Jump to content

Computer Locked


longgone
 Share

Recommended Posts

Yesterday,,, my desktop got invaded by a worm/virus/???.... Not sure if it was in an email or a program update at this moment. What I can say is, it made its appearance when I turned my computer on for the second time yesterday. It goes through POST just fine, boots all the way up to the log in window, I log in just like normal and then this warning image makes its appearance and tells me my computer is locked out. It has the banner headline that it is from the Dept of Homeland Security cyber crimes center and that i have done one or more of the listed cyber crimes... viewed/distributed porn/child porn, participated in credit card forgery, participated in credit card fraud, etc, etc, and for the fee of 300 USD I can get my computer unlocked. Needless to say, NOT going to happen. The question is,,, since I can't get past that warning image, how do I fix this problem short of a new install of Windows 8.

Link to comment
Share on other sites

Do you have a optical drive? There are many utilities out there that will boot an OS off a CD/DVD and run an AV program off of the disk.

Or you could boot off of a Linux Live-CD and go to antivirus.com and run the online version.

Link to comment
Share on other sites

Yesterday,,, my desktop got invaded by a worm/virus/???.... Not sure if it was in an email or a program update at this moment. What I can say is, it made its appearance when I turned my computer on for the second time yesterday. It goes through POST just fine, boots all the way up to the log in window, I log in just like normal and then this warning image makes its appearance and tells me my computer is locked out. It has the banner headline that it is from the Dept of Homeland Security cyber crimes center and that i have done one or more of the listed cyber crimes... viewed/distributed porn/child porn, participated in credit card forgery, participated in credit card fraud, etc, etc, and for the fee of 300 USD I can get my computer unlocked. Needless to say, NOT going to happen. The question is,,, since I can't get past that warning image, how do I fix this problem short of a new install of Windows 8.

This sounds like a spinoff of the notorious FBI malware. Download the Kasperski Rescue CD and burn it. Boot it in the infected machine. Don't bother running the full scan. Enter the terminal and type "windowsunlocker". That should fix the problem.
  • Like 1
Link to comment
Share on other sites

V.T. Eric Layton

Start in Safe Mode and scan with Malwarebytes. It will find and quarantine the ransomware that has infected your system.

 

Lew's suggestion will work fine too.

Link to comment
Share on other sites

Hummm,,,,, For reason/reasons I do not understand my desktop will not boot the rescue disk from lewmurs link. I have burned two different disks and can't get either one to boot up. I have gone into the BIOS and changed the first boot device to CDROM as well as second and third device also. So something is run amuck here, not sure what.

 

@ Eric explain how I can do what you have suggested, in case I cannot get this laptop to burn a disk.

Link to comment
Share on other sites

V.T. Eric Layton

Use Linux, go to Malwarebytes website and download the app to a flash drive or a common partition on your hard drive. Boot to Windows SAFE mode w/ networking --> https://www.microsof...e.mspx?mfr=true

 

Easy-peasy!

 

This is my main method for removing these nasties from my clients' computers. It's getting more and more common, too. I've had to fix 5 or 6 different systems with this issue in the past month or so.

Link to comment
Share on other sites

Hello,

 

Ransomware. A fairly common tactic nowadays.

 

Your anti-malware vendor's technical support department should be able to walk you through removing it.

 

Regards,

 

Aryeh Goretsky

 

Link to comment
Share on other sites

Yes, the HitmanPro Kickstarter flashdrive is an excellent way to handle this if you have a clean Windows machine around to make the flashdrive. I have just made one to keep around in case one of my "clients" gets a malware infection.

Link to comment
Share on other sites

Guest LilBambi

Sorry, I've been out much of today. Please follow the instructions here: Homeland Security Ransomware Removal Guide.

 

Pretty much the definitive one there! :thumbsup:

 

Hello,

 

Ransomware. A fairly common tactic nowadays.

 

Your anti-malware vendor's technical support department should be able to walk you through removing it.

 

Regards,

 

Aryeh Goretsky

 

May or may not be able to do so; some of these really need a separate boot not in the OS to be removed.

Link to comment
Share on other sites

I shall give these a go and see what I come up with....

 

Somewhat off this problem,,, this warning window tells me I have 48 hours to send said funds. I am somewhat curious on this. What would happen if the 48 hours expired and the funds are not sent?

Edited by longgone
Link to comment
Share on other sites

Guest LilBambi

From the link Corrine posted;

 

The screen then demands a fee of $300 in order to avoid criminal prosecution. To pay this fee you must send in a MoneyPak voucher within 48 hours to gain access to your computer again. It is important to remember that this is a computer infection and that this is a ransom and not a fine by a legitimate government agency.

 

The screen you get says the following:

 

You have 48 hours to pay the fine. |If the fine has not been paid, you will become the subject of criminal prosecution without the right to pay the fine. The Department for the Fight against Cyberactivity will confiscate your computer and take you to court.

 

So since it's not a real government agency and just scareware and they have already supposedly locked your computer, I would say they are not apt to do anything further except maybe get your computer more infected if you leave it on the Internet.

 

Speaking of which, did you remove the Internet cable? or turn off the wireless if it's a wireless computer to keep them from doing any further bad stuff?

Link to comment
Share on other sites

Have you followed the instructions for removal that I provided (Homeland Security Ransomware Removal Guide)? If so and you'd like further assistance to see if additional cleanup is needed, I'd be happy to review logs.

 

1. Download DDS.scr by sUBs from here and save it to your desktop.

  • Disable any script blocker and then & Attach.txt
  • The logs will automatically be saved to your desktop.
  • Copy/paste the contents of both logs & post in your next reply

 

2. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to comment
Share on other sites

Hello,

 

They should walk you through the downloading and/or creation of media to do that.

 

Regards,

 

Aryeh Goretsky

 

May or may not be able to do so; some of these really need a separate boot not in the OS to be removed.

Link to comment
Share on other sites

What's odd is how pervasive this and the similar Windows Security Center scam (been hit 3X) are and how none of the normal AV products seem able to prevent an infestation.

Link to comment
Share on other sites

Gus, if you have been hit multiple times with the same rogue, it sounds as though your computer has either not been completely cleaned or you have a vulnerable third-party software that is causing the problem. (If you would like logs checked, I'd be happy to do so in a separate topic.) A/V products differ in real-time protection as well as detection methods. Personally, whether using ESET Smart Security or MSE, I depend on Malwarebytes PRO. There have been times when researching a log that ESET has blocked a URL and other times when MBAM has done the blocking.

  • Like 1
Link to comment
Share on other sites

Ransomware. A fairly common tactic nowadays.

 

 

With all the talk about how easily machines are hijacked and how common this is, are there any security apps that can actually prevent this from happening? WinPatrol? MBAM? Does common sense prevent it by not clicking a link, or what is it that actually initiates the successful invasion? Blocking scripts wherever possible?

Link to comment
Share on other sites

Quick update,,,, the d/l link is finally good to go... I have (I hope) d/l'd the proper program and sent it (once again, I hope), to the USB/flash drive. Next step, the process of fixing the desktop. One thing I should mention here,,, I should thoroughly read before I get. For some reason, when I went to get a USB/flash drive for this adventure, even though it said it should be at least 32MB, I blanked and got one for 64GB. Think I have sufficient space to do this?

Link to comment
Share on other sites

Guest LilBambi

Good deal Dale! Good luck! Corrine is great at this, and has friends in the antimalware community that she will ask for a second set of eyes. Please, take her up on it to make sure you get it completely removed.

Link to comment
Share on other sites

With all the talk about how easily machines are hijacked and how common this is, are there any security apps that can actually prevent this from happening? WinPatrol? MBAM? Does common sense prevent it by not clicking a link, or what is it that actually initiates the successful invasion? Blocking scripts wherever possible?

I got one of these last year and I think it was from visiting a weather site in Poland during the European Cup. Certainly I don't download pirate software or porn.

McAfee didn't prevent it and it took a rootkit killer (TDSSKiller) to get rid of it. This particular one knew about TDSSKiller and wouldn't let it run so I had to rename it and run from a flashdrive. That is when I learned about "Bleeping Computer" and Corrine's advice. I switched my security to BitDefender, which I had used on another PC previously and so far I have been rootkit free.

I don't know if any one security program will prevent it, but Malware Bytes is something I always keep handy.

  • Like 1
Link to comment
Share on other sites

In reality, the malware guys want to stop the AV/malware remover programs from working, so they do things to prevent the programs from working. It could be simple as killing the task to corrupting the executable.

 

This is one of the Whack a Mole things we have to deal with. A piece of malware is programmed to defeat tool x, so tool y is created to stop all known threats, and many move to the new tool. Until, of course new malware pops up out there killing tool y.

 

Adam

  • Like 1
Link to comment
Share on other sites

Well,,,, here is the update/fine...... For the life of me I could not get into safe mode, all F8 accomplished was to put me into a black screen with a blinking cursor, for a lonnnnggggg time. So, as I last resort, I put the Win 8 CD in and booted from it and selected the "refresh my PC" mode. Since I am posting from the PC that was infected it must have worked. It did however, more or less set everything back to "default settings", but now I have a nice little folder on the destop; that has everything that was removed in it. I forsee several hours of doing re-installs, etc, etc, etc.

Link to comment
Share on other sites

Guest LilBambi

At least the malware hopefully is gone. Hope it rewrote the boot sector.

 

I still don't think I get how destroying a PC gets them what they want...unless destruction is what they were after. Or to prove that trying to remove it without going about it in a known to work method leaves something on the system that is like a time bomb set to destroy if it is removed?

 

 

Is this the windows OLD folder? Or your old data folder? or What?

Link to comment
Share on other sites

It appears on the desktop as "removed apps", I still have to open it up and see what all is contained in it. But, at the moment, I would have to go on the assumption that this is clean. I still need to go to the windows update site and get all the updates, but I have loaded in the security software that I use and it seems to be functioning just fine. I am still curious as to what, if anything would happen to the computer if I just ignored that "malware". I have surmised that I would have to leave the computer on for the full 48 hours to see what, if anything would happen. Every time I shut it down it just resets the time counter. I have heard (on the media news feeds) that there have been some virus/worms/malware that can do physical damage to the hard drive, don't know if this was one or not. End result is I am back on the desktop, with a considerable amount of work ahead getting it to where I want it.

Link to comment
Share on other sites

V.T. Eric Layton

Sorry about that, Dale. When I gave the advice about booting into Safe Mode, I thought you were running Win XP. It's different in Win 8, of course.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...