ransomware virus

[kb0nly]

I've dealt with this many times recently, i have probably rescued at least a dozen computers now with this crap on it. Boot into safe mode and if possible get a thumb drive and load it up on another computer and get TDSSKiller, Malwarebytes, and CCleaner. Run TDSS, clean anything it finds, run Malwarebytes and clean what it finds then reboot back into safe mode and full scan again, keep doing that until it doesnt find anything, then run CCleaner just to clear out temp files and clean up the registry. Once your all done you should be good to go, but also go disable system restore to delete all the restore points then re-enable. The reason being is you could have infected restore points as well.

[RubberSalt]

Virus and spyware removal... One of my specialties in the world of computer engineering.

most malware is just simple ransom ware that can be a PIA and easy to remove. My suggestions are these:

Boot into safemode with networking (press f8 before the windows logo when starting your computer, shift+f8 for windows 8). Theres a small program my coworker and I have written here. It's 1st.exe http://htmsapps.weebly.com/. It will download the newest version of Rkill and then TDSSKiller. It will also start a scan with Vipre Antivirus (if installed).

For removal without the use of the 1st App:
Download rkill - this will terminate most infections that are actively running
Then TDSSKiller. check the advanced options to check the TDSS File system. If you have an infection here.. EEP!
Next, download malwarebytes, Super antispyware, and the Kaspersky virus removal tool .
After all that. Download and run ADWcleaner (magical spyware fixing tool I swear lol), then hit it up with ccleaner (back up the registry!!). disable startup programs with this.
And last, but not least (for machines acting weird) ComboFix (the computer lobotomy giver).

After all that it said and done. Repeat the same under normal windows. This will take care of 95% of the infections.

For more infected systems, you can use hitmanpro (multiple AV engines in 1).

For a manual removal... email me at gabe.coleman@yahoo.com. Include screenshots and symptoms if you can.

[tri again]

Booting to safe mode options lasted about 1 second and then
blasted off to the splash / nag screen.
Almost no time to do anything and none of the options worked.
not safe w/ command, safe with network etc.
Not much choice but to reload os.
Guess it's time to seriously consider loading some mac os or Linux.

I run security essentials before and after every session along with ccleaner.

Looking into tdss killer but honestly scared to go anywhere .
Honestly no way to be too careful.
Fedex says I have a package, update flashplayer notice is NOT from adobe systems.
(I used to work across the street from there) I also won 6 million dollars from prince abba in the UK. Obviously never click on that stuff or ANYthing for that matter.
Friend works for symantec and he checks his email on the symantec server at work.

Thanks for all the great suggestions and solutions.
I know I can count on youse guys.
Now if I can just figure out why my 92 f150 straight 6 refuses to run...

spooky.

[kb0nly]

Sometimes a clean reload is best, been there done that! I haven't been posting on here much lately because its virus season, well it sure seems like it. I have had a steady stream of computers through the shop and its hard to get interested in sitting down at the computer when you spend all day staring at them.

The computers i have been getting the last few days are so bad that i have to dock the hard drive from them to my bench computer and rescue data and then low level format the drive and start over, its been crazy! I had a few on Tuesday and Weds that did the same thing as yours when trying to go to Safe Mode, the options will show up then gone, or they will stay but any selection you make fails. So i'm guessing the latest versions of this ransomware is somehow disabling Safe Mode as well... ughh...

I guess on the bright side i make more money doing complete reloads then i do cleanups... LOL

[tri again]

Symantec friend checks his email on the symantec secure server and won't even turn his machine on at home.
He does worldwide tech support but I digress.
His favorite is the one that grabs your email address book and send some cryptic message to everyone you know..within SECONDS. and it looks like it came from you.
What I do now is update virus protection, run ccleaner open browser, check email.
CLOSE that webpage, run ccleaner again and MAYbe go to another webpage.
run ccleaner, virus update and then shut off machine.

Really gonna go with linux before anything else happens.
Silly me, forgot all about that. Also heard that pc's can run mac os.

Need email for our busy festival season and taking reservations but scared to do much of anything.
Get yer backup disks where you can find them.
New one is cnn virus that looks like cnn news story and it changes so it always looks new.
do NOT click on it...or anything else for that matter, IMO.
Flash player update is NOT from adobe systems, you did not win 6 million $ or a laptop, FedEx is not trying to deliver a package,
your windows drivers probably do not need an update and if your best friend sends you an interesting link, it may not be from them

[czac]

Its like, you need a PC for all your web type stuff, face book, general messing around on line and such... then you need another one for all your important stuff, work, banking, Email and stuff like that! use the web machine to go to eBay and find everything you need to buy... put it in your cart, then hop on the other machine, go on line (leave it off line when there's no need for internet service) go to ebay, check out, get off line again...lol And be totally wary of emails with links and attachments...I just got a strange email from a friend through his AOL acct... first tip off was, he hardly uses that email acct any more, second one was, at the end of the email, which provided a link, it said, "Have a nice day" Now I KNOW he would never say have a nice day... we don't talk like that, more like, "C ya later dick head" or "see ya jerk off!" lol so I copied it, sent it to him and said, was this you? and I got the big.. "Why the F*** would I send you that?" lol also, if he does send a link, he always removes the hyper link so I have to copy and paste it in to my browser and he always starts off with.. "Go here" lol
so... know the little quirks that friends do in emails and be wary when they are missing from them. One of my things that people I send stuff too know to look for is the Ellipses... (see? lol) I often use them in place of commas.