Ransomware Help

Hi. My mom did a stupid thing (I've already made sure she won't do it again!) and, after clicking a link on Facebook, called a fake MicroSoft Tech Support number on a fake error message that came up. I don't know if it helps at all, but below are the notes she took during the call.

Install and configured SSL Security Firewall
Removal of Adware Energy Partition (?), clean up, tune up
Repair Security Drivers
Some bad encryptions
Network encryptions

When she called me and told me what happened I gave her a tongue lashing and told her to just turn off the computer. I'm now trying to fix it, but since I've never run into this specific type of malware, I'm not sure where to start. When I turned on the computer, it prompted me for a password, which I entered. I pressed Enter (also an option to press Restart) and it looped back to the password prompt. The next time I pressed Restart after entering the password and it ran through Preparing Automatic Repair and then Diagnosing PC and ended on a screen saying Your PC Did Not Start Correctly with option to Restart or Advanced Options. Choosing Restart just makes it go through the above process. I tried starting in safe mode but get the same result.

Can someone help me with where to begin? It's an HP running Windows 10. I don't think it came with any recovery discs.

 

Ok, sorry. Thank you for movie it to the appropriate place!

 

Since it's running Windows 10, you should be able to use the Windows 10 Media Creation Tool (Google for it) to create an ISO to burn to DVD or create a bootable USB Flash drive (8 GB) and try repairing the PC with that.

If the repair is unsuccessful, you may need to wipe the drive and do a clean install of Windows 10. You/we don't know what kind of damage that fake support site did or what it installed if it had remote access to your mom's computer.

 

Also, if it was Ransomware, it would have encrypted her files and there would have been a demand for payment for the decryption key.

 

Also, ransomware, depending on the type it is, can be super nasty, some ransomware will embed on the motherboard and no amount of reinstalling the OS will get rid of it.

 

At that point, I don't even think flashing the UEFI/BIOS will help.