White screen

[VistaKing]

Hi Vistaking

Let me explain to you regarding ransomwares.Ransomware hooks entries in multiple locations.Winlogon and Run keys.Fixing both the keys using recovery console method will fail and user will just have a white screen because the ransomware is active.

If the user can't get into save mode the programs you're mentioning is useless .

Wrong.How did user try the system restore or access MSCONFIG in his previous steps?

Safemode with command prompt gives us a command window.Flash drive can be accessed and any security tools can be used to scan our system without launching the explorer window.

Safemode with command prompt or FRST are best way to fix it.Launching registry in recovery console is time consuming.

Shawn you don't have to explain anything for me. Trust me I know what I am doing. I am not going to argue with you. The reason why she or he isn't allowed to get on to explorer.exe is cause the virus is starting it from when the PC starts up. IF you go to the registry and change the shell from what is on there to explorer.exe he or she will be able to get into safe mode and safe mode with networking. You have a matter of seconds until the virus loads up.

For a user to get to his flash drive he or she would have to know the drive letter of his flash drive.

That is why when I had the user do bcdedit | find "osdevice" it pointed to D .

 

[shawn77]

For a user to get to his flash drive he or she would have to know the drive letter of his flash drive.

User is able to boot into safemode w/command prompt.From command prompt,type notepad and hit the Enter key.

Press File>>Open and you can see flash drive letter.Simple right?

 

[VistaKing]

You could do that or you could use DISKPART . Then type list volume

 

[marsmimar]

Instead of squabbling over who's solution is the best, why not try to work together to solve the OP's problem? Just sayin' . . .

 

[VistaKing]

Mars. That is what is why I said I don't want to argue. Main focus is to get the user working again.

 

[cottonball]

Helping PattieO is the priority!!

However, PattieO has not been here for more than 20 hours, and by now, is probably totally confused.
There is no need for this, even this old dog got confused.

PattieO can boot to Safe Mode with Networking, as seen on Post #22. HitmanPro was suggested, and already run, but, apparently, it did not finish the job.

Boot up the system from USB a flash drive loaded with HitmanPro.KickStart, and bypass the ransomware!

KickStart recognizes files and Registry keys belonging to this ransomware.
There is no need to do this manually.

When finished with KickStart, RogueKiller can be used to remove any remnants, resolve DNS issues, etc.

>>Got instructions ready to roll if PattieO wishes to go this route.<<

Emsisoft can also be used, but, IMO HitmanPro.KickStart is "the kicker".

 

[VistaKing]

Cottonball ,

That is what I was trying to do . Is help the user NOT to argue about things .

 

[cottonball]

...help the user NOT to argue about things

I really think that is what we have meant to do, VistaKing.

Just sort of took on an occassional bump on the road...

Let's just hope PattieO has not written us off as a good source of help...

 

[VistaKing]

Lets get :focus: and help the user out . That is why we are here

 

[Jacee]

She may have left the building with all this squabble ... :shock:

My "input" was to flush the DNS cache and restore MS's Hosts file, so she could possibly get back online in safe mode with networking.

 

[cottonball]

Jacee,

...could possibly get back online in safe mode with networking.

Looks as if SM w/Networking was used in Post #22.

So, the Advanced Boot Options menu did come up, and could be used.

When your post came up, thought you were trying to get some of the possible garbage out of the way.

Either way......whatever works.

 

[VistaKing]

PattieO …

   Note

Backup your flash drive cause it will be wiped doing the steps below

Create a HitmanPro Kickstart USB flash drive, on a “clean” (non-infected) computer, download HitmanPro from the below link.


Download

( you should already have that )

Insert your USB flash drive into your computer (clean non infected) and launch the HitmanPro program .

Inside the program, click on the flying kick icon . Once you see your flash drive icon inside the program click on it and click on the Install Kickstart button ( this will wipe the flash drive ) click Yes to continue .

Once you're done remove the flash drive using the Safely Remove Hardware inside the systray next to the time on the right hand side . (Icon is a USB cord with a green circle with a white checkmark) .

Plug the USB drive to the infected computer and restart the PC . While the PC is starting up press F12 and choose USB device

Scan the computer with HITMAN and delete anything it finds and remove the USB drive and restart the PC .

 

[cottonball]

Hmmmm....

The Download above is for HitmanPro_x64.exe

Don't see where the User has mentioned whether the system is 32-bit or 64-bit, though...

If PattieO does not come back, for whoever uses this info in the future, might be best to Edit and add the 32-bit .exe

 

[VistaKing]

Hi Cottonball

That is the one she said she downloaded it.

She downloaded the FRST64 version so I presume she has x64 bit OS

Here

 

[cottonball]

My bad!!!!

 

[cottonball]

Disregard, wrong topic.