Nasty Ransomware white page screen block virus cant get rid, please help, desperate.

[brad123uk]

So I have the nasty ransomware virus that demands money and blocks your screen, Ive tried system restore as per a few searches but that didnt work, you can only boot in safe mode with command prompt not safe mode with networking, the pc just restarts.

I tried the kaspersky rescue disk and left it scanning for 3 days but was only at 1%, this would only run in text mode not graphics mode.

So im stumped now what to do, please help!! I cant reformat as all my works on there.

I tried hitman kickstart but when it boots from usb it just boots up normally to login and then i login and i get a white ransom screen.

I cant login in same mode as it restarts, i can only choose start in safe mode with command prompt.


Any other good malware or visur thing i can create a start up disk that works, as kaspersky rescue disk 10 doesnt.

Im lost...

 

[Fiery]

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>

 

[brad123uk]

Hi i did the farbar thing but its not a virus scanner removal tool is it, is it just to get the logs from my pc to post on here so you can see how to help yes? Or will that remove the ransomware?

 

[Fiery]

It's not a virus scanner and it doesn't automatically remove the virus. It produces a log for me to generate a script. The script will tell the tool wha to remove.

Please upload the frst.txt file on your harddrive when you have completed the scan.

 

[brad123uk]

ok thanks, even if i can access safe mode with networking will it work what you propose to do?

Its a big list shall i post it all, theres no private info is there in the list?

 

[Fiery]

It is better to run the scan in the system recovery environment than safe mode. The reason for that is in the system recovery environment, your entire operating system is offline so any viruses won't interfere with the scan results. In safe mode, the virus may be active and can alter the scan results, leaving us with incomplete information of the system.

No private information are contained in the list besides your windows account name because it will show the file directories on your PC. All the tools we use do not display private information because they are designed for open forum uses.