Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ransomware RSA-2048 removal on Acer Aspire V5


  • Please log in to reply

#1
dreadpiratedazza

dreadpiratedazza

    Member

  • Member
  • PipPip
  • 40 posts

Hi, I'm trying to sort out my girlfriend's laptop. She couldn't get access to the internet or to her files and hadn't been updating her windows or her firewall, so it was totally vulnerable. Installed on the desktop were two files, both the same entitled "Help! Your Files!". They informed her that her files has been encrypted with RSA-2048 and that a ransom needed to be paid. The email address started with "xoomx".

 

So I changed the bootup settings with a view to removing the ransomware, so the laptop went into safe mode. However, after I did this and rebooted the computer and went to put the pin in on the opening screen it wouldn't let me in. The pin had then been changed. So at the moment I can't get access to the computer at all. So the first hurdle is to get past the opening screen.

 

The windows version is 8 and it is an Acer Aspire V5-132P laptop. At the moment I have no other details for the laptop as it is unfamiliar to me.

 

Many thanks


  • 0

Advertisements


#2
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,857 posts
Hi dreadpiratedazza,

I do apologize for the delay. Do you still need help?

If so...

Are you sure the OS is 8 and not 8.1?
Do you have access to a clean computer to download and transfer files and a blank USB drive of at least 4GB storage?
  • 0

#3
dreadpiratedazza

dreadpiratedazza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Hi, yes still need help. I do have a blank USB drive.. Not sure what version it is though. How can I tell if its win 8 or 8.1?

thanks


  • 0

#4
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,857 posts
Hi dreadpiratedazza,

After asking around a bit, I think we could go with the 8.1 version... I will post the instructions at the end of this reply, then I will be sending you the link for the W8.1 RE.iso in a private message. The site has limited bandwidth for downloads and I prefer not to post it on the public forum...

In regards to the following:

So I changed the bootup settings with a view to removing the ransomware, so the laptop went into safe mode. However, after I did this and rebooted the computer and went to put the pin in on the opening screen it wouldn't let me in. The pin had then been changed. So at the moment I can't get access to the computer at all. So the first hurdle is to get past the opening screen.

Was a local admin account created or is there only the Microsoft acct?

Instructions to create bootable USB drive. I am pretty sure the system is 64-bit, so follow those instructions:

Download the following three programs to your desktop and create bootable USB as follows:

1. Rufus

For 64bit systems
2. W8.1 RE.iso ... I will PM the download link
3. Farbar Recovery Scan Tool x64

Insert the USB stick Then run Rufus

Select the ISO file on the desktop via the ISO icon.

Press Start Burn

Then copy FRST to the same USB

Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this.
Click repair my computer

Select your operating system

Select Command prompt

At the command prompt type the following :

notepad

Press Enter. The notepad opens.
Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.

In the command window type e:\frst64.exe or e:\frst.exe dependant on system and press Enter

Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.
When the tool opens click Yes to disclaimer.

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • 0

#5
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,857 posts
Hi dreadpiratedazza,

Afterthoughts....

You can try enabling the built-in administrator account by following the instructions in the link below:

Offline enable the Windows 8 built-in administrator account

The first method might be easiest.

Honorable mention: Many thanks to SleepyDude for his guidance.
  • 0

#6
dreadpiratedazza

dreadpiratedazza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Hi DonnaB,

sorry for not replying sooner, lots of work on. Don't give up on me! I will start going through all your advice. Thanks


  • 0

#7
dreadpiratedazza

dreadpiratedazza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

"Select the ISO file on the desktop via the ISO icon."

 

​I've downloaded all three files. Ive run Rufus, but I'm not sure what you mean by this instruction "via the ISO icon". I have an icon on the desktop, do I just run it?


  • 0

#8
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,857 posts
Hi dreadpiratedazza,

I am sorry for the delay. Work has me overwhelmed also
 

but I'm not sure what you mean by this instruction "via the ISO icon".

I got stuck on that instruction the first time I played around with Rufus as well.. You will need to open Rufus to find the icon in question. See image below:

Rufus iso.JPG

I have outlined the icon (and drop down field) in green. The version of the .iso file, if done correctly, will display at the bottom left of the Rufus window as shown in the image above.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP