Ransomware problems with System Restore and Safe Mode

Discussion in 'Malware Help (A Specialist Will Reply)' started by looking_for_help, Jan 23, 2013.

  1. looking_for_help

    looking_for_help Private E-2

    This is the first time I've posted, hopefully I'm doing this all correctly.

    My husband accessed a website that infected it with ransomware. He would get locked out of the computer and a message would appear saying that the Department of Justice required a fine of $300. He found that if he disconnected the internet, the message didn't appear. I tried running virus scans from my user, but before Super Antispyware finished running, I got locked out as well.

    I reviewed several other posts regarding FBI Moneypak viruses. I tried to use System Restore, but it won't work. I tried to start up with Safe Mode, but I get the Blue Screen with instructions to check for viruses and run CHKDSK /F. I wrote down the stop code; let me know if you need it.

    I followed the Malware Removal Guide and have kept the internet disconnected for most of the time. So far I haven't been locked out, but I still can't use System Restore or Safe Mode. Can you please help me find what might be still causing me trouble? The logs are attached.

    By the way, the Read This First instructions got me far enough that I'm successfully posting this from the infected computer. The OS is Windows XP.

    Thanks in advance!
     

    Attached Files:

    Last edited: Jan 23, 2013
    looking_for_help, Jan 23, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Your logs look clean. See if the below helps with your windows problems,


    Run the C:\MGtools\FixSBM.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).



    Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.


    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
    • Now select the Start Repairs tab.
    • The click the Start button.
    • Create a System Restore point if prompted.
    • On the next screen, click the Unselect All button to first deselect all repairs.
    • Now select the following repair options:
      • Reset Registry Permissions
      • Reset File Permissions
      • Register System Files
      • Repair WMI
      • Remove Policies Set By Infections
      • Repair Windows Updates
      • Set Windows Services To Default Startup
    • Now on the lower right side check the box to Restart/Shutdown System When Finished
    • Then make sure the Restart System radio button is enabled.
    • Shutdown any other programs that you are running now before continuing.
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • It should reboot automatically when finished.
    After rebooting, has anything changed?
     
    chaslang, Jan 24, 2013
    #2
  3. looking_for_help

    looking_for_help Private E-2

    Thanks! Sadly, that didn't resolve the problems. I don't see any new logs to send to you.

    FixSBM.bat just flashed a black command-prompt style screen and disappeared with no further activity.

    Windows Repair seemed to run OK, although I realized after the program started that I had to disable my Antivirus. It asked me for permission before it ran each segment and appeared to restart with no trouble.

    I still get a blue screen when I try to start in Safe Mode, and I still can't set System Restore to a setting from over a week ago (restore fails).

    Is it even wise for me to use System Restore once I get everything working?

    I want to quickly say that even though I've never posted before, this isn't the first time MajorGeeks has help me. Thanks again!
     
    looking_for_help, Jan 25, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Again, there was no malware showing in your logs. So there is really nothing for us to do here.

    What happens if you run your PC with the internet connected?
     
    chaslang, Jan 26, 2013
    #4
  5. looking_for_help

    looking_for_help Private E-2

    I've been cautiously running the computer connected to the internet, and it seems to be working fine. (i.e., basically same results as when disconnected.)

    It sounds like the best approach is to reset the computer to factory settings. I haven't done that in some years, anyway. <sigh>

    Thanks very much for all your help. I was relieved to find out that the virus wasn't still lurking in waiting.
     
    looking_for_help, Jan 26, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    Well if you cannot get system restore to work, this may be your only option to fully repair everything.
     
    chaslang, Jan 26, 2013
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds