Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Ransomware?

25 Feb 2015   #1
Frogpond51

Windows 7 Ultimate 64bit & Windows XP Pro (Dual Boot)
 
 
Ransomware?

Hi All,
A friend of mine recently had an online experience where he was browsing and a screen popped-up telling him he had been downloading blahblahblah, demanding $300 , locking his computer, he thinks. He is a bit of a novice on-line and I first thought he had some ransom malware or virus. He said that it locked his browser and couldn't shut down his computer. When he brought it over, I turned it on and was expecting to see a blocked computer screen but it booted normally into Windows. He is using Windows Firewall, AVG Free and Malwarebytes Free for security and Windows Updates are current. I ran AVG scan and it showed no infections, ran MBAM and all it showed was the Ask Bar, which I allowed it to remove. Then ran AVG and MBAM in Safe Mode. AVG scan in safe mode showed 92 infections? and MBAM showed nothing. I then ran TDSS Killer, Hitman Pro and Kaspersky Rescue Disk 10 and AVG and MBAM several times in normal and safe mode. Nothing seems to show up except when I run AVG in safe mode, or maybe I don't understand the report (please see attached).
Sorry for the lengthy post, but any help to make sure his machine is clean would be greatly appreciated.




Attached Files
File Type: txt avgrep.txt (10.7 KB, 12 views)
My System SpecsSystem Spec
.
25 Feb 2015   #2
matts6887

Windows 7 ultimate 64-bit
 
 

Sounds like in addition to having some infections found by avg; I would also download, install, and run superantispyware from the following link and let it scan for spyware:

SUPERAntiSpyware - Downloading File
My System SpecsSystem Spec
25 Feb 2015   #3
cottonball

Windows 7 Home Premium
 
 

Frogpond51,

Can't claim to be a fan of AVG, but, did you request an additional scan to report locked files?
If this option got inadvertently set, see if you can uncheck it.

It is my understanding these files cannot be infected by usual viruses because they are locked and cannot be modified by other processes.

If there is a pressing need to scan these files, and I do not see any, consider using a program where the operating system will not be running, and files will not be locked.
My System SpecsSystem Spec
.

26 Feb 2015   #4
PSCO2007

Windows 7 Professional X64
 
 

Quote   Quote: Originally Posted by Frogpond51 View Post
Hi All,
A friend of mine recently had an online experience where he was browsing and a screen popped-up telling him he had been downloading blahblahblah, demanding $300 , locking his computer, he thinks. He is a bit of a novice on-line and I first thought he had some ransom malware or virus. He said that it locked his browser and couldn't shut down his computer. When he brought it over, I turned it on and was expecting to see a blocked computer screen but it booted normally into Windows. He is using Windows Firewall, AVG Free and Malwarebytes Free for security and Windows Updates are current. I ran AVG scan and it showed no infections, ran MBAM and all it showed was the Ask Bar, which I allowed it to remove. Then ran AVG and MBAM in Safe Mode. AVG scan in safe mode showed 92 infections? and MBAM showed nothing. I then ran TDSS Killer, Hitman Pro and Kaspersky Rescue Disk 10 and AVG and MBAM several times in normal and safe mode. Nothing seems to show up except when I run AVG in safe mode, or maybe I don't understand the report (please see attached).
Sorry for the lengthy post, but any help to make sure his machine is clean would be greatly appreciated.
If you see any of these pages that say "FBI warning" or the like, just open task manager and click stop process.
My System SpecsSystem Spec
26 Feb 2015   #5
Frogpond51

Windows 7 Ultimate 64bit & Windows XP Pro (Dual Boot)
 
 

Hi,

Thank you matts6887, cottonball, and PSCO2007 for responding to my post!

To: matts6887 about the (infections) AVG is reporting, I guess I'm not certain, considering the "wonky" way AVG reports this with the command line scanner in safe mode, as cottonball is pointing out that they may be "locked files" in the operating system. I will definitely look into the SuperAntiSpyware prog you recommended. Thanks!

To: cottonball thank you for pointing out those "reported" infections being locked system files. GeezLouise! can't they be a little more clear in the report, instead of marking all the locked files as "infections"? I'm inserting a screenshot of the AVG command line safe mode scanner settings. Maybe you can see something I did wrong.
I also unchecked 'Scan Alternate Data Streams (NTSF only)' and 'Scan active processes' in seperate scans and got similar results with all the locked files stuff.

To: PSCO2007 thanks for your response, ya, that was the first place I looked after running AVG and MBAM when I first fired up the machine. It didn't show anything other than the normal processes when Windows is running. hmmmm. Makes me wonder, does this machine have a problem or not? Also checked his browsers for toolbars running all the above and didn't find anything.

I guess I would like to make sure his machine is "Really" clean before I upgrade MBAM to the premium edition for some real time online protection and make a backup image for him.

Thanks to all who responded, all suggestions and input is greatly appreciated.


Attached Thumbnails
Ransomware?-avg-safemode.png  
My System SpecsSystem Spec
19 Mar 2015   #6
PSCO2007

Windows 7 Professional X64
 
 

Quote   Quote: Originally Posted by Frogpond51 View Post
Hi,

Thank you matts6887, cottonball, and PSCO2007 for responding to my post!

To: matts6887 about the (infections) AVG is reporting, I guess I'm not certain, considering the "wonky" way AVG reports this with the command line scanner in safe mode, as cottonball is pointing out that they may be "locked files" in the operating system. I will definitely look into the SuperAntiSpyware prog you recommended. Thanks!

To: cottonball thank you for pointing out those "reported" infections being locked system files. GeezLouise! can't they be a little more clear in the report, instead of marking all the locked files as "infections"? I'm inserting a screenshot of the AVG command line safe mode scanner settings. Maybe you can see something I did wrong.
I also unchecked 'Scan Alternate Data Streams (NTSF only)' and 'Scan active processes' in seperate scans and got similar results with all the locked files stuff.

To: PSCO2007 thanks for your response, ya, that was the first place I looked after running AVG and MBAM when I first fired up the machine. It didn't show anything other than the normal processes when Windows is running. hmmmm. Makes me wonder, does this machine have a problem or not? Also checked his browsers for toolbars running all the above and didn't find anything.

I guess I would like to make sure his machine is "Really" clean before I upgrade MBAM to the premium edition for some real time online protection and make a backup image for him.

Thanks to all who responded, all suggestions and input is greatly appreciated.
Quote:
To: PSCO2007 thanks for your response, ya, that was the first place I looked
Whenever I get those messages, I open Task Mgr and Applications - that's where you will see it (F.B.I. warning or similar)

Stop the process and run your usual scans.
My System SpecsSystem Spec
20 Mar 2015   #7
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

I like this option from PSCO2007 post #6

Quote:
Whenever I get those messages, I open Task Mgr and Applications - that's where you will see it (F.B.I. warning or similar)

Stop the process and run your usual scans.
Ticking on the ransomware any place including the (X) in the upper right corner could download and install the ransomware.

The bad guys can program that (X) to do anything.

You can also shut down the computer with the power button and hope the ramsomware didn't have time to download. Remember the crooks are smart crooks.

Then start your computer again and run your several scans.

Hopefully you caught it in time.
My System SpecsSystem Spec
Reply

 Ransomware?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Is this a Ransomware webpage not a virus?
http://www.technicalsupport247.org/techsupport4o2/ Link disabled. I keep getting this information on legit sites. I ran MSE, Several Online Scanner nothing found. Malwarebytes found nothing. I even removed MSE and installed AVG, nothing found.
Browsers & Mail
FBI Ransomware
I had the Fbi ransomware a couple of days ago but I did a system restore and ran malwarebytes and it found 1 file so I thought it fixed the problem but today It came back so I did the same thing but I believe its still on my pc somewhere, please help me kill it.
System Security
How to get rid of MoneyPak ransomware infection
My husband's user account has been taken over by the FBI-MoneyPak virus and is currently unusable. The other two accounts on the computer are password-protected (his isn't) and seem OK for now. I ran Windows Security Essentials and Malwarebytes scans from my account and they detected nothing. How...
System Security
help needed ransomware
Firstly hi all.A few nights ago I was stung with the met police operating system locked,screen it looked a it iffy but I still panicked,with being quite a newbie with pc's,not knowing at the time, what it was my first reaction was to do a full,system recovery back to factory settings,it was lucky...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:05.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App