New
#1
New variant of Ransom Hijack causing me problems
The crooks are always trying to better themselves. Just after reading about ransom hijacks on PCMag I got infected Sat morning at 5:47 AM. I knew it for a fake almost right away as it declared Polizei Cybercrime Div. etc. and as I am in Canada, it should have read "Police".
Anyway, forced shutdown my computer and unplugged it from the internet. Went into Safe Mode but found the only version that allowed a boot was Command Line. Anything with network caused and immediate shutdown and reboot. Fortunately I have an iPad and Win7 laptop which I'm working on now. I loaded Spyhunter and Hijackthis via a USB stick and did various manual searches.. Nothing turned up an virus although before any of that I'd already found in C:\users\myname\ an index.html file that was the popup message saying I had committed a crime and needed to pay $100. Also I found a file named 1854122.exe that had that date and time signature identical to the html file. I deleted and shredded it, and moved the html to another drive for inspection. This and various other attempts resolved nothing.
In normal boot all appears fine until the splash screen shows then gets covered up by a complete whilte image and then the Polizei notice appears. Can't do anything past that aside from shutting down via C-A-D. After plugging into internet again the html file reappeared but I can't find and EXE file that is suspicious.
Obviously there was some other hidden stuff I missed initailly. I need to understand how they are generating this all white image that covers my desktop. If I press the power button briefly the image blinks and I can see my full desktop in behind, but that forces a shutdown instead of the normal 5 second hold.
It appears they have overwritten my personalization settings so I am trying to look into that now. HAS ANYONE AN ANSWER TO THIS VARIANT, as all the remedies I seen or tried don't seem to fit.
Many thanks