How do I get my computer back from ransomware

February 23, 2018 at 11:58:45
Specs: Windows 7 pro, 4
I have ransomware and they want me to pay by bitcoins.

I put in everything but it won't let me type in "save as" as stated above


See More: How do I get my computer back from ransomware

Reply ↓  Report •

#1
February 23, 2018 at 13:05:48
is it wanna cry?

please tell us what it is called, pictures may help.

in some cases it is possible to remove the cryptolocker/ransomware & get rid of the encryption/etc
but youll have to give us more information

i5-6600K[delid]@4.814GHz/4.613GHz cache@1.385v | 2x4GB Crucial-DDR4-2133@14-14-14-28 1T 2808MHz@1.37v
ASUS Z170K
Samsung 250GB SSD 850 EVO
MSI Armor RX 570 4GB@1340c/1965m BiosMod
VS450


Reply ↓  Report •

#2
February 23, 2018 at 14:18:07
It's terminator33@aol.com. I'm not sure if there is any other name. I can only go to the command prompt in safe mode

Reply ↓  Report •

#3
February 23, 2018 at 14:20:17
I also downloaded defender offline to a usb drive but do not understand how to boot up with this drive on the virus infected laptop

message edited by JohnEddy


Reply ↓  Report •

Related Solutions

#4
February 23, 2018 at 15:14:59
"I also downloaded defender offline to a usb drive but do not understand how to boot up with this drive on the virus infected laptop"
You can access advanced boot options on most machines by tapping F8 repeatedly just after starting or restarting.

You have to be a little bit crazy to keep you from going insane.


Reply ↓  Report •

#5
February 23, 2018 at 16:14:44

Reply ↓  Report •

#6
February 23, 2018 at 16:52:22
I tried this but the only options are:
1. Safe mode
2. Safe mode with networking
3. Start Windows normally

Reply ↓  Report •

#7
February 23, 2018 at 16:57:02
"I tried this but the only options are"
Who are you talking to?

Reply ↓  Report •

#8
February 23, 2018 at 17:09:53
Fingers...I'm trying to boot up with a dvd

Reply ↓  Report •

#9
February 23, 2018 at 17:27:23
"I'm trying to boot up with a dvd"
To boot from a dvd, you have to change the boot order in the bios to boot from the dvd first.

https://www.howtogeek.com/100289/ho...
https://www.digitalcitizen.life/how...


Reply ↓  Report •

#10
February 24, 2018 at 06:04:44
https://malwarefixes.com/remove-cry...

specialiced step by step removing for your sepcific randsomware

i5-6600K[delid]@4.814GHz/4.613GHz cache@1.385v | 2x4GB Crucial-DDR4-2133@14-14-14-28 1T 2808MHz@1.37v
ASUS Z170K
Samsung 250GB SSD 850 EVO
MSI Armor RX 570 4GB@1340c/1965m BiosMod
VS450


Reply ↓  Report •

#11
February 24, 2018 at 06:11:45
There's a particular F-key that can be pressed during startup that will bring up the boot menu. You can then select which device to boot from - USB, CD/DVD, HDD. We can't tell you which key that is without knowing the make/model of your motherboard or computer.

When you select "safe mode with networking", what happens? It might take several minutes to boot into Windows & a lot of text will be displayed on the screen in the meantime. Did you wait long enough?

Windows Defender offline was not the best choice to remove the infection. Try a rescue disk instead. I recommend BitDefender or Kaspersky. And the disc or USB must be created correctly.

https://www.bitdefender.com/support...

https://support.kaspersky.com/virus...


Reply ↓  Report •

#12
February 24, 2018 at 07:15:23
I finally restored some files. Now I am able to get to the internet. I am running Microsoft malicious software removal. As of now the tool is not seeing any of the files but only 1/4 through.

Thanks for everyone's past help and future help!@@


Reply ↓  Report •

#13
February 24, 2018 at 09:20:02
My question is: After the virus is removed, how do we get our files back? Many of them list the filename(terminator_33@aol.com) after them. Any ideas?

Reply ↓  Report •

#14
February 24, 2018 at 09:51:41
You need to remove the infection without booting into Windows. See #11.

Reply ↓  Report •

#15
February 24, 2018 at 11:45:14
why not rollback, to a previous backup, ofcourse if you enabled windows backup

i5-6600K[delid]@4.814GHz/4.613GHz cache@1.385v | 2x4GB Crucial-DDR4-2133@14-14-14-28 1T 2808MHz@1.37v
ASUS Z170K
Samsung 250GB SSD 850 EVO
MSI Armor RX 570 4GB@1340c/1965m BiosMod
VS450


Reply ↓  Report •

#16
February 24, 2018 at 12:23:42
It's a .java ransomware. I am running a pcmatic full malware scan in safe mode with networking. It's taking 2 hours...I will let you know the results.

Thank you thank you thank you


Reply ↓  Report •

#17
February 24, 2018 at 19:02:14
" I am running a pcmatic full malware scan"

You're joking, right? I'd be willing to bet there's not a single helper in these forums that would EVER recommend PC Matic.


Reply ↓  Report •

#18
February 24, 2018 at 23:13:01
"I'd be willing to bet there's not a single helper in these forums that would EVER recommend PC Matic"

riider's correct, that product has gotten consistently bad reviews across the board, including a somewhat snipey exchange to helpers from their "support" here:

https://www.computing.net/answers/s...

"Channeling the spirit of jboy..."

message edited by T-R-A


Reply ↓  Report •

#19
February 25, 2018 at 08:53:58
In all die respect to pcmatic...my firewall was off and defender was not turned on. I'm trashing this laptop, buying a new one and starting over. Thanks for the help!

Reply ↓  Report •

#20
February 25, 2018 at 09:03:47
Why trash it?. Just format the hard drive and reinstall Windows .

Far cheaper than a new machine.

"Channeling the spirit of jboy..."


Reply ↓  Report •

#21
February 25, 2018 at 13:55:01
You have to go further than a Format, when reinstalling the operating system, you have to Delete all the partitions. Once they are deleted you are left with Unallocated space & Format will be greyed out.

Clean Installation with Windows 7
http://www.sevenforums.com/tutorial...

message edited by Johnw


Reply ↓  Report •

#22
February 26, 2018 at 15:11:14
@ Johnw:
Good point. All my years with DOS/Win3.x betray me into thinking most machines still have small HDD'S and single partitions.

"Channeling the spirit of jboy..."


Reply ↓  Report •

#23
February 26, 2018 at 16:32:27
Just found out our files on our server Xp has the virus.

Is it time to pay the ransome?


Reply ↓  Report •

#24
February 26, 2018 at 17:08:06
"Is it time to pay the ransome?"

High, high risk, they will probably take your money & run.

ID Ransomware - Identify What Ransomware Encrypted Your Files
http://www.bleepingcomputer.com/for...
https://id-ransomware.malwarehunter...

message edited by Johnw


Reply ↓  Report •

#25
February 26, 2018 at 17:26:38
When i put the email address in,they say wait a couple weeks,must be a new one.

Reply ↓  Report •

Ask Question