Windows 8 and 8.1 Forums

Ransomware hijacked boot menu, F8

  1. #1

    Posts : 13

    Ransomware hijacked boot menu, F8

    I'm trying to help a friend whose system was hijacked - he believed them when they said they were from MS tech support.

    I've already run Norton's Boot Recovery Tool & Kaspersky Rescue Disk tools to no avail. Kasperksy File Manager showed there is a recovery partition on the hard drive if I can get at it. I've built a Windows 8.1 installation DVD in the hopes that will get me to the recovery options.

    I'm wondering if maybe there's a way to simply recover the boot menu & F8 without having to go the whole recovery route. Is there?

      My System SpecsSystem Spec

  2. #2

    Central IL
    Posts : 3,468
    Linux Mint 17.2

    Do a search for "Removal of RansomWare". There is info at and others.

    Do not use the Bleeping Computer link. it is just a bunch of forum posts of people fighting back and forth.
      My System SpecsSystem Spec

  3. #3

    Posts : 13

    Thanks for the reply. I'd already done a bunch of Google on randomware but was not familiar with majorgeeks. Am I missing something or does it have a search ability somewhere I've not yet found?
      My System SpecsSystem Spec

  4. #4

    San Jose - California
    Posts : 2,846
    8.1x64PWMC Ubuntu14.04x64 MintMate17x64

    If you wish, you can try:
    1. Download: Linux Mint 17.2 "Rafaela" - MATE (64-bit) - Linux Mint
    2. Use: Rufus - Create bootable USB to create a bootable
    3. Boot up the PC with the USB.
    4. Navigate to: C:\Windows\System32\config\RegBack. All the files under this folder are the backup registry files.
    5. Copy them back to: C:\Windows\System32\config
    6. Remove the USB then reboot
      My System SpecsSystem Spec

  5. #5

    Posts : 13

    Thanks to all who have replied.

    I was able to get part of the way back by booting to downloaded installation media and performing a system recovery. The system was stuck in Safe Mode, though. It also reported no Internet access even though it was available. Windows updates would run only to be removed because the couldn't be installed.

    I poked at that issue for some time before running a Refresh. Fortunately the activation status was not corrupted so no license key was required. [That was good news because my friend couldn't find it and it wasn't on his two year-old Dell box.]

    I was able to get a list of his installed programs using a Powershell command so he's now got a list of instructions. I'll give him is system back once he's learned how to do backups!
      My System SpecsSystem Spec

Ransomware hijacked boot menu, F8

Similar Threads
Thread Forum
IE proxy is hijacked and can't be changed
IE 11 tells me that my IE proxy is set to so i can't browse websites. And in the internet options, Lan setting , proxy is disabled.... And in the regestry, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer is set to,the most...
Browsers & Mail
How to remove boot menu entry in Boot Manager
Hello guys, I have dual booting Windows with Ubuntu, when I made something wrong to both of them, I had to reinstall both of them but then there are 2 Ubuntu boot option left in Boot Manager, the one with capitalized word is actually not working (it’s boot into Windows instead of Grub). So my...
General Support
Dual boot 7 & 8 how to tell which owns text mode Boot Menu
I've been dual booting both 7 and 8x for years, and both have been reinstalled as upgrade in-place repairs, and as far as 8 is, concerned, upgraded several times. I have always preferred the text mode, legacy boot menus, not least because they do not warm reboot when an OS which is not windows...
Installation & Setup
Email hijacked?
Today, Sunday at 16:00 GMT I received a dozed failed delivery notifications in my inbox. I haven't been using my email. I host a couple of websites with and use EMAP email and Thunderbird. My desktop is secured with AVG and Malwarebytes running all the time and spot scans by other software...
Browsers & Mail
Home Page Hijacked
After doing a recent update to Win 8, my home page on Fire Fox has been hijacked, and I can't get rid of it. I've restored to system to the day prior to when the new page appeared, I've deleted cookies, I've reset the homepage within Fire Fox, I've run Avast and Malwarebyte; it's still there. ...
System Security
Add Boot menu at start for Blue dual boot.
I have installed Blue 8.1 on a separate drive in my system along side 8.0. When I restart the 8.0 boots unless I manually select the 8.1 drive in bios. How can I alter the Boot menu to add the option to boot from either OS?
Installation & Setup

Eight Forums Android App Eight Forums IOS App Follow us on Facebook