows SafeMode from Ubuntu

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 hamluis



  • Moderator
  • 56,430 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:48 AM

Posted 31 August 2017 - 01:33 PM

OP reposted in MRL, https://www.bleepingcomputer.com/forums/t/655869/possibly-infected-with-ransomware-please-help/ .


This topic is now closed to avoid confusion.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users