Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

REGSVR32 ERROR ON START UP MODULE FAILED TO LOAD AND INTERNAL HDD CAN&


  • Please log in to reply

#16
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

How bout a pdf? Can't upload the photos

Attached Files


  • 0

Advertisements


#17
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
That was a legitimate file before all this happened?
And do you have any idea when all your trouble started?
A timestamp might give me an idea about which variants had not been released yet.
  • 0

#18
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Yes. It all happened when I left my computer on last fri Jan 30 through sat. And noticed it last sunday. I guess it got infected when I went to YJ. 


Edited by Paopawdecarabao, 03 February 2015 - 02:24 PM.

  • 0

#19
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Do you have any form of backups? If it is a new variant, and that sounds like it will be, there will be no known decrypters available. :(
You could try http://www.shadowexp.../downloads.html

And like I said in my mail. If you have an encrypted and original version of one file, I can see if I can reverse the process for other files, but that really only has a small chance of success.
  • 0

#20
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Do you have any form of backups? If it is a new variant, and that sounds like it will be, there will be no known decrypters available. :(
You could try http://www.shadowexp.../downloads.html

And like I said in my mail. If you have an encrypted and original version of one file, I can see if I can reverse the process for other files, but that really only has a small chance of success.

I will take a look later. But unfortunately there is no way to encrypt it to its original file? I don't have any backups. And wait for a decrypter file? How about if I try Virtual Lab data recovery tool?


  • 0

#21
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Any recovery tool at this moment depends on backups, knowingly placed on your computer or not.
For example you can try : http://windows.micro...sions-files-faq

Decrypting is hard and is usually only successful if the ransomware creators were sloppy or lazy.
So far solutions were presented by various sources to decrypt files encrypted by most, if not all variants.
But I can give you no guarantee that will happen and certainly not how long it will take. It took months in some cases.

Another, not recommended option is to pay the ransom. By doing so, you are financing the next round of ransomware to be developed.
Plus the outcome is rather uncertain. You are dealing with unknown criminals, so why would they keep up their end of the bargain?
Another factor in your case is that we don't even know who to pay.
  • 0

#22
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Regarding that last bit of my post. Can you see if there are any text or html files in your libraries, for example "My Pictures" that you did not put there?
Some ransomwares leave their pay-options behind there. That might tell us something about who we are dealing with.
  • 0

#23
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Regarding that last bit of my post. Can you see if there are any text or html files in your libraries, for example "My Pictures" that you did not put there?
Some ransomwares leave their pay-options behind there. That might tell us something about who we are dealing with.

Thank you for the help. Now I'm worried. I would fine any html or txt files once I get home but as of now my best bet is to use shadow explorer?


Edited by Paopawdecarabao, 03 February 2015 - 02:32 PM.

  • 0

#24
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
If that works, you would get out of this easy.
I don't see many other good options.
As much as I hate to be the bearer of bad news, you are rightfully afraid.
To be honest if something like this happened to me, I would rescue what I could and re-format.
The system has been seriously compromised and I would no longer trust it.
This depends on your use for it of course.
  • 0

#25
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

If that works, you would get out of this easy.
I don't see many other good options.
As much as I hate to be the bearer of bad news, you are rightfully afraid.
To be honest if something like this happened to me, I would rescue what I could and re-format.
The system has been seriously compromised and I would no longer trust it.
This depends on your use for it of course.

If the shadow explorer worked. I would back up the files that has been saved and reformat the whole hdd?


  • 0

Advertisements


#26
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I'm not saying you should. I'm saying I would.
I use my computer for work and I want to be sure it's clean and trustworthy.
  • 0

#27
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

https://curah.micros...tb-locker-virus

 

Is this helpful? found it when googling.


  • 0

#28
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Nothing shows on the drives partition on shadowexplorer


  • 0

#29
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Regarding that last bit of my post. Can you see if there are any text or html files in your libraries, for example "My Pictures" that you did not put there?
Some ransomwares leave their pay-options behind there. That might tell us something about who we are dealing with.

33k5dab.jpg

 

 

Saw this on my malwarebytes log Trojan.ransom.ed is that it? any solution? I'm desperate thank you


  • 0

#30
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
That could be the installer.
In Malwarebytes Anti-Malware click on History > Select Quaraintine > Select the Trojan.Ransom.ED and click on Restore > Confirm Yes
Then find the file, zip it up and mail it to me.
Did you find any .txt or .html files in your Libraries?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP