Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

arestocrat fbi malware - no control (no safe mode, no bios, no boot)


  • Please log in to reply

#1
lookupagain

lookupagain

    New Member

  • Member
  • Pip
  • 6 posts
Hello,

I got infected by a virus that I think is the Arestocrat ransom virus.

If I turn my computer on, a warning shows that I am subject to FBI reporting. It says I have to pay 300 usd. how clever.

I did a search and I would be following the posts I have found but I have no access to BIOS prompt nor safe mode. What to do?

Thanks.
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts
Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Make sure your infected PC is disconnected from the internet. Take out the ethernet cable or turn off you modem.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]
  • 0

#3
lookupagain

lookupagain

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Sorry but I can't access bios by hitting del or fxn8

And I don't have a recovery disc but I don't think it would booot from cd drive bc I remember I had the hdd as the primary boot secotr in bios...

Please help
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Sorry but I can't access bios by hitting del or fxn8


Is that because you don't know which key you should be hitting at boot up or is it some other reason?

Computers differ on which key or combination of keys you need to press at boot up to enter bios.

At boot up look for an on-screen message that says something like:

--'Press F1 to enter setup'

--'BIOS settings: Esc'

--'Setup = Del'

--'System configuration: F2'

If you don't catch it the first time, try again.

Your computer's documentation may also tell you which key to press.
  • 0

#5
lookupagain

lookupagain

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Good morning

I was able to access the bios screen by hitting f8 in the past.

I think I may have left out an important piece of information.
While booting, no image was shown on my monitor. It was only after the sequence got upto win7log in screen then the monitor showed something.
i would see the desktop w icons for a couple seconds and then the hijack screen would show up....

I think no output signal was given to the monitor since the monitors signal light blinks w a standby light during the boot seq.

update this morning: I just tried starting my computer and there is nothing on my monitor. There is nothing I can see even after more than five minutes of leaving the comp on... usually it only takes less thhan thirty sec.

I feel like I am completely stumped. Is there no way
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts
Here are my thoughts.

Firstly, are you sure that f8 is the one to get to your bios? What brand and model of computer do you have?

Actually come to think of it, not much point if you can't even start the process of booting.

It seems strange to me that you can't boot up at all... more than the infection going on to cause that. Makes me think the hard drive has failed.

There are other things we can try but they involve being able to boot from the CD drive.

If you cannot boot from the from a CD or usb port then I am afraid it's time to take the machine to your computer shop.
  • 0

#7
lookupagain

lookupagain

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello,

I bought the computer on Newegg. specs are as below.

Brand
CyberpowerPC
Model
Gamer Xtreme 1030
Type
Gaming & Entertainment
Processor
Intel Core i5 750(2.66GHz)
Processor Main Features
64 bit Quad-Core Processor
Memory
4GB (2x2GB) DDR3 1333
Hard Drive
500GB SATA-II 3.0Gb/s 7200RPM HDD
Optical Drive 1
24X DVD±R/±RW Dual Layer Drive
Graphics
NVIDIA GeForce 9500GT 1GB PCI Express Video Card
Audio
Sound card - Integrated
Ethernet
Gigabit LAN
Power Supply
700W
Keyboard
Xtreme Gear USB Keyboard
Mouse
Xtreme Gear USB Mouse
Operating System
Windows 7 Home Premium 64-bit
Special Features
Raidmax Hurricane Gaming Case

Motherboard
Chipset
Intel P55

CPU
CPU Type
Intel Core i5
Installed Qty
1
CPU Speed
750(2.66GHz)
L3 Cache Per CPU
8MB
CPU Socket Type
LGA 1156
CPU Main Features
64 bit Quad-Core Processor

Graphics
GPU/VPU Type
NVIDIA GeForce 9500 GT
Graphics Interface
PCI Express 2.0 x16

Memory
Memory Capacity
4GB DDR3
Memory Speed
DDR3 1333
Form Factor
DIMM 240-pin
Memory Spec
2GB x 2
Memory Slot (Total)
4
Memory Slot (Available)
2
Maximum Memory Supported
16GB

Hard Drive
HDD Capacity
500GB
HDD Interface
SATA II
HDD RPM
7200rpm

Optical Drive
Optical Drive Type
DVD±RW
Optical Drive Spec
24X DVD±R/±RW Dual Layer Drive

Audio
Audio Chipset
Integrated

Communications
LAN Chipset
Integrated
LAN Speed
10/100/1000Mbps

I guess it's not normal to not be able to see anything on the display while booting... I've always been able to see the whole boot process and then the windows 7 login screen until this happened.

Should I detach the hard drive and connect it to a second desktop and then run a virus scan on it?

Thanks.
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts
I have to go out for an hour or two.

I will check in when I get back. :)
  • 0

#9
lookupagain

lookupagain

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks so much.

I just have a personal question to ask you. It seems like the internet is full of good people, willing to do things for total strangers with no actual benefit. What motivates you to help random people, good sir?

Talk to you soon.
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts
Sorry about that, had to take my wife for an eye checkup. :)

Now I think with your system the most likely way to enter bios is by hitting delete. With a very fast system I am told that sometimes you have to hold it down once startup begins to ensure you get in.

It seems like the internet is full of good people, willing to do things for total strangers with no actual benefit. What motivates you to help random people, good sir?


Interesting question, I read an article recently in the Economist about a study into why people do altruistic things i.e. without any apparent benefit. The researchers were trying to see why evolution had let this come about. No definitive results I think but there did seem to be a benefit to mankind which indirectly was a benefit to the helper.

For my part, I have just been brought up to help others where I can and I enjoy doing it.

Turning to your machine.

Perhaps you could try once more to see if you can enter bios by pressing delete as you start the computer. Once you can boot from the CD we have a number of options but if it doesn't work I am really going to tell you that it's time to take it to the repair shop.
  • 0

#11
lookupagain

lookupagain

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello!

Hope your wife is okay!

I will return this favor to another person in need. I believe in karma so sometimes when i do good things, it is actually in hopes for something good to happen to me. becuase of this i have this jaded idea that altruism isn't really altruism....

anyways!

For some reason the video card was messed up and wasn't sending any signals to the monitor during bootup (this is why i couldn't see any bootup sequence. btw del is the key for bios). i took out my video card and reinserted it to the moboard.

I started the computer again and it went into system recovery. i hit recovery and restarted it. win7 is now operating but just for safe measures, i will run malwarebyte's most latest version while being offline.

i read somewhere that system recovery isn't really safe for this fbi virus so do you think i should take any other measures?

thanks!

sincerely,
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

so do you think i should take any other measures?


Yes, we should run some tools to see if we can remove the infection. While we are doing this please don't run any programs without telling me. Otherwise we might make what we are doing less effective or even a waste of time.

Firstly

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP