Thanks to my 16 yo son, I have an infected PC. A ransomware has been installed mimicing a National Security Administration page. I haven't spent much time on getting rid of this, yet. The computer is worthless at the moment, as the ransomware has assumed complete control.
I tried booting in Safe Mode once, but got nowhere. Has anyone run accross anything like this, and if so, what did you do?
PS - Given the nature of the software, I thought the pirate icon worked ;-)
A friend had something similar on his computer, and I spent half of Saturday trying to get it out. I think I did, but their existing antivirus was still pretty screwed up when we called it a night.
See if you can get to msconfig (start->run->msconfig). That'll give you access to what comes up when you boot, and this software is one of those things running. Click over to Startup tab, and uncheck anything that looks suspicious. The malaware startup programs were easy to spot for me - random characters as file names, all located in the user's directory. I tracked those files down and deleted them.
(This is also a good time to clear out the recycle bin, and clear out any temporary files you can find. It might also be worth looking thru the Services tab to see if anything pops out as being strange.)
After I made those changes, I rebooted and ran Malwarebytes to find everything I didn't. That still didn't fix the existing antivirus - the ransom-ware ingeniously changed the permissions so no one could access it - but it cleaned up the new problems.
Originally posted by Sec19Row53Thanks to my 16 yo son, I have an infected PC. A ransomware has been installed mimicing a National Security Administration page. I haven't spent much time on getting rid of this, yet. The computer is worthless at the moment, as the ransomware has assumed complete control.
I tried booting in Safe Mode once, but got nowhere. Has anyone run accross anything like this, and if so, what did you do?
PS - Given the nature of the software, I thought the pirate icon worked ;-)
SCARY! I had to look up what the heck ransomware was. Never even heard of it!
Any idea where your son got infected?
CUBS - Once you made the msconfig changes and ran Malwarebytes, could you then uninstall and re-install the compromised antivirus program?
Nope. Most of my time was spent trying to reinstall the program - Microsoft Security Essentials - and getting error codes which didn't mean anything. It was only hours in when I realized it was a permissions error. There was a trip to look at getting a new computer - they needed one anyway - to take up some of the time.
Googling around - the malwarebytes.org forum comes up a lot in search and is worth creating an account to ask for help if you get stuck, Sec19Row53 - I found and used something called Farbar recovery scan which scanned thru and found more stuff (including the stuck folders), but figuring out how to get it to fix stuff was a guessing game. I go it to work to delete the stuck files, but by then everyone was falling asleep and I decided I should be going.
Well, I can't even get Windows to start up in Safe mode -- the virus causes it to shut down so that I can't access anything. If I start in normal mode, I don't have access to the computer long enough to get into Task Manager.
I'll try over at malwarebytes. Wish me luck, my kid's gonna need it :-)
ETA - Frosty - He's a 16 yo boy. Take a guess what he was doing (while he was 'working on homework').
If you remove the infected hard drive, can you use it as an external and connect it to another computer via USB? Then you can use that computer's antivirus and run a scan on the "external" HDD, or just pull essential files from it then reformat like Big G said. Would that work?
Yeah, once every 6 months I get something bad (a couple months ago, I was installing software and I told my brain not to click next, but my finger did).
Honestly, with any of this stuff it's just easier/quicker for me to just slap a new hard drive in the c slot and pull the data off the fucked one.
Going to do that tomorrow after dealing with visualbee for the last couple weeks.
With thanks to thecubsfan, I've gotten a bootable CD with a Kaspersky antivirus/recovery program on it. Trying to clean things right now. It's been a busy week. I hope to have good news later tonight.
With thanks to thecubsfan, I have a functional PC again. The Kaspersky Rescue CD allowed me to boot from CD, and to run their cleaning tool immediately thereafter.
First item on the to-do list - backup to the externalhard drive. DONE!
If it is a grounding issue, you may be able to mitigate the problem by buying a USB hub and leaving that connected to the USB, and then connecting and disconnecting at the USB hub instead of the front of the computer.
Thread rated: 7.02
#
#
