Jump to content

Recommended Posts

I have ransomwear on my samsung nc10 thats asking for a UKASH payment to be sent by SMS in exchange for an unlocking code. The message pops up full screen when I boot up the netbook and I cant get past it to enter windows and its alos preventing me from entering safe mode. Any attempt to run an antivirus or recovery disk from a usb stick have so far failed. At this stage, I'd be quite happy to wipe the machine and reinstal windows if I cant delete the virus. Any advice on dealing with the problem would be much appreciated.

Thanks!

Link to post
Share on other sites

  • Root Admin

Does it look like the following?

dscn0044c.jpg

Are you able to boot into SAFE MODE by tapping the F8 key while the system boots?

You can also give this tool a try and see if it can fix it. It's possible that there is just malware on the box preventing a boot up that can be removed and the files are not actually encrypted.

Kaspersky Rescue Disk 10 is designed to scan and disinfect x86 and x64-compatible computers that have been infected. The application should be used when the infection is at such level that it is impossible to disinfect the computer using anti-virus applications or malware removal utilities (such as Kaspersky Virus Removal Tool) running under the operating system. In this case, disinfection is more efficient because malware programs do not gain control when the operating system is being loaded.

Kaspersky Rescue Disk 10

Kaspersky Rescue Disk 10 - Product Info

Kaspersky Rescue Disk - User Guide (English)

If the above does not work and you cannot get in via SAFE MODE then the information below might be what you actually have.

It looks like you probably do not have a choice with this one. Unless you get lucky and find an unlock code the files cannot be decrypted. However searching the Web for one could easily infect another box.

Ransomware: GPCode strikes back

The Price of Recovery: $125 for the Return of User Data

If the system was shut down in time there might still be some data that can be recovered from a boot cd or slaving the drive to another computer.

Link to post
Share on other sites

Hi

Thanks for your advice. What you can see in the photogrph is exactly what Ive got on my screen.

Its not possible to boot into Safe Mode and the only way Ive got into the machine at all is to boot up from a USB stick - http://www.pendrivelinux.com/yumi-multiboot-usb-creator/

There are various tools you can run from the YUMI multiboot, including the Kaspersky rescue disk and various antivirus programmes, but none of these are able to get going on my machine and trying just results in various error messages.

I think unless I can track down an unlock code on the web I'll have to get the machine wiped. Do you have an advice on this process bearing in mind I cant access the machine other than via the USB multiboot?

Are you aware if this specific of ransomwear has a name? Any searches Ive done for unlock codes have failed to turn up anyone who has had exactly the same problem and hence Ive not managed to find a code so far.

Thanks again

Link to post
Share on other sites

  • Root Admin

The system may possibly have a recovery partition to reinstall Windows back to factory specs. If not then you may be up a creek as many of the MFG no longer even provide restore media for XP. You can use an external USB DVD drive to boot from and install Windows 7 (can buy a dvd from places like NewEgg or similar online)

Its also possible to install from a USB stick but a bit more of a challenge than installing from DVD.

Sorry - no other real options that I can think of.

Link to post
Share on other sites

  • Root Admin

Well you'd need to buy the Windows 7 DVD but yes basically should be pretty easy. In the future make sure you have your data backed up to prevent actual data loss. Windows and applications are always easily replaced but your own images and documents are what is important.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.