LMAO, now that is funny sorry bungs. poor attempt from that guy to get your money . as long as your spouce liked the picture and you format the pc you should be good

thats funny bungz

you better cover up that webcam lmao

I've never seen anything this pervasive... can't boot to safe mode.
and bios won't even let me boot from CD or USB.

BUT... physically removing the drive, plugging it into anther PC and giving her the full fisted format sure did the job.

Bungz, you're having quite the run of bad luck lately man! Glad you got this one worked out!

What A/V is running on that machine?

No anti virus can stop that Ransom ware.
The new wave of it is pretty nasty.

That sucks Bung, damn these nasty viruses

Ah gosh. Boot kit / ransom ware.

I've dealt with many of these Bungz. If you're having a hard time getting rid of it feel free to PM me i'll give you some tricks and tools to get rid of it.

Alternatively , if you don't care about losing data secure erase the drive. It'll be okay.

Cheers man.

(my bad I just saw you wiped the drive.)

Also , after fresh install / restore go ahead and either install MSE "Microsoft Security Essentials" Or Ad-Aware Free

Both of these are free and work nicely for every day users *cough cough* ..women.

ya, for some reason I had a 2010 version of Avast - so basically no A/V
I suspect this was another of those trojans attached to a fake adobe flash update.
Since I rarely use the lappy... I don't really care for it too well.

I am curious Neo what else you would have tried other than format.

To remove this particular ransomware?
I've removed it by secure format.
I bypassed the activation with a flash website redirect (that has since been addressed by the original creator of this virus.)

Alternate (and simpler) methods
Rescue Disk via USB boot
Boot to safe mode (if you can re-worked version of this virus again...they might have changed the hook technique)
And remove it from msconfig + registry

Perhaps if this is your wifes or companions laptop and they don't do much actual important work on it you could opt to 'deep freeze' it.
Back in my highschool days when I was working the school network they used a program called deep freeze which would essentially do just that.
Anything you download / install would disappear upon reboot. You can set the date time of your choice So if you have email and the most recent windows updates and a good AV with latest def.
freeze it from that point , drop whatever files you want to keep onto an external or network attached storage solution.


Honestly , the best solution for you is probably just a clean install with latest updates , install Ad-aware free.
The phishing and hook techniques for Trojans and viruses today are very sophisticated.

From my end I understand the workings of javascript which is the most commonly used today to infect unsuspecting victims.

As you mentioned most of the time you get a pop up that says either "Java needs to be updated!" or "Flash needs to be updated click here to do that right now" and boom its all downhill from there.

Sometimes it even happens to me when im browsing tech websites , you get a flash banner that loads all by itself. BOOM! 2kb Trojan downloader wants to install.

So as you can see there's many ways that a single virus can 'defend' itself against 'attack' (removal)

That's why sometimes when you see a virus database you have 'variants'

Its essentially the same virus you started out with only with added code to become a little more sophisticated.

ie: complicate the users life and do everything to self replicate or deliver payload as intended - In this case make the person at the PC go get their wallet send them REAL money and get the credit card information and eventually steal that victims personal identity and so on...

That said , welcome to what I do for a living hahaha.

Virus removal and everything in between. Care to join me?

*laughs*

ok... thanks! good to know the Pro.

Saw this thread too late, but FWIW:

Those that may encounter this issue you can do as what bungwirez did. Instead of formatting (if you have important data on your HDD), plug it into another PC and run a virus scan (make sure you update pattern files prior to the scan). It will pick up 1 or 2 (cannot remember the names) of the offending exe's and remove them. Once that is done, you can plug it back into your desktop/laptop and boot up into safe mode and perform a restore.

Restore your PC to a known date that it was still functioning from the list. Once that is complete, you can boot up back into normal mode and move all your important data. At this point you can actually use the desktop without any issues as the hooks will be removed and the virus non-functioning. BUT if you really want to have assurance then format the HDD once you've removed your important files off of it.

Cheers