07-18-2013 08:56 PM - last edited on 07-19-2013 11:51 PM by Quads
New here and looking for some help.
I picked up the USA Cyber Security ransomware in a laptop running 64 bit Windows 7 Home Premium.
When I try to start up in Safe Mode with Networking, it appears as if on track to move into Safe Mode but suddenly shuts down and restarts.
The only thing I can get access to is Safe Mode with Command Prompt shich honestly, I dont have much knowledge on.
I am hopeful in picking up some help and direction from someone here.
In looking at some of the other threads here, I was prompted to read the guidelines. I am good with them.
Thanks in advance.
07-18-2013 09:00 PM
[Instructions are for the thread starters system only, Not another users system]
This is to make sure the user has seen the Guidelines before starting.
Even other Malware Removal forums state like
"you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean."
Users have to realise these tools used can cause problems anyway, and if instructions are not followed, bigger problems can occur from deleting something that shouldn't be, the program has caused the system to freeze, the program jammed during the restart etc etc. and so we use instructions to allow the tools to be in the correct location (so we also know) settings given so that items won't be automatically deleted, other programs disabled so things can be done without detection or conflict.
When the user follow instructions and things still go a little haywire, and it does happen, it is up to us to sort the extra problem out.
Comfirm you have read the guidlines etc. in a reply
07-18-2013 09:26 PM
Does your system have more than one account you can log into??
Account kids is infected
Account parents loads to desktop, Not afeected by the Ransomware
07-19-2013 03:31 PM
64 bit Windows 7
Read Slowly and all of it to make sure you select the correct options below.
Please download http://www.bleepingcomputer.com/download/farbar-re
Transfer it on to the Flash Drive. Plug the Flash Drive into the infected system
Now you have Safe Mode with Command Prompt available, So there are 2 ways we could do this, one is easier for you then the other but at my end with scripting.
Not a Rookt or Bootkit, so lets try this way first.
Once you have loaded Safe Mode with Command Prompt. in the CMD windows type
explorer.exe and press enter
Does the Taskbar etc. load OK??
07-19-2013 03:55 PM
Please help me confirm the correct path to take here prior to doing something silly and idiotic.
While I said I was using 64bit W7 and downloaded the 64 bit file as directed, when I booted into safe mode command prompt, the command line shows:
Does this indicate 32 bit W7 ?
If so, my apologies. I have not initiated any actions whatsoever. Please direct me.
07-19-2013 04:11 PM - edited 07-19-2013 04:17 PM
Maybe not that is just the path that it has when CMD is run as Administrator.
At the end of \system32> type explorer.exe and then press enter or another way of stating it, In the Windows Command Prompt type explorer.exe and then press Enter on your keyboard
So it looks like,
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.