Need To Restore Because Of Ransomware

Hello all,

Can someone help me with getting a clean reinstall for my Dell Latitude E6410?

I have an infected computer with a ransomware, I have all my files that are able to be backed up on a flash drive that is not infected and do not have the re install discs from the factory. I purchased this laptop from one of those electronic sales that is in the county fair buildings. It has been a great laptop until my dumb dumb self opened the ransomware by thinking that someone was going to run my credit card from school or my textbook store.

I can tell you that it had 7 pro on it when I got it. Then I upgraded to 10. If I have to go back with 7 pro then that is fine. I have a 64-bit system if that helps any. The CPU is an Intel(R) Core(TM) i5: M 540 @ 2.53 GHz 2.53 GHz. The installed memory: 4.00 GB (3.80 GB usable). And there are no pen or touch available for this display.

 

How do you log in to Windows? Do you use an e-mail, or a local account?

You can try burning a Kaspersky rescue disk to a CD before going for the reinstall.

https://support.kaspersky.com/4162

It boots it's own operating system, and can remove malware without booting Windows.

 

As the mekanic asked, do you sign in locally or with a Microsoft account? If with a Microsoft account, you can use the Windows 10 Media Creation Tool to download a Windows 10 ISO to burn to DVD or create an installation USB flash drive.

If you sign in with a Microsoft account, you already have a digital key associated with the previous installation of Windows 10 and it should automatically activate Windows 10.

If you sign in with a local account, you can still use the Media Creation Tool to get the ISO or USB but, you'd need to purchase a Product Key.

The Latitude 6410 wasn't tested with Windows 10 (I have a Latitude E6400) so there won't be any Windows 10 Device drivers but the Windows 7 Device drivers from the Dell Support site should work.

If it is, indeed, Ransomware (where your files are encrypted and a ransom is demanded for the decryption key) Kaspersky may not solve the issue. Kaspersky DOES have decryptors but, it depends on the type of ransomware you have.

 

Sorry for taking so long in getting back with you on your post, going to college and working took me away for the day.

I sign in under my email, but my laptop originally had 7 pro on it when I bought it. And it was a refurbished laptop at the time. I upgraded when Windows did the first initial run with 10 and because my computer had pro, I guess they decided to let me have the pro version of 10. At least my system says it is 10 pro.

As for the fact that I messed up and downloaded a ransomware, it has taken over my entire computer. It is called Cerber Ransomware, I think, and with out it infecting the new OS, I need to figure out how to do a clean install for my laptop. I do not have the money to pay this person(s) for my files back, so my downloading the 5 malware downloads that is through here, I was able to get back 90% of my main files I am concerned about. The rest of the stuff that is still trapped can be deleted, and I can get them again. But if I save anything else, it gets captured.

So, if either of you can help me figure this out, I would be so very grateful.

Is there anything else I need to let you know? The ransomware was through my email, does that mean that all my emails will get attacked too?

 

If you sign in with an email, your license key is stored under your account. You will not have to install W7, and upgrade to 10. By the five malware downloads, I gather you ran "Read & Run Me First"?

Since you managed to get all the data you need, the best course is to scorch the drive first. This means not only deleting the OS partition, but the MBR (Master Boot Record) as well. A rootkit could be hiding in the MBR.

You can use a program like ActiveKillDisk, or Darik's Boot & Nuke.

You will also need a copy of Windows 10 from Microsoft by visiting this site:

https://www.microsoft.com/en-us/software-download/windows10

I would advise downloading and creating the Windows DVD or bootable flash drive on another machine.

 

I agree with the mekanic. You do need to wipe/nuke the Latitude 6410's internal hard drive first to make sure you're completely rid of any malware that's on it. You can use HDD Low Level Format Tool to do so also but, you'd need to pull the drive from the Latitude and connect it to another computer that the Format Tool is installed on to do so. You'd, then, need to re-initialize the drive as MBR (not GPT) with that same computer and, finally, put the drive back in the Latitude and proceed from there.

I prefer the Low Level Format Tool to Darik's Boot and Nuke because it accomplishes the task much more quickly than DBAN (it took DBAN over 19 hours to wipe an 80 GB hard drive with a single pass).

 

I'm now hesitant about my suggestion of HDD Low level Format Tool. Connecting your Latitude's drive to another computer could well infect that other computer.

If you decide to use the mekanic's suggestion of Active@Kill Disk or Darik's Boot and Nuke, here are download links for both (the mekanic didn't supply them).

Active@Kill Disk:

http://www.majorgeeks.com/files/details/active_killdisk.html

Darik's Boot and Nuke:

http://www.majorgeeks.com/files/details/dariks_boot_and_nuke.html

I believe the Active@KillDisk Setup will create a bootable ISO you'd burn to CD and according to the Major Geeks' description, DBAN does the same.

 

There is a Cerber Decryptor available:

http://www.majorgeeks.com/news/story/cerber_ransomware_decryptor_available.html

 

Speedy! You beat me to it.
CaMidltn, firstly you need to decide whether you want to re-install Windows 7 or 10.
And btw, how did you get 90% of your files back?

 

Read and Run Me First? Post #4

 

I didn't know the Read and Run Me First included ransomeware decrypting instructions.

 

Ok, have a few questions.....1) Do I need to re-install the Bios? 2) How big (GB) of a flash drive should I use to put the 10 on? 3) Not saying that I understand everything that you have been very helpful with, but what does the MBR do? 4) Which would be the best to use to wipe the hard drive?

 

Because I did not receive the discs when I bought the computer. I was not going to pay 129.99 for a set of restore discs from dell. Besides I am a student and because so, I have no money.....but have several flash drives.....lol College professors want flash drives not discs. So I have several.

So which would be the best to use to wipe the hard drive with? And do I need to reinstall the Bios? What does the MBR do?

 

It's ok. When I went to Windows to download 10 it said something about a 7 sp1 update needed before 10 can be downloaded. I thought that I had the update but everything I have is not what is listed. Maybe I am looking in the wrong place. It states that there are updates, but there is only letters/numbers (KB2565063) and says that it is Microsoft visual C++ x64 10.0.40219

Is that an update? I really have no clue as what I am doing. Had to watch several youtube videos to make sure that I understood how to replace my screen. My nephews caused me to shatter the inside screen. Made me so mad....I was so livid. But I have a new one, and the funny thing is, I think the old one was getting ready to go out anyway. It would do this crazy dimming and brightening thing that drove me nuts. Guess it was tired like me....lol

Anyway, I am hoping that I can clear the hard drive and reinstall all the necessary things without blowing something up...No I'm not that bad, but close.

Have a great night, I have 10 and what I think is one of the updates for W7. It says it fixes Windows issues, so I figured it was an update. They are on a 32GB Flash drive.

 

1. No.
2. 8 GB.
3. Master Boot Record - don't worry about 'what it does'.
4. Darik's Boot and Nuke - posts #5 & 7.
http://www.majorgeeks.com/files/details/dariks_boot_and_nuke.html

 

Not so. You can use the Windows 10 Media Creation Tool to download an ISO OR create an installation USB flash drive (8 GB like Eldon said). The flash drive would need to be inserted in a USB port when you've selected Create media for another computer (do not select update/upgrade this computer now).

All data on the flash drive will be erased before the installation media is created so, it's best to use an empty flash drive for this.

DBAN will need to be burned to a CD.

Be careful with DBAN. Make sure to select the internal hard drive as the one to erase. You will only need one pass because you're re-installing Windows. You would need to run more passes if you were getting rid of the hard drive or the computer.

 

Ok, has been a really long time since I have burned a CD. Do I need to download the program then burn to the CD? Or what?

I am not that technosavy.

 

Yes.

 

First you download the program, then you can burn data to a CD in any version of Windows 7 onwards without a separate burner program. Just google 'how to burn a cd in Windows...[enter version number']. But if you need to make the CD bootable, then best to use one of the freeware programs on MG.

 

Ok, think I have it now. Been so long, have been using too many flash drives.....lol.

I really appreciate everyones help.

K it is burning now. Crossing my fingers that this takes care of what needs to be done with the hard drive

 

ok, downloaded the DBAN onto a CD, but now it will not let me take it off. Tells me that I am unable to mount hard drives.

What did I do wrong?

 

Keep this in mind.

 

You need to restart your PC with the CD loaded.

 

Have done that. Nothing happens. Goes through normal start up.

Even went to f12 to start boot from cd/dvd, tells me it failed.

Should I retry the download again?

 

If you burned and not copied the DBAN ISO file to CD, it should be bootable. To change boot order on a Dell, press F2 at the POST screen to enter Setup and go to Boot Order on the left. Move USB to number 1 and CD/DVD to number 2 then save and exit.

You'll need USB to be number 1 when you go to re-install Windows 10 from the USB flash drive you created.

 

I have no idea what this means.
How did you burn the downloaded file to CD?

 

Use ImgBurn to create the DBAN bootable CD:

http://www.majorgeeks.com/files/details/imgburn.html

Just select the file, and burn the disc.

 

Well, found out that I was using a DVD-R not a DVD-RW. So now I have to wait

Not sure how else to get this to you. Because I saved it to my desktop and it would not pick it up as being there when I tried to upload a file.

As far as what I did to get the program onto the dvd, I downloaded the file, then went to where my download files are, clicked cut where the program was, then clicked onto the dvd, right clicked and clicked burn cd. But now it will not let me run it to delete my hard drive. I messed up somewhere, because it says it is an ISO image file. But it was one of the links that was shared by

 

The DBAN file was shared by Mdonah, Mekanic, and you Eldon.

My burning was done through windows 10. But I must of done something wrong, because it says it is an ISO Image, on the cd

 

You don't need a DVD-RW. A regular CD-R is all you need.

This is not the way to burn an ISO file to disc. You created a data disc.
You need to right-click the file and then Burn disc image.

 

You never should have selected "cut". You still have the ISO file you downloaded. Place a CD in the drive, right click the ISO and select burn.

I, personally, don't use Windows' built-in burning feature. I can't verify the burn so, I use a third party burning software that will verify the burn afterward. Imgburn as the Mekanic suggested in Post #29 is one such software. But, I use Ashampoo Burning Studio 6 free.

 

Drive not mountable? Is that the issue where the program must be run at boot time? Sounds like OP is trying to run the program in Windows.

 

He might be because he copied/pasted instead of burned DBAN to a DVD-R and it shows as an ISO file on the DVD. If he had burned the ISO to CD, it would have booted.

 

She. Look at the avatar... click on it.

 

Oops. Sorry about that. I don't usually click on the person's avatar to find out their gender and thought nothing about the avatar even though it's the symbol for female.

 

LOL...Mdonah that is ok. I just have not found the right picture I want to use yet.

OK, I went out and got new dvd-r disks, so how am I supposed to do this again. In the process of downloading the Ashampoo Burn Studio 6 now. Well the free version..lol

 

Holy. Crap.

ImgBurn is free. You don't need a DVD. Just a CD.

Burning a file to a disc as data, and burning a bootable image (.iso) to a disc are two different aminals. Yes, aminals. HA, HA.

Seriously, a DVD is a waste of space for this application.

 

Then how do I do this? I did mention that I was not techno-savvy.

 

I have a bootable disk and it is to the point of disks and partitions with an arrow pointing to empty brackets then it says ata disk western digital wdc wd1600bevt-7 1a11 149gib (160 GB) wd-wxc c997088

at the bottom of the screen p=prng m=method v=verify r=rounds, j=up k=down space=select, f10=start

from here I need directions. What do I do next

 

1. Load the CD or DVD.
2. Restart your PC.
3. As soon as something appears on the screen press F12.
4. Use the arrow keys up or down and select the CD/DVD drive.
5. Press enter.

 

She's burned DBAN to a DVD and the computer booted to it. The screen she's describing are the choices she has in DBAN.

CaMidltn,

Select the WDC drive, leave Method at it's default, select 1 (one) Round and select Start.

I don't know how long it will take to wipe the drive. Of course, the larger the drive, the longer it will take.

 

Thanks. Have never used DBAN.

 

This is where I am at. What do I do from here?

I have to work today, so I won't be able to answer until after 7 pm CsT

It will have to wait until I get home from work.

When do I put my jump drive on with the new Windows 10?

 

That's the drive you want to select. After selecting it, select Start. It will use 3 passes to wipe the drive. While it's doing so, you can remove the DVD with DBAN on it because DBAN is completely running from memory.

You'll have to wait until DBAN completes before you can insert your jump drive with Windows 10 and restart your computer to boot from the jump drive and re-install Windows.

 

I have but, earlier versions than 2.3.0. In version 2.3.0, you can't select single pass (because you're re-installing Windows). It's a 3 pass minimum. However, version 2.3.0 DOES detect USB connected drives whereas earlier versions didn't.

 

Ok, it is on round 1 at 7% and climbing. 1st pass of 3

 

ok, my file was completed. the drive was successfully wiped and it passed. told me to use any key to continue. I did and now it has a screen that says Blancco Offers More For Business And Beyond! I have tried hitting ESC, tried hitting the Enter key, and the Space bar. It is still there. What do I do now?

 

Blancco acquired the rights to DBAN.
https://support.blancco.com/index.p...i-see-is-a-blancco-report-how-can-i-remove-it