Removing Genuine Microsoft Software Screen Lock/Ransom Malware

Ed Erdelac

New Member
Thread author
Jan 10, 2016
4
Hey guys,

So my wife's Dell laptop running Windows 10 (not sure of if 36 or 64 bit) got this lock screen last night. Don't know what she was doing or if one of the kids clicked on some kind of popup, but the pic attached is the screen she gets when she tries to boot.

207pdsi.jpg


She didn't run a scan, because neither of us were previously aware of scan logs, and I can't reinstall her Windows as I don't have (and am not to keen on upgrading to) Windows 10.

I looked the malware/virus up and tried to use something called Hitman Pro to get rid of it, but it didn't work.

(I followed all these steps - Remove Genuine Microsoft Software virus (Uninstall Guide))

Anybody have any advice on how to get rid of this?

Thanks in advance...
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.

  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.




warning.gif
Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.



Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.
  • Plug the flashdrive into the infected PC.
  • Click Start and while holding Shift key on your keyboard click Power --> Restart.
Note: It is important that you keep Shift key pressed while doing this or it won't work.
  • Now you should get a window like this where you need to click Troubleshoot.
image149.png

  • In the next window, click Advanced options and select Command Prompt.
  • Now you should log in into your account and after that Command Prompt windo
notepad.png
Access the notepad and identify your USB drive

In the Command Prompt please type in:
Code:
notepad
and press Enter.
  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.
  • Note down the letter and close the notepad.


FRST.gif
Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:
  • Type in e:\frst64.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.
  • When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.
 

Ed Erdelac

New Member
Thread author
Jan 10, 2016
4
Hey there....I'm not sure what you mean click Start after plugging the flashdrive with the Scan Tool into the infected PC....I can't access the Start menu. The screen is locked. Do you mean boot from the flashdrive?
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Yes, you need to Enter recovery mode.


1. Press and hold the power button on your PC until it powers off.

2. Press the power button on your PC to turn it on.

3. Repeat steps 1 and 2 above until you see Please wait during boot like below. Usually it may take repeating up to 3 times. (see screenshot below)

44608d1445785664-advanced-startup-options-boot-windows-10-a-advanced_startup_hard_restart-1.png


4. When displayed, click/tap on See advanced repair options. (see screenshot below)

 

Ed Erdelac

New Member
Thread author
Jan 10, 2016
4
I've powered off and restarted more than twenty times in the last half hour and still haven't seen a Recovery screen. It just goes to the locked screen as usual. Tried taking the battery out too.
 

Ed Erdelac

New Member
Thread author
Jan 10, 2016
4
Yeah I've done that over twenty times. I'm still doing it as I type this. It never goes to any recovery screen. Just boots up normally and right to the lock screen.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
In that case you're not doing something good. When you power on your PC and you get to Windows logo with rotating circle, you should press and hold the power button. When you start your PC next time you should be presented with advanced repair options. At least it is the case on my Windows 10 notebook.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top