Jump to content

Recommended Posts

Well... I was playing around ignoring automatic updates a day or two ago and one of them had been postponed repeatedly. I ignored it, not realizing I had company that was on my pc earlier and I thought nothing of it. Later I come back to it finalizing the updates and I see at the login screen a warning about my computer containing illegal content or something of the sort, and saying I had 48 hours to contact the owner of the PC or face criminal indictment. Of course I was worried, and I called the number that it has listed (( the number being the previous owner, continental rental - where I had purchased the PC from )) And they told me it wasn't their software it was a virus. So I looked at the FBI Moneypak ransomware and realized it has heaps of similarities but a few things that draw them apart as well. The biggest being that my virus never asks I can log in, but right after I do 30 seconds or so pass and it memory dumps with BSOD. This is without me performing any actions. It also tends to force restarts on my pc if I let it sit at the login screen where the warning appears. If I start it in safe mode, it will still cause BSOD if I remember correctly, if not it just forces restarts. I've tried a windows 7 repair disc but the repairs never fixed the blue screen, Windows defender offline won't pick up the virus, and Hitmanpro tells me my trial ran out so kickstart is out of the option as well, although kickstart didn't work because it still had blue screens during the scan it ran. Windows defender completed both a quick and full scan with no issues other than it failed to notice a virus. I have 3 years of accumulated work on my pc and information I can't simply bare losing. So starting new isn't an option but I can't find a way to get enough access to my PC long enough to be able to remove whatever is causing the issue.

Link to post
Share on other sites

Download Farbar Recovery Scan Tool from here:                                                                  

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

 

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

 

On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

I can't quite make it that far. I downloaded farbar and such but I never got any windows disc when I bought my pc. I used a very similar pc to make a recovery disc, I believe it was called. But I didn't find the options that you display so I assume it is the wrong type of disc.
So do I need to buy a new windows 7 install disc?

Link to post
Share on other sites

Instructions for creating Windows 7 rescue CD here: http://windows.microsoft.com/en-gb/windows7/create-a-system-repair-disc If that still a no go and you cannot access recovery environment via F8 also maybe Kaspersky 10 rescue CD is a better option....

 

Kaspersky Rescue CD

STEP A:

 

Download and create a bootable Kaspersky Rescue Disk CD

 

1. Download the Kaspersky Rescue Disk ISOimage from below.

 

 KASPERSKY RESCUE DISK DOWNLOAD LINK (This link will open a new page from where you can download Kaspersky Rescue Disk ISO)

 

2. Download ImgBurn, a software that will help us create this bootable disk. (If you already have necessary software, use that)

 

 IMGBURN DOWNLOAD LINK (This link will open a new page from where you can download ImgBurn)

3. You can now insert your blank DVD/CD in your burner.

 

4. Install ImgBurn by following the prompts and then start this program.

 

5. Click on the Write image file to disc button.

 

6. Under 'Source' click on the Browse for file button, then browse to the location where you previously saved the Kaspersky Rescue Disk ISO file.(kav_rescue_10.iso)

 

7. Click on the big Write button.

 

8. The disc creation process will now start and it will take around 5-10 minutes to complete.

 

 

STEP B:

 

Configure the computer to boot from CD-ROM

 

On some machines,if you restart the computer and repeatedly tap the F11 key it should bring up the Boot Menu, from there you can select to boot from the CD.

IF this doesn't happen then you'll need to configure your computer to boot for a CD like you'll see below.

 

 Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:

 

1. Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:

 

2. In your PC BIOS settings select the Boot menu and set CD/DVD-ROM as a primary boot device.

 

3. Insert your Kaspersky Rescue Disk and restart your computer.

 

STEP C:

 

Boot your computer from Kaspersky Rescue Disk

 

1. Your computer will now boot from the Kaspersky Rescue Disk,and you'll be asked to press any key to proceed with this process

 

 

Kasp1-1.png

 

 

2. In the start up wizard window that will open, select your language using the cursor moving keys. Press the ENTER key on the keyboard.

 

 

Kasp2-1.png

 

 

3. On the next screen, select Kaspersky Rescue Disk. Graphic Mode then press ENTER.

 

 

Kasp3-1.png

 

 

4. The End User License Agreement of Kaspersky Rescue Disk will be displayed on the screen. Read carefully the agreement then press the C button on your keyboard.

 

5. Once the actions described above have been performed, the Kasprsky operating system will start.

 

STEP D:

 

Launch Kaspersky WindowsUnlocker to remove the malicious registry changes

 

This ransomware trojan has modified your Windows system registry so that when you're trying to boot your computer it will instead launch his lock screen.To remove this malicious registry changes we need to use the Kasersky WindowsUnlocker from Kaspersky Rescue Disk.

 

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky WindowsUnlocker.

 

 

Kasp5-1.png

 

 

IF you can't find the WindowsUnlocker button, you can select Terminal and in the command prompt type windowsunlocker and then press Enter on the keyboard.

 

2. A white colored console window will appear and will automatically start loading the registry files for scanning and disinfection. The whole process will take only a couple of seconds and after this process you should be able to boot your computer in normal mode.

 

 

Kasp6-1.png

 

 

STEP E:

 

Scan your system with Kaspersky Rescue Disk

 

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky Rescue Disk then click on My Update Center and press Start update.

 

 

Kasp7-1.png

 

 

2. When the update process has completed, the light at the top of the window will turn green, and the databases release date will be updated.

 

 

Kasp8-1.png

 

 

3. Click on the Objects Scan tab, then click Start Objects Scanto begin the scan.

 

 

Kasp9-1.png

 

 

4. If any malicious items are found, the default settings are to prompt you for action with a red popup window on the bottom right. Delete is the recommended action in most cases but we strongly recommend that you try first to disinfect , and if it doesn't work chose to quarantine the infected files just to be on the safe side.

 

 

Kasp10-1.png

 

 

5. When all detected items have been processed and removed, the light in the window will turn green and the scan will show as completed.

 

 

Kasp11-1.png

 

 

6. When done you can close the Kaspersky Rescue Disk window and use the Start Menu to Restart the computer.

 

7. When booted back into Windows Navigate > Start > Computer > C:\Kaspersky Rescue Disck 10.0 Open the folder, inside is log from KRD run named "ScanObject" copy/paste that file to your reply.

 

Kaspersky 10 rescue can also be installed to a USB memory stick, instructions here: http://support.kaspersky.com/8092

 

Let me know if any success...

 

Kevin

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 2 weeks later...

I scanned it, but it ran for 3 seconds and stopped and said finished. I reread my error and I failed to add the hard drive to the scan list, but no matter what it won't detect it. I can't find any of my files actually and when the disc first starts it warns me that my operating system wasn't shutdown correctly and says something about causing damage /:
what do I do?

Link to post
Share on other sites

Can you boot into Safe mode or Safe mode with Networking and run FRST

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

I do not believe Kaspersky did anything to your system, you already say you could not list the HD for the scan. Also if it ran for 3 seconds that is because it had no entries to scan....

 

This warning/virus sxxt you mention, when that appears select these keys together Alt and F4 does close that screen or do you get the option to close it? If that does not help the only way forward is to run FRST from outside of Windows via the Recovery Environment. To do that you will need either an Installation CD compatible with your OS or a Recovery CD.

A recovery cd can be made on another compatible OS on a spare PC, possibly friends or relatives...

 

Link here: http://windows.microsoft.com/en-gb/windows7/create-a-system-repair-disc for instructions how to create the CD

Link to post
Share on other sites

I don't have a screen that blocks me, it is more or less a message prompt as I log into windows. at first I could click ok and do as I pleased but no matter what, 30 seconds or so after logging in it would blue screen of death. After I used the kaspersky disc now I can't use my mouse but oh well. How do I run FRST outside of windows? I'll buy another disc tomorrow.

Link to post
Share on other sites

Are you able to take a photograph of either or better still both of the screens you see, the message prompt and the BSOD.

 

To run FRST from outside of windows there are two methods, I give you both.

 

Please download Farbar Recovery Scan Tool from here:                                                                  

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

 

If you are using Vista or Windows 7/8 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:


Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

 

To enter System Recovery Options by using Windows installation disc:


Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

 

On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 


Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

Kevin....

Link to post
Share on other sites

  • 2 weeks later...

I apologize, I have financial issues at the moment and hadn't access to a working PC.
I've managed to recover the pictures I was speaking of 
https://scontent-b-ord.xx.fbcdn.net/hphotos-prn1/v/t35.0-12/1978452_10203835348703760_35160522_o.jpg?oh=799243cb8ef2fc2feb2ff779fcdac0a0&oe=5335320B this one appears right as windows home premium loads, before it lets me log in.
https://scontent-b-ord.xx.fbcdn.net/hphotos-prn2/v/t35.0-12/1913509_10203835349503780_807946095_o.jpg?oh=ea3045c5caed80b63709077c8e82aaa8&oe=5334CD4E this is the one that would occur after logging in, roughly 30 seconds in.

Link to post
Share on other sites

the scan completed, and when I checked the daignosis there is one called "the root cause" and it says system volume on disk corrupted.
I restarted the PC as it wanted and it allowed me log in in again, using my mouse unlike after the kaspersky issue.  Once logged in I was all happy thinking it was fixed, but then it crashed again right after. I can't manage to get into the command prompt via the advanced boot options only via starting it in safe mode with command prompt, but crashes in such a short time I don't think I'll be able to create the FRST logs

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.