Troubleshoot Police Virus has lead to BIOS not working

[Ben North]

Hello,

Yesterday my friend received his friend's laptop computer because he had requested that he fix it. When my friend and I looked at it we discovered that it had the increasingly popular police virus (If you don't know what it is click here) (For a picture of it click here). I then proceed to help my friend try and remove it. I told him that we needed to try and boot it in safe mode. However, when he tried to boot it in safe mode using Shift+f8 it failed multiple times. I told him to force it to boot into safe mode by pressing windows+R and typing in msconfig to then force it to boot in safe mode. (Link to steps we used here) He then shut the computer down and then started it up. It seemed to be booting normally until it got to the point where the BIOS splash should appear and it did not, instead it just went to a blue screen which said "restarting" on it. It does this over and over again until you hold the button down to force shut it down. I then asked my friend to ask his friend if he had his windows 8 disks. When my friend did he told him that they were where he lives in Hong Kong. (He borders to a school in NSW from Hong Kong so most of his possessions are there.)

A recap:

The windows 8 machine has contracted the police virus.
When we tried forcing it to boot into safe mode it has now done something that prevents BIOS from booting.
There are no available windows 8 disks that we can use as recovery. (Not that we can use them at the present time as we can not access the BIOS.)

My friend is in need of help to try and fix his friend's computer. I would greatly appreciate it if you could help.

Thanks,
Ben North

 

[Arakasi]

Ben North,

Inexperienced users should not try and repair ransomware without knowing advanced knowledge in malware removal.
When safemode doesnt boot usually it means the registry entries are corrupt for it by the malware and they are easily able to be put back into place, even if you cant boot the computer any longer from normal or safe mode.
The constant reboot, reboot, reboot especially if they are not proper shutdowns due to no interface in normal mode, you can cause irreparable damage to the disk and windows files, thus causing it not to boot any longer at all.
There is no ransomware malware that writes to the bios chip that i know of in existence.
Here is why.... the main goal of ransomware is financials and the incentive is always financially driven.
How can you get or accept money if you destroy their computer ?
So it is likely his boot options are simply not correct any longer and you need to get those changes by pressing F2, Esc, F10 or whichever laptop model you have. If this is not the case then his drive is now failing.
If there is a local shop, i would suggest you take it by for futher troubleshooting.
Or if you want to attempt yourself, remove the hard drive, and dock it via usb to your own computer and run a Seatools test or WD Diag test to get some feedback on s.m.a.r.t. data as well as perform a DST.

I am terribly sorry for your troubles and we would be glad to answer any further questions you might have or offer assistance.
Most ransomware variants are detectable by more then half the vendors we discuss here at MT at least. You need to install one that you like and confirm with the vendor if they detect forms of police, fbi, interpol type ransomware.

 

[Ben North]

Thank you for your help.
I will try and fix it and come back if I need more assistance.

 

[TwinHeadedEagle]

If you succeed in fixing BIOS, then I can help you removing virus from your PC.

 

[Chromatinfish 123]

If all fails, perform a hard reset (look at manual) and insert a windows 8 disk, then restore from backup. I would recommend posting in the Malware Removal Assistance as real experts will be happy to help there.
Cheers, Chromatinfish