You can also try here: www dot nomoreransom dot org
May be able to help
You can also try here: www dot nomoreransom dot org
May be able to help
Last edited by auggie; 03-20-2017 at 01:24 AM.
When I run it on the test bed I can see all files and folders.
♫♫♫ I知 a lumberjack and I知 OK ♫♫♫ I drink all night and sleep all day. ♫♫♫
Coming soon to a crop circle near you.....
There is a 66 and third % chance that I'm on the right planet...
"I'm happier then a Jackalope in a balloon factory"
"First rule of testing satellites"
"If its working fine now, then don't mess with it"
"Second rule of testing satellites"
"If you did mess with it, and now it doesn't work, can you blame someone else?"
"Third rule of testing satellites"
"If you did mess with it, and it doesn't work now, and you can't blame someone else"
"Can you HIDE it"?
Just a shot, for Password,have you tried 123 or 1234 or 12345
♫♫♫ I知 a lumberjack and I知 OK ♫♫♫ I drink all night and sleep all day. ♫♫♫
Coming soon to a crop circle near you.....
There is a 66 and third % chance that I'm on the right planet...
"I'm happier then a Jackalope in a balloon factory"
"First rule of testing satellites"
"If its working fine now, then don't mess with it"
"Second rule of testing satellites"
"If you did mess with it, and now it doesn't work, can you blame someone else?"
"Third rule of testing satellites"
"If you did mess with it, and it doesn't work now, and you can't blame someone else"
"Can you HIDE it"?
Cut & run....I would pull/save/disinfect any critical data & format.I have been lucky enough to defeat ransomware twice,but the o/s was never the same anyways.It seems the disinfecting was fatal.
I know the feeling , i've bombed my own computer quite a few times making those things in the past ...........
knowledge is power , power corrupts all
Hummmm...reformat maybe an idea, if I can gust format the "C" drive and then recover from the "D" drive it may work, but this one had the free upgrade to W10, it came with W7, I wonder if it would come back as W7???
And I have saved all photos and other data to a USB drive.
I have downloaded an ISO file for windows 10 but I need a slightly larger DVD recordable disk then 4.7 GB, as when I try and burn it to DVD it needs about 300 MB more then whats available on the DVD.
And I'm having problems burning it to an 8 GB USB drive, it just wont do it.
♫♫♫ I知 a lumberjack and I知 OK ♫♫♫ I drink all night and sleep all day. ♫♫♫
Coming soon to a crop circle near you.....
There is a 66 and third % chance that I'm on the right planet...
"I'm happier then a Jackalope in a balloon factory"
"First rule of testing satellites"
"If its working fine now, then don't mess with it"
"Second rule of testing satellites"
"If you did mess with it, and now it doesn't work, can you blame someone else?"
"Third rule of testing satellites"
"If you did mess with it, and it doesn't work now, and you can't blame someone else"
"Can you HIDE it"?
no i have the answer , give me a second to find the program .....
i used the second oneonly problem is these types of malware morph eg: say the original file downloaded was test.exe ......... a good one morphs & changes itself to dll , jpg ect ect ........ & doesn't stopCode:https://www.lifewire.com/free-windows-password-recovery-tools-2626179
in this case if the above doesn't work , only option you have is to manually remove it ..... start>>search/run>>type regedit >>> systemconfig >>> uncheck Load Start up services " Under General Tab >>> apply >>> reboot >>> systemconfig >>> Start up tab >> check manufacturer >>> look for Unknown ....... >>> if you don't know what the program is hit disable >> regedit >> & i'll show you how to manually remove it ..........
worst case , remove hard-drive from pc , put it in a enclosure & scan from a clean computer ......... with the correct tools ..........
Last edited by nob0dy; 03-20-2017 at 11:26 PM.
knowledge is power , power corrupts all
OK after posting at several AV forms I have found out it is not ransomware but a SYSKEY scam, I need to find out how to edit the SAM folder, if I set the syskey back to zero it should start normally.
♫♫♫ I知 a lumberjack and I知 OK ♫♫♫ I drink all night and sleep all day. ♫♫♫
Coming soon to a crop circle near you.....
There is a 66 and third % chance that I'm on the right planet...
"I'm happier then a Jackalope in a balloon factory"
"First rule of testing satellites"
"If its working fine now, then don't mess with it"
"Second rule of testing satellites"
"If you did mess with it, and now it doesn't work, can you blame someone else?"
"Third rule of testing satellites"
"If you did mess with it, and it doesn't work now, and you can't blame someone else"
"Can you HIDE it"?
This might help, Hopefully this will fix the problem. You need to do this offline with a linux disk as it cannot be done in Windows. The first thing to check is the date of the hives in the following directory. C:\Windows\System32\config\regback. The hives must be dated before the date of your problem.
Download Parted Magic here. Burn the iso file to a CD on a Windows 7 or later computer by right clicking and selecting Burn Disk Image. You will need to disable SecureBoot in your UEFI settings and enable Legacy or CSM boot. Your computer may have a boot menu accessed at boot by tapping a key to select the boot device, in your case the optical drive.
At the Parted Magic Desktop you should mount your devices per this guide( see second image ). Browse to the regback folder to confirm if the date on the hives in regback is before the date in the config folder. If it is rename the following hives in config
SAM to SAM.bak
SOFTWARE to SOFTWARE.bak
DEFAULT to DEFAULT.bak
SECURITY to SECURITY.bak
SYSTEM to SYSTEM.bak
Copy the above hives from regbak to config. Exit out of PartedMagic and reboot.
I thought this was interesting Terry:
[QUOTEhttps://www.passcape.com/lookup_syskey_password][/QUOTE]
...as long as you can access this while the drive is slave.
you can also go here: hxxp://triplescomputers.com/blog/casestudies/solution-this-is-microsoft-support-telephone-scam-computer-ransom-lockout/[/url] It gives a step by step (iso download) how to solve
If you can access the data, save it and reinstall windows 7 with a format. You can enter the product key from the sticker. Windows 10 is probably why he got virus in the first place.
WOW what a battle, got it fixed, I tried all suggestions from you all but finally found this one to work.
Had to do some registry editing but got it going, many many many tanks to all that helped.Code:https://www.sevenforums.com/tutorials/243880-syskey-set-startup-password-lock-unlock-windows.html
Terryl
♫♫♫ I知 a lumberjack and I知 OK ♫♫♫ I drink all night and sleep all day. ♫♫♫
Coming soon to a crop circle near you.....
There is a 66 and third % chance that I'm on the right planet...
"I'm happier then a Jackalope in a balloon factory"
"First rule of testing satellites"
"If its working fine now, then don't mess with it"
"Second rule of testing satellites"
"If you did mess with it, and now it doesn't work, can you blame someone else?"
"Third rule of testing satellites"
"If you did mess with it, and it doesn't work now, and you can't blame someone else"
"Can you HIDE it"?
May ALL your problems be so small...lol