Not what you were looking for? Ask our experts!
Reply
Contributor
hopkins
Posts: 36
Registered: ‎07-18-2013

[FIXED] Mandiant USA Cyber Security ransomware

[ Edited ]

Hi all,

 

New here and looking for some help.

 

I picked up the USA Cyber Security ransomware in a laptop running 64 bit  Windows 7 Home Premium. 

 

When I try to start up in Safe Mode with Networking, it appears as if on track to move into Safe Mode but suddenly shuts down and restarts. 

 

The only thing I can get access to is Safe Mode with Command Prompt shich honestly, I dont have much knowledge on.

 

I am hopeful in picking up some help and direction from someone here.

 

In looking at some of the other threads here, I was prompted to read the guidelines.  I am good with them.

 

Thanks in advance.

Hopkins

Bot Obliterator
Quads
Posts: 16,435
Registered: ‎07-21-2008

Re: Mandiant USA Cyber Security ransomware

[Instructions are for the thread starters system only, Not another users system]

 

 

Please Read  http://community.norton.com/t5/Malware-Discussion/Malware-Discussion-Board-Guidelines/td-p/961409

 

This is to make sure the user has seen the Guidelines before starting.  

 

Even other Malware Removal forums state like

 

"you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean."

 

 

Users have to realise these tools used can cause problems anyway, and if instructions are not followed, bigger problems can occur from deleting something that shouldn't be, the program has caused the system to freeze, the program jammed during the restart etc etc.  and so we use instructions to allow the tools to be in the correct location (so we also know) settings given so that items won't be automatically deleted, other programs disabled so things can be done without detection or conflict.

 

When the user follow instructions and things still go a little haywire, and it does happen, it is up to us to sort the extra problem out.

 

Comfirm you have read the guidlines etc. in a reply

 

Quads

Contributor
hopkins
Posts: 36
Registered: ‎07-18-2013

Re: Mandiant USA Cyber Security ransomware

Yes, I have read the guidelines and agree to follow all directions.

Thanks again.

 

Hopkins

Bot Obliterator
Quads
Posts: 16,435
Registered: ‎07-21-2008

Re: Mandiant USA Cyber Security ransomware

Does your system have more than one account you can log into??

 

For instance,

 

Account   kids  is infected

Account   parents loads to desktop, Not afeected by the Ransomware

 

Quads

Contributor
hopkins
Posts: 36
Registered: ‎07-18-2013

Re: Mandiant USA Cyber Security ransomware

Hi,

 

No, unfortunately there is only one account.

Bot Obliterator
Quads
Posts: 16,435
Registered: ‎07-21-2008

Re: Mandiant USA Cyber Security ransomware

You need to have a Flash Drive.

 

Quads

Contributor
hopkins
Posts: 36
Registered: ‎07-18-2013

Re: Mandiant USA Cyber Security ransomware

Hi Quads,

 

Ready to go with a flash drive

 

Hopkins

Bot Obliterator
Quads
Posts: 16,435
Registered: ‎07-21-2008

Re: Mandiant USA Cyber Security ransomware

64 bit  Windows 7 

 

Read Slowly and all of it to make sure you select the correct options below.

 

Please download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/   You need to download the 64 bit version.


Transfer it on to the Flash Drive. Plug the Flash Drive into the infected system

 

Now you have Safe Mode with Command Prompt available,  So there are 2 ways we could do this, one is easier for you then the other but at my end with scripting.

 

Not a Rookt or Bootkit, so lets try this way first.

 

Once you have loaded  Safe Mode with Command Prompt.  in the CMD windows  type

 

explorer.exe    and press enter

 

Does the Taskbar etc. load OK??

 

Quads

 

Contributor
hopkins
Posts: 36
Registered: ‎07-18-2013

Re: Mandiant USA Cyber Security ransomware

Quads,

 

Please help me confirm the correct path to take here prior to doing something silly and idiotic.

 

While I said I was using 64bit W7 and downloaded the 64 bit file as directed, when I booted into safe mode command prompt, the command line shows:

 

c:\windows\system32

 

Does this indicate 32 bit W7 ?

 

If so, my apologies.  I have not initiated any actions whatsoever.  Please direct me.

 

Bot Obliterator
Quads
Posts: 16,435
Registered: ‎07-21-2008

Re: Mandiant USA Cyber Security ransomware

[ Edited ]

Maybe not that is just the path that it has when CMD is run as Administrator.

 

At the end of \system32> type explorer.exe  and then press enter or another way of stating it, In the  Windows Command Prompt  type explorer.exe and then press Enter on your keyboard

 

So it looks like,

 

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

 

C:\Windows\system32>Explorer.exe

 

 

Quads