A Friend and His Virus

14 replies
  • |
A friend of mine let his virus protection software subscription expire, and was not using a free AVG. He clicked on a screen, and everything locked up.

Fortunately he had the foresight to use his iPhone to take a photo of his screen, and emailed that photo to me from his iPhone. This photo file has never been in his computer, it is clean.

He doesn't view porn. The message want him to send them money to unlock his computer. Oh sure, they will unlock it! Not.

I put the photo on a site here Untitled Document

Anybody know what virus it is? All he gets now is a BSOD.

  • Profile picture of the author Dan Riffle

    Google the following without quotes:

    mandiant usa cyber security


    Here's a link to read about the scareware:

    Raising a child is akin to knowing you're getting fired in 18 years and having to train your replacement without actively sabotaging them.

    {{ DiscussionBoard.errors[8376932].message }}
  • Profile picture of the author USA
    It's called the Mandiant U.S.A Cyber Security Ransomware Virus.

    As the previous warrior posted, tell your friend to do a search on Google.

    Both TrendMicro dot com, and Panda Security have effective online removal tools that would remove it, but it sounds like your friend already lost Internet connectivity.

    I run Unix and GNU/Linux variants on my machines so I am immune to these types of security threats.

    I have several pieces of software that can be booted live from a CD or DVD that actually load an OS into RAM that could then access and cleanup the target computer, but they require a degree of technical expertise to operate. This technique can also quarantine suspect files and recover critical data so a complete format in re-installation can be done, if necessary.

    I am not very familiar with this particular threat, but I have been successful in removing numerous viruses on Windows boxes in the past by rebooting into Safe Mode either with networking or the command prompt enabled, then mounting and running a Windows rescue disk and restoring the OS to a point in time that pre-dates the trouble. However, this would not work with certain types of viruses due to registry alterations.

    It would be difficult walking somebody through this operation remotely. I hope this information is of assistance to you and your friend.
    {{ DiscussionBoard.errors[8377044].message }}
  • Profile picture of the author travlinguy
    This is easy to fix, at least in Chrome it is.

    Have your friend shut everything down except his browser. Then have him unplug the computer. When he reboots Chrome will come with a message that says something like: Your last browsing session closed suddenly. Do you want to restore that session? Tell him to click NO.

    The browser will then open to the tabs of the previous complete session. In other words, whatever tabs were open at the start of the previous session will return. Anything new, like the scumwear site won't open.
    {{ DiscussionBoard.errors[8377096].message }}
    • Profile picture of the author LynnM
      Couple of friends have had that too, but claiming to be from a UK regional police department. A few variants have been going around Europe for quite some time.
      {{ DiscussionBoard.errors[8377509].message }}
    • Profile picture of the author Robert Michael
      when my mother-in-law had this happen to her computer, it did this when you turned the computer on.

      it won't let you in to windows at all.

      the photo appears to be the exact same one she had, so i'm fairly certain its not a browser issue.

      she didn't care about any of the files on hers when it happened, so i just wiped all partitions & installed windows again.

      good luck getting it fixed for him tho!
      {{ DiscussionBoard.errors[8377514].message }}
  • Profile picture of the author HeySal
    When my niece's computer got hit, I was able to go in and download the software I needed to get rid of the virus through the other user's partition. I couldn't even get into safemode on the admin user. I wouldn't ever get rid of a partition again for that reason.

    Worth a shot at it. If you can't download in safemode - email the program to them and retrieve it from safemode, if there's no alternative user partition to go in through .........

    And I might be using the word "partition" wrong. Not a techie, but I think you get the drift of what I'm saying anyhow.

    When the Roads and Paths end, learn to guide yourself through the wilderness
    Beyond the Path

    {{ DiscussionBoard.errors[8378034].message }}
  • Profile picture of the author KimW
    Not enough info. What operating system does he have installed?

    Read A Post.
    Subscribe to a Newsletter

    {{ DiscussionBoard.errors[8378135].message }}
  • Profile picture of the author SashaLee
    Hi there,

    Regardless of the operating system installed, he can download a BOOT CD called Trinity which will allow him to :

    1. boot his compute from the CD
    2. Run an anti-virus on his main drive from the CD.

    He/she can look on YouTube for numerous tutorials on how to do this...

    All the best,

    {{ DiscussionBoard.errors[8378147].message }}
  • I tried many antiviruses each have some disadvantageous...
    {{ DiscussionBoard.errors[8379288].message }}
  • Profile picture of the author Lelando
    Have you tried booting into safe mode with command prompt?
    press f8 when computer is starting up then select boot into safe mode with command prompt.
    at the cmd screen type explorer.exe and click no when the dialog box and click yes when the dialog pops up.Install malwarebytes and do a proper. if you dont come right maybe I can help via skype or something.
    This will blow your mind! learn how to make money online while building your email list at the same time!
    It's Free!!!!
    {{ DiscussionBoard.errors[8379445].message }}
  • Profile picture of the author Don Schenk
    Thanks, Lelando, but he can't even get into his computer to install malwearbytes. I will try your other suggestions tomorrow when I have time to go to his home and visit with his computer.

    {{ DiscussionBoard.errors[8379474].message }}
  • Profile picture of the author Lelando
    if you get into safe mode with command prompt hen type msconfig. go to the general tab and select the radio button next to diagnosting startup. this will disable all startup services. reboot the computer and try install a antivirus you can use to remove whatevers on the computer. go into msconfig again and change it back to normal startup and reboot. If all else fails try a system restore
    This will blow your mind! learn how to make money online while building your email list at the same time!
    It's Free!!!!
    {{ DiscussionBoard.errors[8381025].message }}

Trending Topics