I have Ransomware again

April 1, 2013 at 18:49:32
Specs: Windows Vista
A few months ago, I had a problem with a screen pop-up asking me for money to unblock my computer. One of you gave me a perfect solution and was able to get rid of it. I got another one tonight and tried to go through the same steps as last time (safe mode, folder options, hidden files etc) but it appears they've caught on to that trick and I can't sign onto my computer in any mode without the message popping up. I called Norton which is my anti-virus software and of course, they couldn't fix it but wanted me to pay $100 for premium support....I was not amused. Any help you could provide would be greatly appreciated.

See More: I have Ransomware again

Report •


#1
April 1, 2013 at 21:37:31
blfdguy1, Try this as it works on most ransomware and has a great record for removal. In fact i just ran it on 2 client PC's this morning and the unwanted rootkit was removed in a very short time.

Run these progs in EXACTLY the order listed using safe mode with networking and DO NOT reboot untill the last scan and removal has run.
1- rkill.exe
http://www.technibble.com/rkill-rep...
2-- tdss killer
http://www.bleepingcomputer.com/dow...
3- malwarebytes
http://www.filehippo.com/download_m...

Let me know the outcome, as there are other quick tools that can also be suggested...thanks

PS: By the way...what was your username you used when removing the problem last time?
Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#2
April 1, 2013 at 21:56:19
Ok lets see if you can get into the admin account or if it has been compromised. Get to the safe mode screen (I'm assuming u do use Vista) by tapping F8 on startup, bring up the black screen menu, select boot to command prompt. Hopefully it brings up the command prompt box. Where the cursor is in the box type this noting spaces

net user administrator /active:yes

if the command completes successfully the administrator account will now be visible for access, note there is a space after the word administrator. Reboot and tap F8 and this time try logging into "safe mode with networking", it should load and bring up your normal user account and the admin account, click on the admin account to login. If you are able to login here, then follow XpUser4real's suggestions above and see how that works out. Personally, I use a program called "combofix" to remove this follow by malwarebytes scan. If you get the same window popup you are in for a fun time.

http://www.bleepingcomputer.com/dow...


Report •

#3
April 1, 2013 at 22:03:48
If all goes ok and you want to rehide the admin account, when you are logged in go back to a command prompt. (type cmd in search box) and type

net user administrator /active:no

presto gone again!

Goodluck.


Report •

Related Solutions

#4
April 2, 2013 at 00:56:58
If none of the above work because you cannot log into anything which may well include the safe mode command prompt, then the next option is to use one of the Linux rescue disks available from some of the security companies. I personally use Kaspersky's ( https://support.kaspersky.com/4162 ) but there are ones from PCTools and F-Secure that supposedly do a similar job. If you have a valid Norton Key you can also use their own Rescue CD available from http://security.symantec.com/nbrt/o... - but you will need to enter your CDKey before it will work.

"I've always been mad, I know I've been mad, like the most of us..." Pink Floyd


Report •

#5
April 7, 2013 at 10:24:27
Looks like another poster has gone AWOL....

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#6
April 8, 2013 at 07:23:13
Sorry guys, Had to take it to the Geek squad on Friday....nothing was working and I don't have another computer at home....doing this from work. Thanks for all the advice!

Report •

#7
April 8, 2013 at 10:15:45
OWCH.....The Geek Squad! Good luck with that and be ready for a HUGE bill! And hopefully they backed up your PC before reformatting it (which they will probably do) as they don't take the time to remove viruses etc....

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#8
May 21, 2013 at 03:21:20
Try Norto Power Eraser - http://us.norton.com/support/DIY/
Here are some support video's to fix your problems:
http://www.youtube.com/watch?v=_dKB...
Advanced Ransomware Removal Using Command Prompt: http://youtu.be/jDP-ryogi6U
Advanced Ransomware Removal Using Windows Preboot Environment: http://youtu.be/w_7wUXzhRD8

Report •


Ask Question