Ransomware - M$ call Phishing O.o

Discussion in 'Malware Help (A Specialist Will Reply)' started by ghostleeone, Oct 10, 2012.

  1. ghostleeone

    ghostleeone Private E-2

    So, a friend of mine recently got infected ransomware with a phising call scheme and was lockout from her xp(service pack 3) notebook via syskey logon. I tried accessing the safe mode but it was block by the ransomware with the syskey logon.

    I did attempt to use Kaspersky Rescue Disk and ran both a scan and windows unblocker. However, it didn't pick up anything nor wasn't able to bypass syskey. Moreover, I tried using Ophcrack and konboot just to make sure for shits and giggles and came up empty handed. Any ideas that could help?
     
    ghostleeone, Oct 10, 2012
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You used the most recent version ( which I believe is version 10 ) ?


    If you boot up the PC with Safe Mode with Command Prompt can you get to the command prompt?
    • If you can get this to come up with a command prompt:
      • then type explorer.exe in the command prompt and see if the Windows Start button now shows up with the Taskbar.
      • If it does, then click Start , Run and type msconfig into the Run box and click okay.
      • In MSconfig click on the Startup tab and then select click the Disable All button to disable all startups.
      • Then click Apply and OK.
      • Then allow the PC to reboot and see if you can boot in normal mode now.
      • If you can then try to run the below:
      READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Oct 12, 2012
    #2
  3. ghostleeone

    ghostleeone Private E-2

    I have version 10 with the latest database. Also, the ransomware blocks the safe mode with command prompt by sending straight to the syskey screen rather then the command prompt
     
    ghostleeone, Oct 12, 2012
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Then you will have to do one of the below:
    • Use another Windows PC ( and you need a Win XP boot CD ) to build a CD like below or similar that allows offline registry editing and use it to remove the startup entries of the malware.
    • Use a procedure like the below to restore an older system restore backup. Also requires a Windows XP boot CD ( or you could complete the same instructions as in the below using the above UBCD4Win disc in one step )
    • Find another way to do a System Restore
    • Reinstall
     
    chaslang, Oct 13, 2012
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds