Jump to content

Recommended Posts

Hello,

 

I tried to search the forum in case somebody had the same issue than me but I'm less and less hopeful... so I will need your direct help to heal my computer!

It (HP mini, Windows 7 starter, 32 bit) has been infected by a ransomware (french version) and there is absolutly nothing I can do. I tried to start in all the modes but I keep ending up on the ransomware page and since I have access to nothing I can't event seem to reach a program loaded on an USB key.

 

If you know how to help me, I would be very grateful for your help,

 

thank you in advance,

 

Ema

 

 

Link to post
Share on other sites

Thank you for the help.

I did the beginning using another computer and now I have a nice Kaspersky USB Rescue Disk. But I'm lost at the 4th step:

"

Configure the computer to boot from Removable Device

Use the Delete or F2 keys, to load the BIOS menu. The keys F1, F8, F10, F11, F12 might be used for some motherboards, as well as the following key combinations:

    • Ctrl+Esc 
    • Ctrl+Ins 
    • Ctrl+Alt  
    • Ctrl+Alt+Esc 
    • Ctrl+Alt+Enter 
    • Ctrl+Alt+Del 
    • Ctrl+Alt+Ins 
    • Ctrl+Alt+S "

I'm assuming that I now must run the USB disk on the infecterd computer. But I can't acess the disk. I tried doing all the combinations, before the windows logo and after and even on the ransomware page... But I didn't manage to find a BIOS menu  anywhere...

Link to post
Share on other sites

Ok, this time I'm really stuck!

I found the Boot options (it's all rather news to me!) and even changed the boot order to put the USB drive on top but then I am unable to find a way to point to the USB rescue drive and to run it. 

Is there something I am missing?

 

 

 

Thanks,

 

Ema

Link to post
Share on other sites

I took some time to try a repair of the computer but it didn't work.

I think I set the bios as recommended; In the system configuration, I went to Boot options. There I went to Boot order and I had 5 choices:

USB Diskette on key/USB Hard Drive (I put that in first position)

Notebook Hard Drive

USB CD/DVD ROM Drive

USB Flooppy

Network Adapter

 

This order is the only thing I can interfere with but when I turn off my computer and restart, it doesn't change anything.

Link to post
Share on other sites

I can't see what I could have done wrong: On the USB Stick there is;

rescue.iso

grub.exe (?)

rescueusb.iso

and after your post I tried to remove the file named help and to put the 3 files directly in the USB stick. Put still no response from the infected computer that keeps starting with windows...

Link to post
Share on other sites

If you have moved files on the USB stick then you`ve corrupt the program. Why are you moving files? All you have to do is follow the instructions at the Kaspersky link I gave you and make a bootable version of Kaspersky rescue. If you try and alter files later, then the bootable program will be corrupt.

 

I`ve attach two images that will show what will be on the USB stick;

 

First Image show what is installed on stick

 

Second Image show what is inside folder name rescue....

 

If you have altered the files on you stick to make different, then stick is no longer bootable

post-3601-0-67637100-1382219730_thumb.jp

post-3601-0-68916300-1382219755_thumb.jp

Link to post
Share on other sites

It's exactly what I have. I only tried to change things when it didn't work. I just did the USB stick again with the kaspersky tutorial but it still isn't working. Do you think it is possible that my infected computer doesn't read what is on the USB stick because it's not a "USB Diskette on key/USB Hard Drive"?

Link to post
Share on other sites

no dvd tray...and I tried in all the orders. But there is maybe another problem. Since I keep forcing the system to shut down, instead of restarting correctly, I always end up on the page "the system didn't stop correctly,so you can either start in normal mode, simplified mode..." (none of it works). Is it possible that the USB stick doesn't run because it's not a corrrect way to start the computer?

Link to post
Share on other sites

The Kaspersky Rescue tool is bootable and has its own operating system. I have used this tool many times on this and several other forums without any issue, i`ve also used it myself to fix computers.

 

What you explain is happening when you boot seems to suggest that the boot order is not correct, seems like the Hard drive is being seen first and system is booting from there, yet because of infection etc you make no progress.

 

To check the USB is loaded with Kaspersky correctly try it from another PC, ensure boot order is changed on the test PC and see what happens..

Link to post
Share on other sites

I have two HP desktops. On both of mine as you are booting tap the escape key until you see a Loading message on the screen. You do not need to change the boot order. You will get a list of bootable devices. Select the usb device you plugged. I can't imagine the laptop being different if it is an HP.

 

Now the bad news. I have the Homeland Security ransomeware on one machine. I could not get a memory stick to boot completely. One did, but lacked the Linux config file. I switched to using a CD and created an ISO file, first for COMODO. It booted ran and cleaned a bunch of things. Sadly, problem still exists. I think tried ANVI. Same results.

 

This trojan is really a pain, as you cannot boot into safe mode. I don't know how I got it, but the first symptom was no internet pages loading. When I rebooted, the trojan took over. I run AVG free version 14 and keep it up to date. I also run Malewarebytes once a week. In the 6 or 7 years I have had this computer (XP Pro), I had one other virus that AVG didn't detect, but Malewarebytes cleaned. My next attempt is to create a CD for Malewarebytes. Maybe I will also try Kaspersky

 

I am getting pretty close to using Knoppix to copy my data and reload the XP image which will wipe the hard drive (ouch!).

Link to post
Share on other sites

The best tool to remove Ransomware infections is Kaspersky rescue tool, before it kills the infection it gives the option to run a Windows unlocker, that will remove amended registry entries created by the infection,

 

If you want to remove/copy data from your system, that can also be done with the Kaspersky rescue tool...

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.