Page 2 of 2 FirstFirst 12
Results 16 to 30 of 30

Thread: Ransomware

  1. #16
    Join Date
    Mar 2014
    Posts
    2,619
    Satfix Buxs
    1,751,462
    Thanks
    18,631
    Thanked 7,293x in 2,137 Posts
    Items BurgerA Beertreasure chestPresentRainbowRepWireless AccessTreasure

    Default

    You can also try here: www dot nomoreransom dot org
    May be able to help
    Last edited by auggie; 03-20-2017 at 01:24 AM.

  2. #17
    Join Date
    Oct 2009
    Posts
    9,003
    Satfix Buxs
    4,002,465
    Thanks
    3,658
    Thanked 8,666x in 3,246 Posts
    Items PhoneHeartVintage truck
Gift received at 12-23-2012, 09:06 AM from ICEMAN
Message: thank you budTVCoffee makerPinkfloydthe travel gnomeTractor

    Default

    When I run it on the test bed I can see all files and folders.
    ♫♫♫ I知 a lumberjack and I知 OK ♫♫♫ I drink all night and sleep all day. ♫♫♫



    Coming soon to a crop circle near you.....

    There is a 66 and third % chance that I'm on the right planet...

    "I'm happier then a Jackalope in a balloon factory"

    "First rule of testing satellites"
    "If its working fine now, then don't mess with it"

    "Second rule of testing satellites"
    "If you did mess with it, and now it doesn't work, can you blame someone else?"

    "Third rule of testing satellites"
    "If you did mess with it, and it doesn't work now, and you can't blame someone else"
    "Can you HIDE it"?

  3. #18
    Join Date
    Mar 2014
    Posts
    2,619
    Satfix Buxs
    1,751,462
    Thanks
    18,631
    Thanked 7,293x in 2,137 Posts
    Items BurgerA Beertreasure chestPresentRainbowRepWireless AccessTreasure

    Default

    Just a shot, for Password,have you tried 123 or 1234 or 12345

  4. #19
    Join Date
    Oct 2009
    Posts
    9,003
    Satfix Buxs
    4,002,465
    Thanks
    3,658
    Thanked 8,666x in 3,246 Posts
    Items PhoneHeartVintage truck
Gift received at 12-23-2012, 09:06 AM from ICEMAN
Message: thank you budTVCoffee makerPinkfloydthe travel gnomeTractor

    Default

    Quote Originally Posted by auggie View Post
    Just a shot, for Password,have you tried 123 or 1234 or 12345

    Yup, and I think this one is toast as no one can ID the ransomware, I have tried all known scanners and nothing gets by the password screen.
    ♫♫♫ I知 a lumberjack and I知 OK ♫♫♫ I drink all night and sleep all day. ♫♫♫



    Coming soon to a crop circle near you.....

    There is a 66 and third % chance that I'm on the right planet...

    "I'm happier then a Jackalope in a balloon factory"

    "First rule of testing satellites"
    "If its working fine now, then don't mess with it"

    "Second rule of testing satellites"
    "If you did mess with it, and now it doesn't work, can you blame someone else?"

    "Third rule of testing satellites"
    "If you did mess with it, and it doesn't work now, and you can't blame someone else"
    "Can you HIDE it"?

  5. The Following User Says Thank You to Terryl For This Useful Post:


  6. #20
    Join Date
    Dec 2015
    Posts
    6,360
    Satfix Buxs
    1,748,679
    Thanks
    21,556
    Thanked 27,149x in 5,732 Posts
    Items helicopter
Gift received at 12-23-2019, 06:22 PM from BluegrassJeep
Gift received at 12-23-2019, 06:22 PM from BluegrassCrown Royal
Gift received at 12-23-2019, 06:22 PM from BluegrassSome beer
Gift received at 12-23-2019, 06:22 PM from Bluegrasstreasure chest
Gift received at 12-23-2019, 05:52 PM from Bluegrass
Message: jejejeImmunity to Theft

    Default

    Cut & run....I would pull/save/disinfect any critical data & format.I have been lucky enough to defeat ransomware twice,but the o/s was never the same anyways.It seems the disinfecting was fatal.

  7. The Following 3 Users Say Thank You to The Noof For This Useful Post:


  8. #21
    Join Date
    Mar 2014
    Location
    Off The Grid
    Posts
    3,670
    Satfix Buxs
    231,522
    Thanks
    4,280
    Thanked 3,209x in 1,068 Posts
    Items Toaster

    Default

    I know the feeling , i've bombed my own computer quite a few times making those things in the past ...........
    knowledge is power , power corrupts all

  9. The Following 2 Users Say Thank You to nob0dy For This Useful Post:


  10. #22
    Join Date
    Oct 2009
    Posts
    9,003
    Satfix Buxs
    4,002,465
    Thanks
    3,658
    Thanked 8,666x in 3,246 Posts
    Items PhoneHeartVintage truck
Gift received at 12-23-2012, 09:06 AM from ICEMAN
Message: thank you budTVCoffee makerPinkfloydthe travel gnomeTractor

    Default

    Hummmm...reformat maybe an idea, if I can gust format the "C" drive and then recover from the "D" drive it may work, but this one had the free upgrade to W10, it came with W7, I wonder if it would come back as W7???

    And I have saved all photos and other data to a USB drive.

    I have downloaded an ISO file for windows 10 but I need a slightly larger DVD recordable disk then 4.7 GB, as when I try and burn it to DVD it needs about 300 MB more then whats available on the DVD.

    And I'm having problems burning it to an 8 GB USB drive, it just wont do it.
    ♫♫♫ I知 a lumberjack and I知 OK ♫♫♫ I drink all night and sleep all day. ♫♫♫



    Coming soon to a crop circle near you.....

    There is a 66 and third % chance that I'm on the right planet...

    "I'm happier then a Jackalope in a balloon factory"

    "First rule of testing satellites"
    "If its working fine now, then don't mess with it"

    "Second rule of testing satellites"
    "If you did mess with it, and now it doesn't work, can you blame someone else?"

    "Third rule of testing satellites"
    "If you did mess with it, and it doesn't work now, and you can't blame someone else"
    "Can you HIDE it"?

  11. #23
    Join Date
    Mar 2014
    Location
    Off The Grid
    Posts
    3,670
    Satfix Buxs
    231,522
    Thanks
    4,280
    Thanked 3,209x in 1,068 Posts
    Items Toaster

    Default

    no i have the answer , give me a second to find the program .....

    i used the second one
    Code:
    https://www.lifewire.com/free-windows-password-recovery-tools-2626179
    only problem is these types of malware morph eg: say the original file downloaded was test.exe ......... a good one morphs & changes itself to dll , jpg ect ect ........ & doesn't stop

    in this case if the above doesn't work , only option you have is to manually remove it ..... start>>search/run>>type regedit >>> systemconfig >>> uncheck Load Start up services " Under General Tab >>> apply >>> reboot >>> systemconfig >>> Start up tab >> check manufacturer >>> look for Unknown ....... >>> if you don't know what the program is hit disable >> regedit >> & i'll show you how to manually remove it ..........


    worst case , remove hard-drive from pc , put it in a enclosure & scan from a clean computer ......... with the correct tools ..........
    Attached Images Attached Images
    Last edited by nob0dy; 03-20-2017 at 11:26 PM.
    knowledge is power , power corrupts all

  12. The Following User Says Thank You to nob0dy For This Useful Post:


  13. #24
    Join Date
    Oct 2009
    Posts
    9,003
    Satfix Buxs
    4,002,465
    Thanks
    3,658
    Thanked 8,666x in 3,246 Posts
    Items PhoneHeartVintage truck
Gift received at 12-23-2012, 09:06 AM from ICEMAN
Message: thank you budTVCoffee makerPinkfloydthe travel gnomeTractor

    Default

    OK after posting at several AV forms I have found out it is not ransomware but a SYSKEY scam, I need to find out how to edit the SAM folder, if I set the syskey back to zero it should start normally.
    ♫♫♫ I知 a lumberjack and I知 OK ♫♫♫ I drink all night and sleep all day. ♫♫♫



    Coming soon to a crop circle near you.....

    There is a 66 and third % chance that I'm on the right planet...

    "I'm happier then a Jackalope in a balloon factory"

    "First rule of testing satellites"
    "If its working fine now, then don't mess with it"

    "Second rule of testing satellites"
    "If you did mess with it, and now it doesn't work, can you blame someone else?"

    "Third rule of testing satellites"
    "If you did mess with it, and it doesn't work now, and you can't blame someone else"
    "Can you HIDE it"?

  14. The Following User Says Thank You to Terryl For This Useful Post:


  15. #25
    Join Date
    Mar 2014
    Posts
    2,619
    Satfix Buxs
    1,751,462
    Thanks
    18,631
    Thanked 7,293x in 2,137 Posts
    Items BurgerA Beertreasure chestPresentRainbowRepWireless AccessTreasure

    Default

    This might help, Hopefully this will fix the problem. You need to do this offline with a linux disk as it cannot be done in Windows. The first thing to check is the date of the hives in the following directory. C:\Windows\System32\config\regback. The hives must be dated before the date of your problem.



    Download Parted Magic here. Burn the iso file to a CD on a Windows 7 or later computer by right clicking and selecting Burn Disk Image. You will need to disable SecureBoot in your UEFI settings and enable Legacy or CSM boot. Your computer may have a boot menu accessed at boot by tapping a key to select the boot device, in your case the optical drive.



    At the Parted Magic Desktop you should mount your devices per this guide( see second image ). Browse to the regback folder to confirm if the date on the hives in regback is before the date in the config folder. If it is rename the following hives in config



    SAM to SAM.bak

    SOFTWARE to SOFTWARE.bak

    DEFAULT to DEFAULT.bak

    SECURITY to SECURITY.bak

    SYSTEM to SYSTEM.bak



    Copy the above hives from regbak to config. Exit out of PartedMagic and reboot.

  16. The Following User Says Thank You to auggie For This Useful Post:


  17. #26
    Join Date
    Dec 2015
    Posts
    6,360
    Satfix Buxs
    1,748,679
    Thanks
    21,556
    Thanked 27,149x in 5,732 Posts
    Items helicopter
Gift received at 12-23-2019, 06:22 PM from BluegrassJeep
Gift received at 12-23-2019, 06:22 PM from BluegrassCrown Royal
Gift received at 12-23-2019, 06:22 PM from BluegrassSome beer
Gift received at 12-23-2019, 06:22 PM from Bluegrasstreasure chest
Gift received at 12-23-2019, 05:52 PM from Bluegrass
Message: jejejeImmunity to Theft

    Default

    I thought this was interesting Terry:

    [QUOTEhttps://www.passcape.com/lookup_syskey_password][/QUOTE]

    ...as long as you can access this while the drive is slave.

  18. The Following User Says Thank You to The Noof For This Useful Post:


  19. #27
    Join Date
    Mar 2014
    Posts
    2,619
    Satfix Buxs
    1,751,462
    Thanks
    18,631
    Thanked 7,293x in 2,137 Posts
    Items BurgerA Beertreasure chestPresentRainbowRepWireless AccessTreasure

    Default

    you can also go here: hxxp://triplescomputers.com/blog/casestudies/solution-this-is-microsoft-support-telephone-scam-computer-ransom-lockout/[/url] It gives a step by step (iso download) how to solve

  20. The Following User Says Thank You to auggie For This Useful Post:


  21. #28
    Join Date
    Dec 2012
    Posts
    475
    Satfix Buxs
    135,546
    Thanks
    628
    Thanked 243x in 142 Posts
    Items DishWhiskeyA BeerPresentpoisonTreasureCashRibbon 3

    Default

    If you can access the data, save it and reinstall windows 7 with a format. You can enter the product key from the sticker. Windows 10 is probably why he got virus in the first place.

  22. The Following User Says Thank You to jets For This Useful Post:


  23. #29
    Join Date
    Oct 2009
    Posts
    9,003
    Satfix Buxs
    4,002,465
    Thanks
    3,658
    Thanked 8,666x in 3,246 Posts
    Items PhoneHeartVintage truck
Gift received at 12-23-2012, 09:06 AM from ICEMAN
Message: thank you budTVCoffee makerPinkfloydthe travel gnomeTractor

    Default

    WOW what a battle, got it fixed, I tried all suggestions from you all but finally found this one to work.

    Code:
    https://www.sevenforums.com/tutorials/243880-syskey-set-startup-password-lock-unlock-windows.html
    Had to do some registry editing but got it going, many many many tanks to all that helped.

    Terryl
    ♫♫♫ I知 a lumberjack and I知 OK ♫♫♫ I drink all night and sleep all day. ♫♫♫



    Coming soon to a crop circle near you.....

    There is a 66 and third % chance that I'm on the right planet...

    "I'm happier then a Jackalope in a balloon factory"

    "First rule of testing satellites"
    "If its working fine now, then don't mess with it"

    "Second rule of testing satellites"
    "If you did mess with it, and now it doesn't work, can you blame someone else?"

    "Third rule of testing satellites"
    "If you did mess with it, and it doesn't work now, and you can't blame someone else"
    "Can you HIDE it"?

  24. The Following 6 Users Say Thank You to Terryl For This Useful Post:


  25. #30
    Join Date
    Dec 2015
    Posts
    6,360
    Satfix Buxs
    1,748,679
    Thanks
    21,556
    Thanked 27,149x in 5,732 Posts
    Items helicopter
Gift received at 12-23-2019, 06:22 PM from BluegrassJeep
Gift received at 12-23-2019, 06:22 PM from BluegrassCrown Royal
Gift received at 12-23-2019, 06:22 PM from BluegrassSome beer
Gift received at 12-23-2019, 06:22 PM from Bluegrasstreasure chest
Gift received at 12-23-2019, 05:52 PM from Bluegrass
Message: jejejeImmunity to Theft

    Default

    May ALL your problems be so small...lol

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •