I've been hit by this for the second time in 6 months. The first time I used Hitman Pro Kickstarter to remove it but apparently the authors have adapted the malware to avoid Hitman Pro. I can't boot into safe mode so don't bother suggesting fixes that require that. I've already tried google too.
FBI ransomware infection
- Thread starter ram1009
- Start date
Solution
Saga Lout
Retired Mod
- Mar 31, 2010
- 24,042
- 310
- 69,740
Safe Mode with Command Prompt should work but if it doesn't, use your XP CD to access the command line. Type
net user /add fred coffee
then press Enter. Restart and log into the new User Account named fred and use the password coffee (drinking mine now, hence the thought
). That will be a clean account and can give you access to download ComboFix or Hitman - my preference is CF - to get rid of the threat.
net user /add fred coffee
then press Enter. Restart and log into the new User Account named fred and use the password coffee (drinking mine now, hence the thought
). That will be a clean account and can give you access to download ComboFix or Hitman - my preference is CF - to get rid of the threat.I'm afraid that won't work. I have a second bootable drive containing W7 on this machine. I've tried cleaning the infected partition from the W7 drive but it seems access is completely denied. I can see the drive letter in Windows Explored but no files.
Saga Lout
Retired Mod
- Mar 31, 2010
- 24,042
- 310
- 69,740
That's either a permissions issue ore the threat has hidden the contents of the folders. In the Command Prompt of Windows 7, try changing the attribute from Hidden to unhidden by typing
attrib x:\*.* -h
where X is the drive containing XP, then press Enter.
Can you see the XP drive in W7's command line? If you can, run the attrib from that drive letter's own prompt, as well as the net user I suggested above. It's the only way into your XP system. We have a similar threat here in the UK - the police ransomware - and I've fixed dozens by gaining access thus.
attrib x:\*.* -h
where X is the drive containing XP, then press Enter.
Can you see the XP drive in W7's command line? If you can, run the attrib from that drive letter's own prompt, as well as the net user I suggested above. It's the only way into your XP system. We have a similar threat here in the UK - the police ransomware - and I've fixed dozens by gaining access thus.
Saga Lout
Retired Mod
- Mar 31, 2010
- 24,042
- 310
- 69,740
Pop the CD in and if it isn't automatically take over and invite you to "Press any key", change the BIOS settings to boot from a CD first. Proceed as though you're installing until the part where you press F8 to accept the terms of the EULA and at the next screen press R for the repair option. The Command Prompt will be one of those options.
The pillocks who write this stuff must be improving it - I haven't come across one 'til now where Safe with prompt falls over.
Can you access this thread once you've left W7 or are you printing things off?
The pillocks who write this stuff must be improving it - I haven't come across one 'til now where Safe with prompt falls over.
Can you access this thread once you've left W7 or are you printing things off?
Saga Lout
Retired Mod
- Mar 31, 2010
- 24,042
- 310
- 69,740
OK here goes. You want to add a new User Account as you would in Control panel but do it in the command line. The syntax is
net user /add fred coffee
then press Enter. There's a space after user before the oblique stroke (forward slash) but not after it. You can then type exit and press Enter after it confirms the command ran successfully, then restart the computer.
Do nothing so it starts normally. The new account is called fred and the password is coffee and it will appear on the login page alongside your own affected account. Login i to fred and being a clean account, it will allow you to run ComboFix which should be able to sort things out..
net user /add fred coffee
then press Enter. There's a space after user before the oblique stroke (forward slash) but not after it. You can then type exit and press Enter after it confirms the command ran successfully, then restart the computer.
Do nothing so it starts normally. The new account is called fred and the password is coffee and it will appear on the login page alongside your own affected account. Login i to fred and being a clean account, it will allow you to run ComboFix which should be able to sort things out..
I'm going to try it again but I believe that is exactly what I did when it returned "parameter invalid" Should I be in C:\WINDOWS or in DOCUMENTS and SETTINGS or some other directory such as system 32. I've done some googleing and your syntax doesn't match others. Have a look: http://www.pcrisk.com/computer-technician-blog/general-information/7019-how-to-create-a-new-user-account-using-command-prompt
EDIT: I have tried this repeatedly and every time it says "parameter is not valid".
Saga Lout
Retired Mod
- Mar 31, 2010
- 24,042
- 310
- 69,740
The syntax I use is always worked for me as it did a few minutes ago:-
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Roger>net user /add fred coffee
The command completed successfully.
C:\Documents and Settings\Roger>
However, if putting the username before the /add, do it that way. I have no Copyright over my own methodology but the important thing is to sort your problem.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Roger>net user /add fred coffee
The command completed successfully.
C:\Documents and Settings\Roger>
However, if putting the username before the /add, do it that way. I have no Copyright over my own methodology but the important thing is to sort your problem.
TRENDING THREADS
-
-
Question Microsoft Defender found Trojans on my PC- Started by Tommy Sawyer
- Replies: 4
-
-
Question Can I just upgrade my graphics card or should I be upgrading my processor as well for UE5?- Started by Tolstoy1990
- Replies: 7
-
-
Discussion What's your favourite video game you've been playing?- Started by amdfangirl
- Replies: 3K
Facebook
Twitter
Instagram