"Doge_Supreme drives a BRZ" (doge-supreme)
02/23/2015 at 19:22 • Filed to: None
0
29|
"Doge_Supreme drives a BRZ" (doge-supreme)
02/23/2015 at 19:22 • Filed to: None | 0
| 29 |
My GF's work computer just got a particularly nasty piece of ransomware:
It has locked out task manager, system restore, and Superantispyware, spybot and malwarebytes could not remove it. The PC is running XP sp3 on a dell computer that's about 7ish years old. Her work is going to be getting new computers soon, but they want me to get this one running for the time being. I have also tried booting in safe mode, and it won't let me, this is literally the most stubborn virus I've gone up against and I'm running out of stuff to throw at it. If anyone has any ideas on how to remedy the problem any ideas are welcome. It's getting to the point that some data loss is acceptable.
Here is a Toyota for your time.
No Prius Needed
> Doge_Supreme drives a BRZ
02/23/2015 at 19:30 |
|
ly2v8-Brian
> Doge_Supreme drives a BRZ
02/23/2015 at 19:31 |
|
Jake - Has Bad Luck So You Don't Have To
> Doge_Supreme drives a BRZ
02/23/2015 at 19:32 |
|
I hope the data on there isn't valuable, because it's about 12 different kinds of gone. AFAIK there aren't any ways to unencrypt it unless they were lazy and used some sort of shitty encryption scheme that has vulnerabilities (which I doubt).
|
No Prius Needed
> ly2v8-Brian
02/23/2015 at 19:33 |
|
Is this your go to gif for any posts relating to tech help?
Clay_T
> Doge_Supreme drives a BRZ
02/23/2015 at 19:34 |
|
Two options:
Pay the ransom and hope the shitbags unlock it. I've read that some actually do.
Flatline it and restore from the backup. (The company does have backups..?)
Galileo Humpkins (aka MC Clap Yo Handz)
> Doge_Supreme drives a BRZ
02/23/2015 at 19:35 |
|
Obligatory, someone was gonna post it.
djmt1
> Doge_Supreme drives a BRZ
02/23/2015 at 19:36 |
|
At least they are honest.
I had shit pretending to be the London Police (Metropolitan) saying they've locked my computer because I had and I quote "copious amounts of Child and Scat porn". Now Child porn is pretty self explanatory, Scat not so much... my most regretful Google search ever soon followed.
As for the Virus itself, it only appeared after logging in as a user except for the guest account so I just signed in as a guest and deleted the program. Thanks to this whole debacle I've stopped pirating games, so maybe my introduction to the world of scat was some form of internet Karma/deterrent.
George McNally
> Doge_Supreme drives a BRZ
02/23/2015 at 19:48 |
|
If it's this or one of its variants....you're boned.
DrJohannVegas
> Doge_Supreme drives a BRZ
02/23/2015 at 19:55 |
|
Mosqvich
> Doge_Supreme drives a BRZ
02/23/2015 at 19:55 |
|
According to Microsoft's David Aucsmith it is impossible to secure an XP machine. I don't think there is a solution. Sorry.
davedave1111
> Doge_Supreme drives a BRZ
02/23/2015 at 20:07 |
|
It's pretty simple to remove any virus, but if they've really encrypted your files, that won't help. Is it on a network somewhere you can log into it remotely?
PSTools is very helpful for killing the malware processes remotely. Then knock out any reg keys relating to them, delete the files, that'll be about it for XP, you should be able to let Malwarebytes do the rest.
https://technet.microsoft.com/en-gb/sysinter…
Oh, and before you do all that, check if it's actually locked stuff out properly or just by name. A lot of this crap just blocks processes with a certain name - or once they've been run once - so if you download a fresh copy of Process Explorer and rename it before you run it, they usually don't pick it up.
https://technet.microsoft.com/en-gb/sysinter…
Denver Is Stuck In The 90s
> Doge_Supreme drives a BRZ
02/23/2015 at 20:08 |
|
I got that on my iPad once, that was funny. It did nothing
|
ly2v8-Brian
> No Prius Needed
02/23/2015 at 20:12 |
|
indeed. he is nearing the critical stage where a careful application of percussive maintenance may fix the issue for good.
|
ly2v8-Brian
> DrJohannVegas
02/23/2015 at 20:13 |
|
wkiernan
> Doge_Supreme drives a BRZ
02/23/2015 at 20:59 |
|
When combating a tenacious virus, try downloading the AVG rescue disk. It makes a CD that has a complete Linux OS on it, so no virus is running while you are using it. As for the sons of a bitches who wrote and distribute that virus, ly2v80Brian's post has the solution, to be applied repeatedly to their heads until there's nothing left .
deekster_caddy
> Doge_Supreme drives a BRZ
02/23/2015 at 21:04 |
|
This is why companies have regular backups. Sorry, it's gone. Format drive, restore. Or else pay the ransom, sometimes they will actually unlock it. You have a good chance of disputing the charge with your credit card company along with a call to your local law enforcement. File a police report first about having to pay the ransom. If it works, copy the files off pronto, run them through an offline scanner and burn that computer.
Sampsonite24-Earth's Least Likeliest Hero
> No Prius Needed
02/23/2015 at 21:53 |
|
Yeah he posted it when I was having brake issues on the slobalt
|
Sampsonite24-Earth's Least Likeliest Hero
> Doge_Supreme drives a BRZ
02/23/2015 at 21:55 |
|
Man what kind of porn was she into
|
Sampsonite24-Earth's Least Likeliest Hero
> Denver Is Stuck In The 90s
02/23/2015 at 22:01 |
|
from what I've read the two big ones will only affect windows systems. So mac, Linux and Droid users are out of the woods
Kailand09
> Galileo Humpkins (aka MC Clap Yo Handz)
02/23/2015 at 22:06 |
|
Obligatory post about the inaccurate suggestion you are giving.
|
ly2v8-Brian
> Sampsonite24-Earth's Least Likeliest Hero
02/23/2015 at 22:07 |
|
Percussive maintenance is a universal repair process.
|
Sampsonite24-Earth's Least Likeliest Hero
> ly2v8-Brian
02/23/2015 at 22:11 |
|
It did help. We just had to use a pry bar and two cans of penitrating spray along with the sledge haha
BmanUltima's car still hasn't been fixed yet, he'll get on it tomorrow, honest.
> Galileo Humpkins (aka MC Clap Yo Handz)
02/23/2015 at 23:42 |
|
Macs can get ransomeware too.
orcim
> Doge_Supreme drives a BRZ
02/24/2015 at 00:49 |
|
You may already be past this, but I've used Kaspersky's standalone boot removal tool before to good effect (about 20% of the time.. the rest it misses.) But it boots a whole 'nother OS in memory and then does the virus checking. Make sure to update the DB when it comes up.
http://www.kaspersky.com/antivirus-remo…
|
Galileo Humpkins (aka MC Clap Yo Handz)
> BmanUltima's car still hasn't been fixed yet, he'll get on it tomorrow, honest.
02/24/2015 at 09:51 |
|
I know, someone was gonna do it or say it so I figured I'd get it out of the way.
MonkeePuzzle
> Doge_Supreme drives a BRZ
02/24/2015 at 10:26 |
|
rebuild OS on a new drive, insert her old drive and see if you can grab the files from it? the crater the whole thing and start over. It'll take a while, and require some additional hardware, but I can think of no other solutions.
Issue is, these ransomware things seem to hijack the table that tells a hard drive where it's files are, so the data may be completely useless even in another box without the virus'd OS.
|
MonkeePuzzle
> Doge_Supreme drives a BRZ
02/24/2015 at 10:27 |
|
doesn't say how much they are asking for, whats teh price?
|
Doge_Supreme drives a BRZ
> MonkeePuzzle
02/24/2015 at 14:09 |
|
300$
|
MonkeePuzzle
> Doge_Supreme drives a BRZ
02/24/2015 at 14:13 |
|
dang! have you had any luck removing it?