This machine was given to him by a friend without disks. He's not computer savvy whatsoever and he's just a "consumption" user. I believe he was using Chrome, but I don't know which version. I'm sure it wasn't updated. I don't think it would've mattered what browser he was using. Nothing was updated, not even the 3rd party AV. This machine was like an open sore inviting viruses in! There was IE8 on it, of course, but eventually upgraded that to IE9.
Once I rid it of this ransomware virus (thank the lucky stars there were good restore points), the machine ran as slow as molasses in the Artic Circle. Vista + 3rd party AV + 1GB RAM = S.L.O.W. LOL! I don't know how this man used this machine as long as he did! Either he hasn't used a good one before, doesn't know how fast a machine can run, or he has patience of a saint!
When I opened Programs and Features to uninstall the AV I couldn't believe what I saw! 3 (Yes, three!) AVs and about 40 other programs! I sat there with him and went through the list uninstalling those he didn't use. About 30/35 of them. Rebooted when needed. Ran CHKDSK during one. I downloaded CCleaner and ran the temp cleaner and registry repair. I upgraded IE, downloaded MSE, and ran a scan. Performed a DeFrag. Installed SP1/SP2/updates. The machine ran much, much faster.
I advised him that he should look into upgrading and max to 2GB RAM and if possible to Windows 7 or 8. I also suggested he find cleaner sites to surf.
About a solution if no Safe Mode > The article stated:
I looked on the Symantec site, but cannot find a link to their support? Anyone know?Victims shouldn't pay the fine, Harrison said, but they should know that various software tools — including free tools available at Symantec — can rid their machines of the virus.
Microsoft has Windows Defender Offline. Not sure if it will remove it:
What is Windows Defender Offline?
More on the subject:
Ransomware removal | What is Ransomware | Microsoft Security
Which has a link to here:
Like Hopachi stated, this thing is quite sophisticated. It may take a lot to remove it.
My daughter had this happen to her laptop, with vista as the os. Malwarebytes pro was useless. Hitman pro free edition took care of it.
Plus, for my lappy I feel a bit better with Norton than with MSE since the lappy is more prone to attacks. I like MSE, but when you're in school and sharing thumb drives all over the place, well...
Anyway I'm sure Symantec like all the others will find a way to handle this latest threat... for now
100% effective way to get rid of it: Works EVERY TIME. About 20 mins max and Job Done.
Wipe the disk and restore from a CLEAN backup image with a BOOTABLE stand alone backup / restore program like acronis.
Use Partition Magic (bootable) or similar to wipe the disk --don't use any AV software for cleansing -these can never be 100% guaranteed to be effective and the computer is already infected. Don't do the disk re-format / partitioning from within Windows itself as it's already infected so how would you be sure windows was working properly.
If you haven't got a backup -- "Tough Ladies Accoutrements... " Serves you right so learn for next time.
Forget Symantec -- It's as about as USELESS in the AV field as GARTNER is in forcasting computer developments. Anyway on Windows 8 you DON'T NEED ANY 3rd party AV - the built in Windows defender is just as effective as ANY of the other ones and if you do install a 3rd party AV software the Ms version stops working and in any case things like Symantec and McAfee (we know it as McAWFUL) are just RESOURCE HOGS.
It's true, always have a backup because the OS is not made of steel and the user's mistakes cannot be predicted by the system.If you haven't got a backup -- "Tough Ladies Accoutrements... " Serves you right so learn for next time.
I'm a computer tech and with all viruses we remove the hard drive and slave it to antother machine. We then scan the hard drive with a variety of antivirus and malware scanners. Once done we put it back int he machien and again run scans which generally then pickup the various registry entries.