Ransomware?


  1. Posts : 86
    Windows 7 Ultimate 64bit & Windows XP Pro (Dual Boot)
       #1

    Ransomware?


    Hi All,
    A friend of mine recently had an online experience where he was browsing and a screen popped-up telling him he had been downloading blahblahblah, demanding $300 , locking his computer, he thinks. He is a bit of a novice on-line and I first thought he had some ransom malware or virus. He said that it locked his browser and couldn't shut down his computer. When he brought it over, I turned it on and was expecting to see a blocked computer screen but it booted normally into Windows. He is using Windows Firewall, AVG Free and Malwarebytes Free for security and Windows Updates are current. I ran AVG scan and it showed no infections, ran MBAM and all it showed was the Ask Bar, which I allowed it to remove. Then ran AVG and MBAM in Safe Mode. AVG scan in safe mode showed 92 infections? and MBAM showed nothing. I then ran TDSS Killer, Hitman Pro and Kaspersky Rescue Disk 10 and AVG and MBAM several times in normal and safe mode. Nothing seems to show up except when I run AVG in safe mode, or maybe I don't understand the report (please see attached).
    Sorry for the lengthy post, but any help to make sure his machine is clean would be greatly appreciated.
    Ransomware? Attached Files
      My Computer


  2. Posts : 1,449
    Windows 7 ultimate 64-bit
       #2

    Sounds like in addition to having some infections found by avg; I would also download, install, and run superantispyware from the following link and let it scan for spyware:

    SUPERAntiSpyware - Downloading File
      My Computer


  3. Posts : 2,470
    Windows 7 Home Premium
       #3

    Frogpond51,

    Can't claim to be a fan of AVG, but, did you request an additional scan to report locked files?
    If this option got inadvertently set, see if you can uncheck it.

    It is my understanding these files cannot be infected by usual viruses because they are locked and cannot be modified by other processes.

    If there is a pressing need to scan these files, and I do not see any, consider using a program where the operating system will not be running, and files will not be locked.
      My Computer


  4. Posts : 1,261
    Windows 7 Professional X64
       #4

    Frogpond51 said:
    Hi All,
    A friend of mine recently had an online experience where he was browsing and a screen popped-up telling him he had been downloading blahblahblah, demanding $300 , locking his computer, he thinks. He is a bit of a novice on-line and I first thought he had some ransom malware or virus. He said that it locked his browser and couldn't shut down his computer. When he brought it over, I turned it on and was expecting to see a blocked computer screen but it booted normally into Windows. He is using Windows Firewall, AVG Free and Malwarebytes Free for security and Windows Updates are current. I ran AVG scan and it showed no infections, ran MBAM and all it showed was the Ask Bar, which I allowed it to remove. Then ran AVG and MBAM in Safe Mode. AVG scan in safe mode showed 92 infections? and MBAM showed nothing. I then ran TDSS Killer, Hitman Pro and Kaspersky Rescue Disk 10 and AVG and MBAM several times in normal and safe mode. Nothing seems to show up except when I run AVG in safe mode, or maybe I don't understand the report (please see attached).
    Sorry for the lengthy post, but any help to make sure his machine is clean would be greatly appreciated.
    If you see any of these pages that say "FBI warning" or the like, just open task manager and click stop process.
      My Computer


  5. Posts : 86
    Windows 7 Ultimate 64bit & Windows XP Pro (Dual Boot)
    Thread Starter
       #5

    Hi,

    Thank you matts6887, cottonball, and PSCO2007 for responding to my post!

    To: matts6887 about the (infections) AVG is reporting, I guess I'm not certain, considering the "wonky" way AVG reports this with the command line scanner in safe mode, as cottonball is pointing out that they may be "locked files" in the operating system. I will definitely look into the SuperAntiSpyware prog you recommended. Thanks!

    To: cottonball thank you for pointing out those "reported" infections being locked system files. GeezLouise! can't they be a little more clear in the report, instead of marking all the locked files as "infections"? I'm inserting a screenshot of the AVG command line safe mode scanner settings. Maybe you can see something I did wrong.
    I also unchecked 'Scan Alternate Data Streams (NTSF only)' and 'Scan active processes' in seperate scans and got similar results with all the locked files stuff.

    To: PSCO2007 thanks for your response, ya, that was the first place I looked after running AVG and MBAM when I first fired up the machine. It didn't show anything other than the normal processes when Windows is running. hmmmm. Makes me wonder, does this machine have a problem or not? Also checked his browsers for toolbars running all the above and didn't find anything.

    I guess I would like to make sure his machine is "Really" clean before I upgrade MBAM to the premium edition for some real time online protection and make a backup image for him.

    Thanks to all who responded, all suggestions and input is greatly appreciated.
    Attached Thumbnails Attached Thumbnails Ransomware?-avg-safemode.png  
      My Computer


  6. Posts : 1,261
    Windows 7 Professional X64
       #6

    Frogpond51 said:
    Hi,

    Thank you matts6887, cottonball, and PSCO2007 for responding to my post!

    To: matts6887 about the (infections) AVG is reporting, I guess I'm not certain, considering the "wonky" way AVG reports this with the command line scanner in safe mode, as cottonball is pointing out that they may be "locked files" in the operating system. I will definitely look into the SuperAntiSpyware prog you recommended. Thanks!

    To: cottonball thank you for pointing out those "reported" infections being locked system files. GeezLouise! can't they be a little more clear in the report, instead of marking all the locked files as "infections"? I'm inserting a screenshot of the AVG command line safe mode scanner settings. Maybe you can see something I did wrong.
    I also unchecked 'Scan Alternate Data Streams (NTSF only)' and 'Scan active processes' in seperate scans and got similar results with all the locked files stuff.

    To: PSCO2007 thanks for your response, ya, that was the first place I looked after running AVG and MBAM when I first fired up the machine. It didn't show anything other than the normal processes when Windows is running. hmmmm. Makes me wonder, does this machine have a problem or not? Also checked his browsers for toolbars running all the above and didn't find anything.

    I guess I would like to make sure his machine is "Really" clean before I upgrade MBAM to the premium edition for some real time online protection and make a backup image for him.

    Thanks to all who responded, all suggestions and input is greatly appreciated.
    To: PSCO2007 thanks for your response, ya, that was the first place I looked
    Whenever I get those messages, I open Task Mgr and Applications - that's where you will see it (F.B.I. warning or similar)

    Stop the process and run your usual scans.
      My Computer


  7. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #7

    I like this option from PSCO2007 post #6

    Whenever I get those messages, I open Task Mgr and Applications - that's where you will see it (F.B.I. warning or similar)

    Stop the process and run your usual scans.
    Ticking on the ransomware any place including the (X) in the upper right corner could download and install the ransomware.

    The bad guys can program that (X) to do anything.

    You can also shut down the computer with the power button and hope the ramsomware didn't have time to download. Remember the crooks are smart crooks.

    Then start your computer again and run your several scans.

    Hopefully you caught it in time.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:33.
Find Us