Previous in Forum: Save Data from PIC Microcontroller to a TXT File   Next in Forum: Automatically Emailing Documents from an IP Address
Close
Close
Close
30 comments
Power-User
United States - Member - New Member Safety - Hazmat - New Member

Join Date: Apr 2012
Location: in the desert near ground zero
Posts: 207
Good Answers: 7

Ransomware/Malware

01/14/2013 5:38 PM

I recently read about ransomware. The idea is to lock somebodys computer and demand money to unlock. Last night my freind was going through news articles on reddit.com when his computer locked up and a message came on the screen with an "FBI" logo saying he had to pay $400 to unlock his computer or he would be charged with a crime.

Now we know the FBI does not do this type of thing. So my question(s) are 1; How can we unlock his computer? and 2; is there any way to backtrack the signal to find who is responsible for this?

__________________
Dont squat with your spurs on, and always drink upstream from the herd.
Register to Reply
Pathfinder Tags: ransomware
User-tagged by 1 user
Interested in this topic? By joining CR4 you can "subscribe" to
this discussion and receive notification when new comments are added.

Comments rated to be Good Answers:

These comments received enough positive ratings to make them "good answers".

Comments rated to be "almost" Good Answers:

Check out these comments that don't yet have enough votes to be "official" good answers and, if you agree with them, rate them!
Guru

Join Date: Feb 2011
Posts: 7025
Good Answers: 206
#1

Re: Ransomware/Malware

01/14/2013 5:49 PM

stop porn surfing and you wont have these little problems

Register to Reply Off Topic (Score 6)
Power-User
United States - Member - New Member Safety - Hazmat - New Member

Join Date: Apr 2012
Location: in the desert near ground zero
Posts: 207
Good Answers: 7
#3
In reply to #1

Re: Ransomware/Malware

01/14/2013 5:57 PM

I think its obvious my computer is not locked up. If my freind was porn surfing thats his business, not mine. I am trying to get information to help him fight this attack. Anything constructive to say?

__________________
Dont squat with your spurs on, and always drink upstream from the herd.
Register to Reply Off Topic (Score 4)
Guru

Join Date: Dec 2010
Posts: 1895
Good Answers: 44
#13
In reply to #3

Re: Ransomware/Malware

01/15/2013 1:02 PM

Fred's statement is actually very helpful. Based on user experience which is easily determined by a judiciuos use of Google, porn sites are by far and away the leading method of malicious computer crimes.

Your "friend's" hi-jacked computer is a classic case.

Your lascivious tag line indicates you wouldn't be too offended by remarks of this nature.

Register to Reply Score 1 for Off Topic
Power-User
United States - Member - New Member Safety - Hazmat - New Member

Join Date: Apr 2012
Location: in the desert near ground zero
Posts: 207
Good Answers: 7
#15
In reply to #13

Re: Ransomware/Malware

01/15/2013 9:05 PM

I guess to you his remarks would seem helpful, however, my freinds internet use is really no business of mine. Also, the fact that such sites are used to distribute malware etc. is common knowledge so I see no point in trying to embarass my freind with such comments. He and I are both free, white, and over 21, and I believe in "to each his own". Maybe you like to poke fun at people you deem to be below your personal standards, or publicly embarrass people with your remarks, but I dont use this site for that. I just wanted constructive information, and will leave the name calling and the judgement calls to others. Thank you

__________________
Dont squat with your spurs on, and always drink upstream from the herd.
Register to Reply Score 1 for Off Topic
Guru

Join Date: Dec 2010
Posts: 1895
Good Answers: 44
#12
In reply to #1

Re: Ransomware/Malware

01/15/2013 12:58 PM

Ha ha ha!

You know it!

Register to Reply Off Topic (Score 6)
Power-User

Join Date: Jul 2007
Posts: 454
Good Answers: 24
#25
In reply to #1

Re: Ransomware/Malware

01/16/2013 4:07 PM

My 90 year old brother in law got nailed by ransomware. it masqueraded as a AOL program to speed up your computer. We ended up having to reformat the hard drive and reinstall the OS. Didn't lose much, as it was a new computer.

Register to Reply Off Topic (Score 5)
14
Guru

Join Date: Mar 2007
Location: by the beach in Florida
Posts: 31856
Good Answers: 1751
#2

Re: Ransomware/Malware

01/14/2013 5:56 PM

"First, Try rebooting and pressing F8. If Safe mode is unblocked (you can boot into it), then run msconfig application and disable all startup entries. Reboot normally and you should not see "Your computer has been locked" warning. Scan with Spyhunter and other anti-malware programs."

"There are other versions of this trojan, that block safe modes. The best way to get rid of these versions of the scam is using alternate scanners if you can't boot your PC on Safe Mode or Safe Mode with networking. However, if you are disabled, remove 'Your computer has been locked' with a help of these steps:

  1. Take another PC that has an Internet connection.
  2. Download Combofix.
  3. Transfer it to your USB flash drive/ memory stick.
  4. Reboot PC infected with Royal Canadian Mounted Police ransomware, press F8 just after reboot
  5. Choose safe mode with command prompt
  6. Launch anti-malware programs from your USB drive
  7. Reboot, update your regular antivirus, scan with it and with Spyhunter, Spyware Doctor, Malwarebytes Anti-Malware or other tools that can remove additional infections."

http://www.2-viruses.com/your-computer-has-been-locked-ransomware

FBI ransomware removal...

http://www.squidoo.com/fbi-ransomware

__________________
All living things seek to control their own destiny....this is the purpose of life
Register to Reply Good Answer (Score 14)
Power-User
United States - Member - New Member Safety - Hazmat - New Member

Join Date: Apr 2012
Location: in the desert near ground zero
Posts: 207
Good Answers: 7
#4
In reply to #2

Re: Ransomware/Malware

01/14/2013 6:01 PM

Thanks, I appreciate the help. Will start right away. Thanks again.

__________________
Dont squat with your spurs on, and always drink upstream from the herd.
Register to Reply
2
Guru

Join Date: Mar 2007
Location: by the beach in Florida
Posts: 31856
Good Answers: 1751
#5
In reply to #4

Re: Ransomware/Malware

01/14/2013 6:03 PM

That'll be $50.00....lol

__________________
All living things seek to control their own destiny....this is the purpose of life
Register to Reply Good Answer (Score 2)
Guru

Join Date: Mar 2012
Posts: 2189
Good Answers: 84
#8
In reply to #2

Re: Ransomware/Malware

01/14/2013 7:51 PM

GA my eye!

How do we know your reply isn't a forgery??? Huh, Mr. Bird? And those links you posted? How come you know so much about 'em, huh??? You ain't foolin' me. I mighta been born yesterday, but it sure wasn't late last night! For shame, tryin' t' herd us all down that Garden Path o' yourn, cracking that whip until we all collapse in a heap, exhausted and spent and desperate with nowhere to go, and fork over our credit cards. You are a raptor, after all. (actually, I wish you would steal my identity while yore at it, cuz that means you'd get all my bills, too! hehe)

Great job on those FBI webpages, btw. GIMP, or a pirated copy of PhotoSlop?

Register to Reply
Guru

Join Date: Mar 2012
Posts: 2189
Good Answers: 84
#10
In reply to #8

Re: Ransomware/Malware

01/15/2013 2:52 AM

Well, then I'll just consider that OT given me by some anonymous sourpuss as the cost of giving S.E. that GA. I'd give 'im another if I could. Nice post, SunBird.

Register to Reply Score 2 for Off Topic
Guru
Popular Science - Weaponology - New Member Fans of Old Computers - PDP 11 - New Member Technical Fields - Architecture - New Member Hobbies - HAM Radio - New Member

Join Date: Oct 2009
Location: Maine, USA
Posts: 2168
Good Answers: 70
#27
In reply to #2

Re: Ransomware/Malware

01/16/2013 5:49 PM

Combofix is great, I used it in a similar manner today to get rid of a "redirect virus" on my wife's system.

__________________
Tom - "Hoping my ship will come in before the dock rots!"
Register to Reply
Power-User
Hobbies - Musician - New Member Technical Fields - Technical Writing - New Member

Join Date: May 2010
Location: Upstate NY
Posts: 278
Good Answers: 5
#6

Re: Ransomware/Malware

01/14/2013 6:15 PM

GA SolarEagle,

I had a scammer call me and try to sell a program to remove a so called virus from our computer for 150 bucks. They claimed to be Microsoft. They actually gave us a number to reach them at. When I called Microsoft to check up on them, they had received several calls about this type of scam. Some people have way too much time on their hands.

__________________
LakeGrl
Register to Reply
Guru

Join Date: Mar 2007
Location: by the beach in Florida
Posts: 31856
Good Answers: 1751
#7
In reply to #6

Re: Ransomware/Malware

01/14/2013 6:39 PM

Amen brother sister....

There are many more, all fake...

__________________
All living things seek to control their own destiny....this is the purpose of life
Register to Reply
Power-User
United States - Member - New Member Safety - Hazmat - New Member

Join Date: Apr 2012
Location: in the desert near ground zero
Posts: 207
Good Answers: 7
#9
In reply to #7

Re: Ransomware/Malware

01/15/2013 1:12 AM

The third example is similar, however, we all know the FBI does not go around locking peoples computers and demanding money. What bothers me is the fact that some people must be falling for the scam. Why else would it be so widespread? I keep thinking "what next?" My freind is working on the problem now, will inform you all of the results. Thanks again for the help.

__________________
Dont squat with your spurs on, and always drink upstream from the herd.
Register to Reply
Guru
Hobbies - Fishing - New Member

Join Date: Jun 2008
Location: Raleigh, NC USA
Posts: 13529
Good Answers: 467
#11

Re: Ransomware/Malware

01/15/2013 7:35 AM

I picked one of these things up a while back.

Starting in safe mode, and going back to an earlier restore point got rid of it.

Ran an antimalware program afterwards, just to make sure.

__________________
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Ben Franklin
Register to Reply Score 1 for Good Answer
Power-User
United States - Member - New Member Safety - Hazmat - New Member

Join Date: Apr 2012
Location: in the desert near ground zero
Posts: 207
Good Answers: 7
#14

Re: Ransomware/Malware

01/15/2013 8:54 PM

Problem solved, thank you all, especially solar eagle.

__________________
Dont squat with your spurs on, and always drink upstream from the herd.
Register to Reply Score 1 for Good Answer
Power-User

Join Date: Sep 2011
Posts: 163
Good Answers: 1
#16

Re: Ransomware/Malware

01/16/2013 12:16 AM

Something I always do to help prevent things like this from getting into my machine (besides having an anti-virus program of some kind running), is to never click anything on a strange page or message I don't expect. Even if there is a button that says cancel or close. I only try and use the close button (the x) at the top right of the browser. If that doesn't close the window or causes a pop-up (which it often does), I use CTRL + ALT + DEL to close any browser windows in the task manager. I've even run into a few items that tried to stop you from doing that. Of course this is all running windows.

And all I have to say to those posters in the early replies is: boy is my wrist tired from all that x clicking

Register to Reply
Power-User

Join Date: Oct 2012
Location: Wherever my motorcycle has taken me!
Posts: 384
Good Answers: 24
#21
In reply to #16

Re: Ransomware/Malware

01/16/2013 11:10 AM

You follow some of the same safety steps I use. Additionally, any time I suspect something might have gotten into my computer, I press and hold the power button till the computer does a hard shutdown. Some malicious things that get into computers rely on the "saving" part of a normal shutdown to fully infect the system.

__________________
Common sense is an oxymoron and the world is full of morons. (I am not one of them)!!!
Register to Reply
Commentator

Join Date: Apr 2012
Location: Kansas City, Missouri
Posts: 97
Good Answers: 3
#26
In reply to #21

Re: Ransomware/Malware

01/16/2013 5:43 PM

If your computer is acpi compliant then it does the save with a power button shut down. Same as start/shutdown. It is ALWAYS best to NOT shutdown when a virus or other malware is suspected. Set your anitvirus program to do a boot time scan, and any other anti-malware as well. If possible clean out all cookies and temp internet files. Try to run a cleaner like Advanced System Care immediately. Then reboot for the boot time pre windows scan. Sometimes just taking out a few key parts of the virus will make it unable to rebuild itself. But in many cases it is just best to remove the drive, replace it with a new one, reinstall windows, attach the original drive as a slave, virus/malware scan it, grab what data you might want, then hard format the original drive. A wise computer owner/operator always stores data on a secondary drive leaving the primary "C" drive to the programming only. Then when the OS gets messed up, just format "C", reinstall windows (or whatever OS you use) and all your data remains on "E" or whatever the secondary hard drive is called. Yes some virus mess with all the drives and sometimes even entire networks, but that is rare for the stuff guys are talking about here.

__________________
My shoes are too tight, but it doesn't matter because I have forgotten how to dance.
Register to Reply
Power-User

Join Date: Oct 2012
Location: Wherever my motorcycle has taken me!
Posts: 384
Good Answers: 24
#28
In reply to #26

Re: Ransomware/Malware

01/16/2013 5:57 PM

Most computers can be manually set to do what you want when you press the power button while the system is on. Pressing and holding the power button for about 5 seconds is the equivalent of unplugging it, and in the case of a laptop, also removing the battery.

__________________
Common sense is an oxymoron and the world is full of morons. (I am not one of them)!!!
Register to Reply
Guru

Join Date: Jun 2007
Posts: 719
Good Answers: 25
#17

Re: Ransomware/Malware

01/16/2013 3:33 AM

The easier ones to spot (malicious links) usually show you the intended target site.

Hovering over the written "www.xyz.com" can actually read (in the window footer)

www.realnastysite.ru (or such) Simply, a totally different name to the one proposed.

This I find is a real give away.

(if they cannot write the truth in the link name, what more is on offer?)

Hope this helps.

jt.

Sorry, no jokes. (banned by the management.)

Register to Reply
Participant

Join Date: Nov 2012
Posts: 1
#18

Re: Ransomware/Malware

01/16/2013 5:00 AM

Hey,

You may also boot off of a CD such as The Trinity Rescue Kit or similar, and run a full scan of your hard-drives, sorry, friend's hard-drives. Depending on the number of objects, this may take up to a few hours.

This kind of nastiness comes in various flavors. The one your "friend" got is probably a gentle one: on several occasions have I seen the malware not only looking the machine up, but also encrypting most of the Office and Image files on the computer.

And please tell your "friend" not to skimp on a good AV protection. That's usually the only line of defense non tech-savvy people have on their machines.

J.

__________________
Jean Gobin, CCNA, CCNA Security
Register to Reply
Commentator

Join Date: Apr 2012
Location: Kansas City, Missouri
Posts: 97
Good Answers: 3
#19

Re: Ransomware/Malware

01/16/2013 6:00 AM

Ok guys I have repaired countless computers for so many different types of virus, malware, browser hijacks etc. I will tell you NO software anti-virus or malware blocker is 100%. But what has been near 100% effective is Sandboxie's Sandbox program. You run your browser or any other program in "the sandbox". This is now a fully isolated section within your system that does not allow any code within the box to access anything outside the box. Your virus pops up, tries to do it's thing to your operating system, but is stuck in the box. Then simply click on the "delete contents" of the sandbox and all the malicious code is wiped away. If you are downloading data, you will be prompted to allow the file out of the box and into open memory. If you want to see video or audio files, they too will run within the box. Running a viral keygen? Run it in the box and copy the key, delete the box and move on. And though the porn comments are quite true, the worst virus I have ever seen was infecting computers from the CNN online newsite page. Another bad one was the hacked into the Disney site. So to be fair, it's everywhere. So far no one has broken the Sandbox to my knowledge, but I'm sure they will. But for now it's the best defense we common folk have.

__________________
My shoes are too tight, but it doesn't matter because I have forgotten how to dance.
Register to Reply
Power-User
Fans of Old Computers - PDP 11 - New Member

Join Date: Mar 2007
Location: In a mushroom field somewhere in Canada. Kept in the dark and fed sh--, well you know.
Posts: 312
#20

Re: Ransomware/Malware

01/16/2013 8:50 AM

Since these randsom ware screens are using the FBI logo, you would think the FBI cybercrimes unit would be all over this. What do our friends in the States think about this statement?

__________________
Dirt is for vegetables. Pavement is for racing.
Register to Reply
Guru

Join Date: Sep 2008
Posts: 692
Good Answers: 28
#22
In reply to #20

Re: Ransomware/Malware

01/16/2013 12:44 PM

They probably already know since the FBI probably surfs the porn sites more than the rest of us.

I use SpyBot along with Norton. Had that same phone call about being a Microsoft Consultant and that my computer was sending Microsoft all kinds of error messages. His link was to some outfit that sold programs to "clean up" your registry and remove trojans. Could hardly understand the guy. The phone number he gave I Googled and it was a Microsoft number in Denver, Co. Got him off the line and never called the number. Figured if it was a real problem let Microsoft call me back only with someone who spoke decent English (or American). Ran a Full Scan and Spybot and only found a few tracking cookies.

__________________
Spinco
Register to Reply
Power-User
Fans of Old Computers - PDP 11 - New Member

Join Date: Mar 2007
Location: In a mushroom field somewhere in Canada. Kept in the dark and fed sh--, well you know.
Posts: 312
#23
In reply to #22

Re: Ransomware/Malware

01/16/2013 12:59 PM

Thanks for the heads up Spinco. I'll watch out for that.

UFG

__________________
Dirt is for vegetables. Pavement is for racing.
Register to Reply
Associate

Join Date: Sep 2012
Posts: 27
#24

Re: Ransomware/Malware

01/16/2013 2:29 PM

I've got a chrome laptop with google OS . The blurb claims that it can't be affected by stuff like that because everything is ' out there ' , so there is nowhere for nasties to hide and infect my stuff . Is that 100% correct , or no ?

Register to Reply
Power-User

Join Date: Sep 2011
Posts: 163
Good Answers: 1
#30
In reply to #24

Re: Ransomware/Malware

01/17/2013 3:22 AM

I would think that if the browser can store cookies, you'd face some kind of trouble.

Register to Reply
Associate

Join Date: Dec 2011
Posts: 27
Good Answers: 4
#29

Re: Ransomware/Malware

01/16/2013 6:39 PM

Adding to the lore:

I once had a nasty hooked into the Windows logon chain: would refresh itself from the Net.

After deleting it, I had to reboot while not connected to the net.

Register to Reply
Register to Reply 30 comments
Interested in this topic? By joining CR4 you can "subscribe" to
this discussion and receive notification when new comments are added.

Comments rated to be Good Answers:

These comments received enough positive ratings to make them "good answers".

Comments rated to be "almost" Good Answers:

Check out these comments that don't yet have enough votes to be "official" good answers and, if you agree with them, rate them!
Copy to Clipboard

Users who posted comments:

cuba_pete (2); esbuck (1); europium (2); Fredski (1); halfb1t (1); jfgobin (1); jt (1); kramarat (1); LakeGrl (1); OldTooly (2); snatr (2); SolarEagle (3); spaceracer (5); Spinco (1); Tom_Consulting (1); tomstephens (1); unclefastguy (2); wmerryall (2)

Previous in Forum: Save Data from PIC Microcontroller to a TXT File   Next in Forum: Automatically Emailing Documents from an IP Address

Advertisement