Ransomware hijacked boot menu, F8

geoB

New Member
Messages
13
I'm trying to help a friend whose system was hijacked - he believed them when they said they were from MS tech support.

I've already run Norton's Boot Recovery Tool & Kaspersky Rescue Disk tools to no avail. Kasperksy File Manager showed there is a recovery partition on the hard drive if I can get at it. I've built a Windows 8.1 installation DVD in the hopes that will get me to the recovery options.

I'm wondering if maybe there's a way to simply recover the boot menu & F8 without having to go the whole recovery route. Is there?
 

My Computer

System One

  • OS
    Win10Pro
    Computer type
    PC/Desktop
Do a search for "Removal of RansomWare". There is info at forums.majorgeeks.com and others.

Do not use the Bleeping Computer link. it is just a bunch of forum posts of people fighting back and forth.
 

My Computer

System One

  • OS
    Linux Mint 17.2
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satellite C850D-st3nx1
    CPU
    AMD E1-1200 APU with Radeon (tm) HD Graphics 1.40 GHZ
    Memory
    12GB
    Graphics Card(s)
    AMD Radeon™ HD 7310 Graphics
    Sound Card
    Realtek HD
    Monitor(s) Displays
    LCD
    Screen Resolution
    1366 x 768
    Hard Drives
    Crucial M500 240GB SSD
    Mouse
    Logitech M525
    Internet Speed
    45/6 - ATT U-Verse
    Browser
    Google Chrome
    Antivirus
    None needed. It is Linux.
    Other Info
    Arris NVG589 Gateway; Router - Cisco RV320; Switch - Netgear GS108 8-Port Switch & Trendnet TEG-S50g 5-Port Switch; Access Points - Engenius ECB350, Trendnet TEW-638APB; NAS - Lenovo ix2-4; Printer - Brother HL-2280DW; Air Print Server - Lantronix XPrintServer

    A/V UPS - Tripp-Lite Smart 1500LCD 1500 Va/900 W.
Thanks for the reply. I'd already done a bunch of Google on randomware but was not familiar with majorgeeks. Am I missing something or does it have a search ability somewhere I've not yet found?
 

My Computer

System One

  • OS
    Win10Pro
    Computer type
    PC/Desktop

My Computer

System One

  • OS
    8.1x64PWMC Ubuntu14.04x64 MintMate17x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Brewed
    CPU
    I7 4970K OC'ed @4.7 GHz
    Motherboard
    MSI-Z97
    Memory
    16 GB G-Skill Trident X @2400MHZ
    Graphics Card(s)
    NVIDIA GeForce GTS 450
    Sound Card
    X-Fi Titanium Fatal1ty Professional Series
    Monitor(s) Displays
    Dual HP-W2408
    Screen Resolution
    1920X1200
    Hard Drives
    256 GB M2 sm951, (2) 500GB 850EVO, 5TB, 2 TB Seagate
    PSU
    Antec 850W
    Case
    Antec 1200
    Cooling
    Danger Den H20
    Keyboard
    Logitech
    Mouse
    Logitech Performance Mouse MX
    Internet Speed
    35/12mbps
    Browser
    Firefox
Thanks to all who have replied.

I was able to get part of the way back by booting to downloaded installation media and performing a system recovery. The system was stuck in Safe Mode, though. It also reported no Internet access even though it was available. Windows updates would run only to be removed because the couldn't be installed.

I poked at that issue for some time before running a Refresh. Fortunately the activation status was not corrupted so no license key was required. [That was good news because my friend couldn't find it and it wasn't on his two year-old Dell box.]

I was able to get a list of his installed programs using a Powershell command so he's now got a list of instructions. I'll give him is system back once he's learned how to do backups!
 

My Computer

System One

  • OS
    Win10Pro
    Computer type
    PC/Desktop
Back
Top