The W
Views: 99013326
Main | FAQ | Search: Y! / G | Calendar | Color chart | Log in for more!
18.9.14 1650
The W - Internet & Computers - Ransomware
This thread has 4 referrals leading to it
Register and log in to post!
Thread rated: 7.02
Pages: 1
(11 newer) Next thread | Previous thread
User
Post (14 total)
Sec19Row53
Lap cheong








Since: 2.1.02
From: Oconomowoc, WI

Since last post: 3 days
Last activity: 7 hours
Y!:
#1 Posted on | Instant Rating: 6.07
Thanks to my 16 yo son, I have an infected PC. A ransomware has been installed mimicing a National Security Administration page. I haven't spent much time on getting rid of this, yet. The computer is worthless at the moment, as the ransomware has assumed complete control.

I tried booting in Safe Mode once, but got nowhere. Has anyone run accross anything like this, and if so, what did you do?

PS - Given the nature of the software, I thought the pirate icon worked ;-)
Promote this thread!
thecubsfan
Scrapple
Moderator








Since: 10.12.01
From: Aurora, IL

Since last post: 7 days
Last activity: 1 day
#2 Posted on | Instant Rating: 9.35
A friend had something similar on his computer, and I spent half of Saturday trying to get it out. I think I did, but their existing antivirus was still pretty screwed up when we called it a night.

See if you can get to msconfig (start->run->msconfig). That'll give you access to what comes up when you boot, and this software is one of those things running. Click over to Startup tab, and uncheck anything that looks suspicious. The malaware startup programs were easy to spot for me - random characters as file names, all located in the user's directory. I tracked those files down and deleted them.

(This is also a good time to clear out the recycle bin, and clear out any temporary files you can find. It might also be worth looking thru the Services tab to see if anything pops out as being strange.)

After I made those changes, I rebooted and ran Malwarebytes to find everything I didn't. That still didn't fix the existing antivirus - the ransom-ware ingeniously changed the permissions so no one could access it - but it cleaned up the new problems.



thecubsfan.com - luchablog
DJ FrostyFreeze
Knackwurst








Since: 2.1.02
From: Hawthorne, CA

Since last post: 11 days
Last activity: 15 hours
#3 Posted on | Instant Rating: 7.59
Read it and weep, fella


    Originally posted by Sec19Row53
    Thanks to my 16 yo son, I have an infected PC. A ransomware has been installed mimicing a National Security Administration page. I haven't spent much time on getting rid of this, yet. The computer is worthless at the moment, as the ransomware has assumed complete control.

    I tried booting in Safe Mode once, but got nowhere. Has anyone run accross anything like this, and if so, what did you do?

    PS - Given the nature of the software, I thought the pirate icon worked ;-)
SCARY! I had to look up what the heck ransomware was. Never even heard of it!

Any idea where your son got infected?

CUBS - Once you made the msconfig changes and ran Malwarebytes, could you then uninstall and re-install the compromised antivirus program?



CLICK OR DIE
Prolly time for a new sig :(
thecubsfan
Scrapple
Moderator








Since: 10.12.01
From: Aurora, IL

Since last post: 7 days
Last activity: 1 day
#4 Posted on | Instant Rating: 9.35
Nope. Most of my time was spent trying to reinstall the program - Microsoft Security Essentials - and getting error codes which didn't mean anything. It was only hours in when I realized it was a permissions error. There was a trip to look at getting a new computer - they needed one anyway - to take up some of the time.

Googling around - the malwarebytes.org forum comes up a lot in search and is worth creating an account to ask for help if you get stuck, Sec19Row53 - I found and used something called Farbar recovery scan which scanned thru and found more stuff (including the stuck folders), but figuring out how to get it to fix stuff was a guessing game. I go it to work to delete the stuck files, but by then everyone was falling asleep and I decided I should be going.



thecubsfan.com - luchablog
Sec19Row53
Lap cheong








Since: 2.1.02
From: Oconomowoc, WI

Since last post: 3 days
Last activity: 7 hours
Y!:
#5 Posted on | Instant Rating: 6.07
Well, I can't even get Windows to start up in Safe mode -- the virus causes it to shut down so that I can't access anything. If I start in normal mode, I don't have access to the computer long enough to get into Task Manager.

I'll try over at malwarebytes. Wish me luck, my kid's gonna need it :-)

ETA - Frosty - He's a 16 yo boy. Take a guess what he was doing (while he was 'working on homework').

(edited by Sec19Row53 on 6.11.13 2032)
EddieBurkett
Boudin blanc








Since: 3.1.02
From: GA in person, NJ in heart

Since last post: 6 days
Last activity: 7 hours
#6 Posted on
Do you have access to another profile? If you can log into safe mode under an uninfected profile, you should be able to start running some scans.



Mash Those Buttons -- by gamers, for gamers, about gamers gaming (mashthosebuttons.com)



WoW! Thoughts! (mashthosebuttons.com)
Big G
Potato korv








Since: 21.8.03
From: the people who brought you Steel Magnolias....

Since last post: 32 days
Last activity: 12 hours
#7 Posted on | Instant Rating: 6.16
    Originally posted by Sec19Row53
    ...

    ETA - Frosty - He's a 16 yo boy. Take a guess what he was doing (while he was 'working on homework').

    (edited by Sec19Row53 on 6.11.13 2032)


Format C:

It's the only thing I do with an infected PC these days. 9/10 times you'll be up and running faster.♦♠

And if the kid experiences a little bit of pain in the loss of his save games and 'stash', it might help him learn.
StaggerLee
Scrapple








Since: 3.10.02
From: Right side of the tracks

Since last post: 8 hours
Last activity: 8 hours
#8 Posted on | Instant Rating: 1.63
Ubuntu that sucker.




YOUR 2012 NCCA Tournament Bracket Challenge Winner
DJ FrostyFreeze
Knackwurst








Since: 2.1.02
From: Hawthorne, CA

Since last post: 11 days
Last activity: 15 hours
#9 Posted on | Instant Rating: 7.59
Read it and weep, fella


If you remove the infected hard drive, can you use it as an external and connect it to another computer via USB? Then you can use that computer's antivirus and run a scan on the "external" HDD, or just pull essential files from it then reformat like Big G said. Would that work?



CLICK OR DIE
Prolly time for a new sig :(
Guru Zim
SQL Dejection
Administrator








Since: 9.12.01
From: Bay City, OR

Since last post: 6 days
Last activity: 2 days
AIM:  
#10 Posted on | Instant Rating: 9.14
You can also look for a bootable CD that has a recent AV installed on it. I think Trend Micro used to offer something like this. Good luck.




Sign up for Folding@Home and join our team. PM me for details.

Ignorance is bliss for you, hell for me.
theremin
Head cheese








Since: 31.1.12

Since last post: 114 days
Last activity: 5 days
#11 Posted on | Instant Rating: 6.75
Yeah, once every 6 months I get something bad (a couple months ago, I was installing software and I told my brain not to click next, but my finger did).

Honestly, with any of this stuff it's just easier/quicker for me to just slap a new hard drive in the c slot and pull the data off the fucked one.

Going to do that tomorrow after dealing with visualbee for the last couple weeks.
Sec19Row53
Lap cheong








Since: 2.1.02
From: Oconomowoc, WI

Since last post: 3 days
Last activity: 7 hours
Y!:
#12 Posted on | Instant Rating: 6.07
With thanks to thecubsfan, I've gotten a bootable CD with a Kaspersky antivirus/recovery program on it. Trying to clean things right now. It's been a busy week. I hope to have good news later tonight.
Guru Zim
SQL Dejection
Administrator








Since: 9.12.01
From: Bay City, OR

Since last post: 6 days
Last activity: 2 days
AIM:  
#13 Posted on | Instant Rating: 9.14
Good Luck!




Sign up for Folding@Home and join our team. PM me for details.

Ignorance is bliss for you, hell for me.
Sec19Row53
Lap cheong








Since: 2.1.02
From: Oconomowoc, WI

Since last post: 3 days
Last activity: 7 hours
Y!:
#14 Posted on | Instant Rating: 6.07
With thanks to thecubsfan, I have a functional PC again. The Kaspersky Rescue CD allowed me to boot from CD, and to run their cleaning tool immediately thereafter.

First item on the to-do list - backup to the externalhard drive. DONE!
Thread rated: 7.02
Pages: 1
Thread ahead: Using US iPhones abroad
Next thread: VGA to HDMI Convertors
Previous thread: Creative reuses for Android phones?
(11 newer) Next thread | Previous thread
A purported "Saudi muslim" has hacked/hijacked the Declaration-of-Independents wrestling website, posting pictures about the Israel-Lebanon conflict. Odd.
- Eddie Famous, DoI site hacked (2006)
The W - Internet & Computers - RansomwareRegister and log in to post!

The W™ message board

ZimBoard
©2001-2014 Brothers Zim

This old hunk of junk rendered your page in 0.23 seconds.