Scareware program has computer in complete lockdown?

B

Baker

Solid State Member
Messages
19
Location
USA
Hey guys,

So my mother, who is not so computer savvy, decided to download a file from an unknown site, and unknowingly downloaded an "FBI" scareware program, which locked her computer from use.

I have removed this type of malware before, so I immediately turned her computer off, and loaded it up in safe mode so I could run MalwareBytes on it. Oddly enough, even on safe mode the scareware ran, and I was locked out. I again shut off the computer and attempted to repeat, only this time, I could no longer load safe mode.

Now, whenever I try to use safe mode, it freezes on the last file 'crcdisk.sys', and I am forced to forcefully shut it down again.

The computer then suggested I use Startup Repair, which did not work. It went on doing nothing for approximately one hour until I finally forced shutdown again.

I then attempted to use System Recovery to return it to 2/17/13. This program, too, was not functioning.

I do not want to restore the computer to factory settings, because she has a 35 page document that she has been working hard on.

Summary: Computer got FBI scareware; cannot use system recovery, or safe mode; I need to recover a file off of the hard drive.

What can I do to fix this? If the computer is not fixable, is there a way for me to get the important file from the hard drive using another device?

Thank you guys for reading this, and I hope somebody can help me out.
 
Baker,

You can use HitmanPro Kickstart to remove this infection and access your computer to scan it for malware. The program targets this particular ransomware.

You need to know if the infected computer is running a 32-bit or 64-bit ststem. See Note at the bottom of these instructions.

Download link for HitmanPro.Kickstart::
HitmanPro.Kickstart - Anti ransomware, politievirus, bundestrojaner, Reveton, BKA, GVU - SurfRight

You need to load a USB flash drive with HitmanPro Kickstart as follows...

Use a clean”(non-infected) computer, and download HitmanPro from the link above.

When HitmanPro opens, click the Kick icon at the bottom of the screen.

Plug the USB flash drive into the clean computer and follow the instructions from the first video on the website.

Next, plug in the USB drive just created into the infected machine.
Start the infected computer.

When the computer starts, press the key (on some machines its F10 or F2) that brings up the Boot Menu. From there, select to boot from the USB drive.
Info: http://www.selectrealsecurity.com/remove-ransomware
Save the changes, and press on.

Next, perform a system scan with HitmanPro Kickstart as seen in the second video.

After HitmanPro Kickstart is done, boot into Windows.

~~~~~~~~~~~
To remove the malicious files of the ransomware...

Download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:
rendu2.png


Select the version that applies to your system. (See Note)
Click the dark-blue button to download.
Save to the Desktop.

Close all windows and browsers.
Right-click and select: Run as Administrator

At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)
press: SCAN

When done, a report opens on the Desktop: RKreport.txt
Please provide the RKreport.txt (Mode: Scan) in your reply.


Note:
To find out if the system is 32 or 64 bit:
Click: Start
Type System in the Start Search box
Click System in the Programs list.

The operating system is displayed as follows:
For a 64-bit version operating system, under System > System type, it shows:
64-bit Operating System

For a 32-bit version operating system, under System > System type, it shows:
32-bit Operating System
 
Last edited:
MMike said:
If he has another computer with the same hdd port connectors he could slave his mothers hard drive in windows 7.
If the partition tables are alright I would just pull the files off and format it.
Click to expand...

Runs the risk of infecting the other Windows install, hence my suggestion of a Linux LiveCD to backup the data, as the LiveCD won't be affected by possible malware spread.
 
What I did was take the ethernet cable out to stop the internet connection and run malwarebytes and it eliminated it completely for me
 
y2adre said:
What I did was take the ethernet cable out to stop the internet connection and run malwarebytes and it eliminated it completely for me
Click to expand...

Good work, even though its gone be sure to scan the driver later for no traces of the infection.
If I were you might want to reconfigure windows and the security for your mother so she doesn't magically click something and have the same problem.
I had to do that to my mother late last summer after telling her numorous times about the internet, her deal was her hard drive got wiped by some malware in under 3 minutes. -_-

I hope everthing goes well with you.
 
MMike said:
Good work, even though its gone be sure to scan the driver later for no traces of the infection.
If I were you you would probably have to reconfigure windows and the security for your mother so she doesn't magically click something and have the same problem.
I had to do that to my mother late last summer after telling her numorous times about the internet, her deal was her hard drive got wiped by some malware in under 3 minutes. -_-

I hope everthing goes well with you.
Click to expand...

y2adre isn't the thread OP, FYI ;).
 
You must log in or register to reply here.

Similar threads

P
5G has arrived
Replies
1
Views
632
ShayWacky
ShayWacky
Trotter
Files missing from drive in external enclosure
2
Replies
18
Views
2K
PP Mguire
PP Mguire
U
Network problem at home in 5GH - on the computer
Replies
1
Views
867
tehnokraat
T
R
Suddenly there is no display on the computer
Replies
8
Views
909
Flowace
Flowace
P
Blue screen error again?
2
Replies
16
Views
2K
phantom555
P
Back
Top Bottom