System locked by a pay me scam

setishock

Wizard of Wires
Messages
10,726
Location
4321
One of my crew let her foster daughter use her laptop for about a year. Now getting it back it is borked up badly. And I mean borked up.

What happened after I got a brick for it, was on bootup it went to a russian site for forex bank and sat there. I tried the control alt delete route and it would not go to the menu screen to pull up the process manager.
I hit the power switch and held it down for a good 10 seconds. Normally any computer would shut off in 4 seconds but this one kept right on going. I unplugged the brick and ejected the battery pack. ( I hate doing that. Rough on the hardware.)
When I booted back up I tapped F8 and it finally started showing the list of items it was loading. When it got to atipcie.exe it froze up. A few seconds later up pops this screen with the US government title and some crap about the FBI. You read the fine text and it's all about going to kiddie porn sites and bullshit like that.
Then at the bottom of all the fine print it says to go buy a greendot card and input the control numbers. After you pay the supposed "fine" it says it will restore normal operations in 1 to 4 hours. BFS!!!
It does this in normal or safe mode. I need you guys to really think hard as to how I can get back in and run combofix off a thumb drive. It has a rootkit scanner/removal tool that I really need to run.
If not I'm going to have to get my employee to snarf up a virgin copy of win7 with a new key. Sucks. She bought the office package online and paid for the POS norton360 that's on it. Boy did norton ever blow this one.
 
Have you tried pulling the drive and scanning it in another computer to see if that will remove enough of the crap so that you can get combofix to run on the lappy?
 
I assume the product key label is worn off? You could try plugging the drive into another computer, then point a key finder at it. I know magic jelly bean allows that, but it makes you pay if it's windows 7 or newer. There's one called belarc advisor that's free, and i've heard good things about it in the past.

EDIT: also, if it's just smudged off, i've heard of people getting it from the manufacturer's tech support people. As long as the service tag/serial number is still intact, this may be a good option.
 
Last edited:
This is what i whould do.

1. Load the UBDW4 and boot from that CD

2.Back up all your data like videos and music.

3.Format the drive 3 times, the last one to be a full long format.

4.Reinstall Windows and drivers

5.Problem Solved
 
I'm surprised no one has mentioned this yet.

Got a spare USB thumb drive? You frequent CF.org of course you do.
Create a easy multiboot drive!

Grab the newest version of YUMI.

Select your drive.
Scroll down the list and pick an antivirus (I recommend AVG).
Click "download the ISO" after clicking the antivirus of your choice.
Select the downloaded ISO, click create.

You can now scan the windows partition with AVG via linux running off the thumb drive. Plug the laptop in via ethernet and you can also update the virus database.
 
I went the YUMI route. Thanks for the tip. It's doing a scan now as I type this and watch Agent Gibbs. I'll let ya'll know how it comes out.
 
No joy there. I formated it using a spare vista disk I have. I'll let it install Vista for now. The gal that owns the lappy is getting 4 copies of win7 from the university she's going to. Student price for win7 home premium, $30 a pop.
 
Must have been a pretty good goof on the kids part haha. I had a case recently I deemed to far gone as well. Luckily I was able to get in and grab the keys though.
 
Personally if I ever get a situation like that where someone non tech savvy has had some hardware for any period of time i'm afraid I will always recommend a complete reboot (format and reinstall windows).

It's the only way to be sure.

The FBI thing may be what's jumping out at you, but there could be god knows what other spyware / malways or viruses on there and believe me all the protection programs in the world won't get rid of all of it once it has been infected.

Clean install is the safest and often the quickest way.
 
Back
Top Bottom