Computer Ransomware

[shutterfire]

Well this is a new one for me. My wife was on the computer last night and generally surfing the net. I ran to the convenience store. When I got home she sat frustrated in front of the computer not knowing what to do. She told me that she was pulling up stuff on the new exhibit at the ft worth zoo so that we could take the niece and nephew when they came to visit. She clicked on the wrong site tried to click out but it was one of those opposite click things. Any way now her screen is green and there is a notice that a program has been downloaded and it violates EU law but for $400 dollars it will dismiss a potential law suit. Her screen is totally locked. It will not leave this screen. I can get into the computer under my user name. I ran the virus scanner again it detected this program as a virus but could not quarantine it. Now how the Heck do you fix this one?

[dryicerx]

sounds like a variant of the 'green av' (just a guess) First of all don't pay... that threat is just silly.

Try logging in as her... while you have the shift key held down, this should stop any of the regular startup programs during logging in. Try the Anti virus program again and hopefully it can clean it up. Else...

Ctrl+alt+del and find a running process with any suspicious names... (when you find a process by that name, remember that exactly). After you killed the process, do a search on your disk for that exact filename... when you find it, delete it. Also install this Mike Lin's Home Page run it and disable anything that rings a bell with that filename of what you just deleted.

If not, can you post the exact message it gives you. Did you try fully restarting the computer?

[shutterfire]

When I do a Ctr alt del reboot it goes back to the green screen and is locked. so can I find it from my user window?

[dryicerx]

You said your virus scanner detected it as a virus... but couldn't quarantine it. What's it's name?
(should have been the first thing I should have asked)

[texkam]

-Warning, unexpert help ahead -
If you can get into the computer can you just uninstall the program?
Will a system restore solve this?
Good luck!

For general surfing needs we have an older computer that I installed Linux on along with the Firefox browser and the Adblock Plus add-on. Knock on wood, no problems.

[shutterfire]

I will have to look when I get home. Im not sure. I came up to the office to research it so I can fix it.

[David Whatley]

Go to Malwarebytes and install this anti malware program. ITs free, and dont pay any attention to all the other junk CNET wants you to try. Try running in safe mode if you have to. That should solve your problem

[CtrlAltDel]

Quote:

Originally Posted by David Whatley

Go to Malwarebytes and install this anti malware program. ITs free, and dont pay any attention to all the other junk CNET wants you to try. Try running in safe mode if you have to. That should solve your problem

I second David's suggestion. If you can log in under your account, download malwarebytes, make sure and update it. Then run it...but change the default to run a COMPLETE scan.

Also knowing what anti virus program you have and what virus it detected would be of great help. Good Luck.

[DSL_PWR]

Start computer in Safe mode with networking
Go to Malwarebytes, download install and run.
Go to Combofix, download install and run.
Go to Superantispyware, download install and run.
Go to Spy-Bot, download, install and run.
Go to CCleaner, download, install and run.

Defrag, clean disk.
Find the any registry files that are left that don't belong, wipe them out.

Restart and you should be good.

If combofix fails, your hard drive is shot.

Don't do anything I just said above, do what Rich said below.

[Rson]

I can fix it. PM me.

You have to boot to safe, clean it and clean it from the system restore.

You said that you can boot to your user.....how about take her pics, music etc to a new user. Save the trouble running all the cleaning programs.

I can tell you how to do it, but it is a PIA.

Safe bets for software: HijackThis and Malware bytes. I wouldn't do anything else.

I think the screen you see is an overwrite of your desktop. Basically the program told your computer to use the green as the desktop.

[Coogie]

I don't trust any spyware removal tools anymore. I had a somewhat innocent looking spyware that would hi-jack my google searches and running some of the mentioned programs- Malwarebytes, etc. and got my computer back to normal....so i thought. A couple of days later I tried to log into our work's bank account from firefox and after putting in my log-in information, it took me to a "verification" page.

For a brief second i thought maybe there was a deleted cookie and the bank thought I had a different computer (my personal bank detects changed IP addresses) and the address above WAS actually from the bank, but as soon as i saw the information it was asking for - name, ssn, mother's maiden name, etc. I knew something was very wrong so i called the bank and in 30 seconds they shut down every single account we had.

At that point I disconnected my laptop from the internet, backed up my data, and reformatted the hard drive. If you have recovery disks or the Windows DVD, I suggest you do the same...it will get rid of the junkware you've accumulated over time as well.

[SJHester]

MalwareBytes is the way to go, my wife and daugher have both gotten this (several times each) and every time I can clean it with MalwareBytes and then I blacklist the site in my router so they cant go there anymore.

[Imagebuffet]

After you get this straightened out, make sure that you do regular system restore points on your computer. That was the only way that I was able to kill a trojan that I picked up from boston.com.

[texascbx]

Mcafee has a program called Mcafee stinger that will get rid of it.

McAfee Threat Center

[shutterfire]

After 2 days got it straightened out. Thanks to all the help of fellow TPFers . Updated anti virus clean sweep x 2, it was an av virus, that disguised its self in windows movie maker.