Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    5 Star Lounger
    Join Date
    May 2003
    Location
    Sterling Heights, Michigan, USA
    Posts
    633
    Thanks
    0
    Thanked 1 Time in 1 Post

    How to Deal with this Ransomware?

    Friend of mine got a popup notice, allegedly from Microsoft, that her Win10 desktop had been infected and she needed to call an 800 number for help. It was a scam, of course, and she hung up once the demand for money was made. But now the PC only gets as far as showing the blue "Windows" graphic on a black background, then a non-Windows box comes up asking for a password. She didn't have a password before this, and Supervisor and User password are both disabled in BIOS. F8 will not let me bring up the traditional menu of startup options, like Safe Mode. Anyone got a suggestion for what I can do?

  2. #2
    WS Lounge VIP Calimanco's Avatar
    Join Date
    Dec 2009
    Location
    UK
    Posts
    718
    Thanks
    1
    Thanked 144 Times in 130 Posts
    Has she got a recovery disk?

  3. #3
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,727
    Thanks
    95
    Thanked 127 Times in 124 Posts
    JJdetroit, while we cannot provide password eliminators in this forum, I do have a [not the] solution:
    With the proof of purchase receipt for the computer, along with proof of purchase for the current Windows installation if it is not the factory-installed Windows, any business-oriented computer fixit store or department will have software tools to "bypass" almost any password process.

    Because the final solution may be a drastic reinstall solution, ensure the end-user has made restorable full images of the Data partition, or, at the least, has copied data folders and file onto -- any trusted available external media.
    Last edited by RolandJS; 2016-09-24 at 11:47.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  4. #4
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,172
    Thanks
    47
    Thanked 981 Times in 911 Posts
    I would take an external disk and backup boot media over.
    Boot from the media and backup the entire disk.
    Now you need a Windows DVD to boot from. Re-install Windows.

    cheers, Paul

  5. #5
    5 Star Lounger
    Join Date
    May 2003
    Location
    Sterling Heights, Michigan, USA
    Posts
    633
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by RolandJS View Post
    JJdetroit, while we cannot provide password eliminators in this forum, I do have a [not the] solution:
    With the proof of purchase receipt for the computer, along with proof of purchase for the current Windows installation if it is not the factory-installed Windows, any business-oriented computer fixit store or department will have software tools to "bypass" almost any password process.

    Because the final solution may be a drastic reinstall solution, ensure the end-user has made restorable full images of the Data partition, or, at the least, has copied data folders and file onto -- any trusted available external media.
    I don't need a password eliminator. If the problem was an Administrator or User account password, I'd use Hiren's Boot Disk to clear it. What I want to see is if I can boot into Safe Mode and kill the ransomware that is displaying this password message. F8 isn't working, and even with the CD/DVD drive set as the first boot disk, the Hiren's disk won't boot.

  6. #6
    5 Star Lounger
    Join Date
    May 2003
    Location
    Sterling Heights, Michigan, USA
    Posts
    633
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Calimanco View Post
    Has she got a recovery disk?
    I've asked her to look for that.

  7. #7
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    Paducah, Kentucky
    Posts
    420
    Thanks
    37
    Thanked 67 Times in 64 Posts
    You should be able to boot from a CD without much trouble (Windows 10). If you force a shutdown by holding down the On/OFF switch, then reboot and do it again (three times), the next time the computer boots it should allow you to elect to change how it boots. Choose a bootable rescue media (download an ISO and burn it) and use it to attempt to clean the computer.
    I suggest (since you aren't a business) that you might try a free download called "Dr. Web Live". I know a lady who had a problem like you describe and she said she used a CD last week to regain control of her computer. I'd suggest that you or your friend boot from such a CD (or USB flash drive) to run a scan for malware.
    There are other free boot options you might also try (or just being able to do a "safe boot" might give you the access your need to clean things up).

    Hope that helps.
    Last edited by RockE; 2016-09-24 at 23:51. Reason: wrong URL - I revised it
    Clone or Image often! Backup, backup, backup, backup...
    - - - - -
    Home Built System: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB DDR3 RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek High Definition Audio

  8. #8
    5 Star Lounger
    Join Date
    May 2003
    Location
    Sterling Heights, Michigan, USA
    Posts
    633
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by RockE View Post
    You should be able to boot from a CD without much trouble (Windows 10). If you force a shutdown by holding down the On/OFF switch, then reboot and do it again (three times), the next time the computer boots it should allow you to elect to change how it boots. Choose a bootable rescue media (download an ISO and burn it) and use it to attempt to clean the computer.
    I suggest (since you aren't a business) that you might try a free download called "Dr. Web Live". I know a lady who had a problem like you describe and she said she used a CD last week to regain control of her computer. I'd suggest that you or your friend boot from such a CD (or USB flash drive) to run a scan for malware.
    There are other free boot options you might also try (or just being able to do a "safe boot" might give you the access your need to clean things up).

    Hope that helps.
    Unfortunately the CD/DVD drive appears to be inoperatiive when I try to boot from it. I did get Dr. Web Live to run from a USB drive. It found two things that had attacked Hosts, WinLogon and UserInit, and claimed to have cured them, but the PC is still throwing up that password window. I'm going to pull the hard drive out of the PC and put it in a dock attached to my own PC, then try to clean it up.

  9. #9
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,727
    Thanks
    95
    Thanked 127 Times in 124 Posts
    JJDetroit, I misread the opening, I thought ransomware put the password into play I'm glad you will be able to get rid of that ransomware trick.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  10. #10
    5 Star Lounger
    Join Date
    May 2003
    Location
    Sterling Heights, Michigan, USA
    Posts
    633
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by RolandJS View Post
    JJDetroit, I misread the opening, I thought ransomware put the password into play I'm glad you will be able to get rid of that ransomware trick.
    Nope, you read that right <grin>. Although scans with Malwarebytes and McAfee AV only turned up Conduit when I got the hard drive into a dock, I still think it's some type of ransomware doing this.

  11. #11
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts

  12. #12
    5 Star Lounger
    Join Date
    May 2003
    Location
    Sterling Heights, Michigan, USA
    Posts
    633
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by BruceR View Post
    Unfortunately that program, which I've used before, does not have an option for the SysKey password on this particular machine The SysKey password is definitely the problem, the illustration at the top of the article is exactly what I see.

  13. #13
    WS Lounge VIP Calimanco's Avatar
    Join Date
    Dec 2009
    Location
    UK
    Posts
    718
    Thanks
    1
    Thanked 144 Times in 130 Posts
    See here:-

    http://triplescomputers.com/blog/cas...ansom-lockout/

    Scroll down to Addendum A

  14. #14
    5 Star Lounger
    Join Date
    May 2003
    Location
    Sterling Heights, Michigan, USA
    Posts
    633
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Calimanco View Post
    See here:-

    http://triplescomputers.com/blog/cas...ansom-lockout/

    Scroll down to Addendum A
    Thanks, that got rid of the SysKey password. Unfortunately, once the first Windows screen shows up the PC immediately tries to initiate Automatic Repair, and then the following screen says "Choose your keyboard layout" and the PC halts. Guess I'll need to see if a Repair Install can be done of Win10.

  15. #15
    WS Lounge VIP Calimanco's Avatar
    Join Date
    Dec 2009
    Location
    UK
    Posts
    718
    Thanks
    1
    Thanked 144 Times in 130 Posts
    Use the Media Creation Tool to repair the OS. You will need to download the ISO on a second machine and create a DVD or USB media to run it from.

    https://www.microsoft.com/en-us/soft...load/windows10

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •