I need your help, please. It is Windows 7 Enterprise. All attempts at starting in safe mode, or a reboot has failed due to not having the bit lock code.
FBI Ransom Malware - Bitlocker
- Thread starter Fisherking333
- Start date
Fiery
Level 1
- Jan 11, 2011
- 2,007
Hi and welcome to MalwareTips! 
I'n Fiery and I would gladly assist you in removing the malware on your computer.
Before we start:
<hr>
Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a flash drive.
For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a flash drive.</li>
Also download List Parts 32bit or Listparts 64 bit and save it to the flash drive also.
<li>Plug the flashdrive into the infected PC.</li>
<li>Enter <>System Recovery Options</>.</li>
<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>
<>To enter System Recovery Options by using Windows installation disc:</>
<ul>
<li>Insert the installation disc.</li>
<li>Restart your computer.</li>
<li>If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.</li>
<li>Click <>Repair your computer</>.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account and click <>Next</>.</li>
</ul>
<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst.exe</> (for x64 bit version type <><span style="color: #ff0000;">e</span>:\frst64</>) and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Back in the command prompt, type <><span style="color: #ff0000;">e</span>:\listparts.exe</> (for x64 bit version type <><span style="color: #ff0000;">e</span>:\listparts64.exe</>) and press <>Enter</>
<li>ListParts will start to run. Check the box beside List BCD and click Scan
<li>When finished scanning it will make a log Result.txt on the flash drive
<li>Type exit</li>
<li>Please copy and paste both FRST.txt and Result.txt logs in your next reply</li></li>
</ol>
</ul>
I'n Fiery and I would gladly assist you in removing the malware on your computer.
Before we start:
- Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
- Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
- Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
- Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
- The absence of symptoms does not mean your PC is fully disinfected.
- If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
- Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.
<hr>
Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a flash drive.
For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a flash drive.</li>
Also download List Parts 32bit or Listparts 64 bit and save it to the flash drive also.
<li>Plug the flashdrive into the infected PC.</li>
<li>Enter <>System Recovery Options</>.</li>
<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>
<>To enter System Recovery Options by using Windows installation disc:</>
<ul>
<li>Insert the installation disc.</li>
<li>Restart your computer.</li>
<li>If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.</li>
<li>Click <>Repair your computer</>.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account and click <>Next</>.</li>
</ul>
<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst.exe</> (for x64 bit version type <><span style="color: #ff0000;">e</span>:\frst64</>) and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Back in the command prompt, type <><span style="color: #ff0000;">e</span>:\listparts.exe</> (for x64 bit version type <><span style="color: #ff0000;">e</span>:\listparts64.exe</>) and press <>Enter</>
<li>ListParts will start to run. Check the box beside List BCD and click Scan
<li>When finished scanning it will make a log Result.txt on the flash drive
<li>Type exit</li>
<li>Please copy and paste both FRST.txt and Result.txt logs in your next reply</li></li>
</ol>
</ul>
Last edited by a moderator:
Thank you very much. I will be away until this afternoon.
I do not have a Windows installation Disc.
The laptop is a company laptop being Windows 7 Enterprise.
I will guarantee a Donation once the Malware is purged.
Thank you again for your assistance.
I do not have a Windows installation Disc.
The laptop is a company laptop being Windows 7 Enterprise.
I will guarantee a Donation once the Malware is purged.
Thank you again for your assistance.
Fiery
Level 1
- Jan 11, 2011
- 2,007
Hi,
You may be able to enter system recovery without the installation disc.
<ul>
<li>Restart the computer.</li>
<li>As soon as the computer starts loading, begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>
If you are unable to enter system recovery, then we will have to create a bootable CD. Do the following on a clean PC.
You may be able to enter system recovery without the installation disc.
<ul>
<li>Restart the computer.</li>
<li>As soon as the computer starts loading, begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>
If you are unable to enter system recovery, then we will have to create a bootable CD. Do the following on a clean PC.
- Download OTLPENet.exe to your desktop
- Download Farbar Recovery Scan Tool and save it to a flash drive.
- Download List Parts 32-bit or Listparts 64-bit and save it to the flash drive also.
- Ensure that you have a blank CD in the drive
- Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
- Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here - Wait for the CD to detect your hardware and load the operating system
- Your system should now display a Reatogo desktop
Note : as you are running from CD it is not exactly speedy - Insert the USB with FRST
- Locate the flash drive with FRST and double click
- The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
- Next click List Parts and then click Scan
It will make a log Results.txt on the flash drive. Please copy and paste it to your reply.
Last edited by a moderator:
Thank you. On my way now to buy blank disks. I have a 16G Flash Drive. Is that large enough?
I will be back in 20 mins.
Any attempt to boot or system restore has been met with...
"The system boot information has changed since Bitlocker was enabled.
You must supply a Bitlocker recovery key to start this system.
Confirm that the changes to the system boot information are authorized.
If the changes to the system boot information are trusted, then suspend and resume Bitlocker. This will reset Bitlocker to use the new boot information.
Otherwise restore the system boot infomation"
I will be back in 20 mins.
Any attempt to boot or system restore has been met with...
"The system boot information has changed since Bitlocker was enabled.
You must supply a Bitlocker recovery key to start this system.
Confirm that the changes to the system boot information are authorized.
If the changes to the system boot information are trusted, then suspend and resume Bitlocker. This will reset Bitlocker to use the new boot information.
Otherwise restore the system boot infomation"
I downloaded the OTLPENet to disk. I also have the FRST and the
list pt 32 bit on flash drive.
What is my next step?
The Laptop that is infected in in a loop. displaying the following:
"The system boot information has changed since Bitlocker was enabled.
You must supply a Bitlocker recovery key to start this system.
Confirm that the changes to the system boot information are authorized.
If the changes to the system boot information are trusted, then suspend and resume Bitlocker. This will reset Bitlocker to use the new boot information.
Otherwise restore the system boot infomation"
list pt 32 bit on flash drive.
What is my next step?
The Laptop that is infected in in a loop. displaying the following:
"The system boot information has changed since Bitlocker was enabled.
You must supply a Bitlocker recovery key to start this system.
Confirm that the changes to the system boot information are authorized.
If the changes to the system boot information are trusted, then suspend and resume Bitlocker. This will reset Bitlocker to use the new boot information.
Otherwise restore the system boot infomation"
Fiery
Level 1
- Jan 11, 2011
- 2,007
You need to change your BIOS settings now to boot from a CD instead of your hard-drive. You can follow the instructions here if you are unsure how to change the boot order.
http://www.hiren.info/pages/bios-boot-cdrom
By the way, I'll be on my PC all day today so I'll be quick with replies. Check this thread often
http://www.hiren.info/pages/bios-boot-cdrom
By the way, I'll be on my PC all day today so I'll be quick with replies. Check this thread often
I am under boot options.
Start up menu delay
I clicked on cd Rom.
It is giving me the same thing over and over again.
It says that... windows bit locker drive encryption key is needed.
The only options are
Enter - recovery
Or
Esc - reboot.
They booth go into a loop.
Start up menu delay
I clicked on cd Rom.
It is giving me the same thing over and over again.
It says that... windows bit locker drive encryption key is needed.
The only options are
Enter - recovery
Or
Esc - reboot.
They booth go into a loop.
Fiery
Level 1
- Jan 11, 2011
- 2,007
Unfortunately, you will have to ask your company's IT department for the bitlocker key. On window 7 enterprise, any changes to hardware or driver will activate Bitlocker. I assume the FBI ransomware altered your system and activated bitlocker.
Did your company give you a USB along with the laptop when it was issued to you?
Did your company give you a USB along with the laptop when it was issued to you?
Fiery said:
No, they did not.
Thank you for your help on this. Even though we did not resolve the issue.
I appreciate your input, thank you
Fiery
Level 1
- Jan 11, 2011
- 2,007
If you get the key, manage to unlock your laptop and wishes to continue the process, let me know.
If the IT department will clean the laptop up, I'll just leave you some suggestions below to prevent malware in the future.
Take care
Keep your system updated
I also recommend you to switch your antivirus program to a better one. Here are some suggestions:
In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.
Other steps that you may want to do to further protect your system/files:
Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.
Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.
Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.
Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.
Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.
Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask
If the IT department will clean the laptop up, I'll just leave you some suggestions below to prevent malware in the future.
Take care
Keep your system updated
- Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
- Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
- Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here
I also recommend you to switch your antivirus program to a better one. Here are some suggestions:
- avast! 7 Home Edition - Don't use it with Online Armor
- Avira AntiVir Personal
- BitDefender Antivirus Free Edition
- Microsoft Security Essentials
In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.
- Online Armor
- Comodo Firewall - If you are an advance user
- ZoneAlarm Free Firewall
- PC Tool Firewall Plus
Other steps that you may want to do to further protect your system/files:
- Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
- Backup important files regulary to an external hard-drive or USB
Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.
Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.
Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.
Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
- KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
- AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
- NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
- Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites
Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.
Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.
Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask
My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
Similar threads
- Locked
