Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 12-05-2012, 08:45 PM   #1
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default System locked by a pay me scam

One of my crew let her foster daughter use her laptop for about a year. Now getting it back it is borked up badly. And I mean borked up.

What happened after I got a brick for it, was on bootup it went to a russian site for forex bank and sat there. I tried the control alt delete route and it would not go to the menu screen to pull up the process manager.
I hit the power switch and held it down for a good 10 seconds. Normally any computer would shut off in 4 seconds but this one kept right on going. I unplugged the brick and ejected the battery pack. ( I hate doing that. Rough on the hardware.)
When I booted back up I tapped F8 and it finally started showing the list of items it was loading. When it got to atipcie.exe it froze up. A few seconds later up pops this screen with the US government title and some crap about the FBI. You read the fine text and it's all about going to kiddie porn sites and bullshit like that.
Then at the bottom of all the fine print it says to go buy a greendot card and input the control numbers. After you pay the supposed "fine" it says it will restore normal operations in 1 to 4 hours. BFS!!!
It does this in normal or safe mode. I need you guys to really think hard as to how I can get back in and run combofix off a thumb drive. It has a rootkit scanner/removal tool that I really need to run.
If not I'm going to have to get my employee to snarf up a virgin copy of win7 with a new key. Sucks. She bought the office package online and paid for the POS norton360 that's on it. Boy did norton ever blow this one.
__________________

setishock is offline   Reply With Quote
Old 12-05-2012, 11:02 PM   #2
Site Team
 
celegorm's Avatar
 
Join Date: Sep 2006
Posts: 10,713
Send a message via AIM to celegorm
Default

Have you tried pulling the drive and scanning it in another computer to see if that will remove enough of the crap so that you can get combofix to run on the lappy?
__________________

__________________
"as a fanboy i refuse to admit it and will pull countless things out of my butt to disprove it"

Team Thelegorm! Total Kills: 21 (i iz in uor profile, editsing your sigz)
celegorm is offline   Reply With Quote
Old 12-06-2012, 02:13 AM   #3
Omnicide now.
 
foothead's Avatar
 
Join Date: May 2009
Location: My own personal hell
Posts: 10,014
Default Re: System locked by a pay me scam

I assume the product key label is worn off? You could try plugging the drive into another computer, then point a key finder at it. I know magic jelly bean allows that, but it makes you pay if it's windows 7 or newer. There's one called belarc advisor that's free, and i've heard good things about it in the past.

EDIT: also, if it's just smudged off, i've heard of people getting it from the manufacturer's tech support people. As long as the service tag/serial number is still intact, this may be a good option.
foothead is offline   Reply With Quote
Old 12-06-2012, 02:31 AM   #4
In Runtime
 
Fujitsu_Technician's Avatar
 
Join Date: Sep 2012
Location: UK
Posts: 284
Default Re: System locked by a pay me scam

Hi assuming you can get to safe mode with command prompt and it does not run then you can run combo fix from there.
Also watch this it tells you how to do it.
Kind Regards
Fujitsu_Technician is offline   Reply With Quote
Old 12-06-2012, 06:21 PM   #5
In Runtime
 
WYSIWUG's Avatar
 
Join Date: Aug 2012
Location: New Zelaland
Posts: 381
Default Re: System locked by a pay me scam

This is what i whould do.

1. Load the UBDW4 and boot from that CD

2.Back up all your data like videos and music.

3.Format the drive 3 times, the last one to be a full long format.

4.Reinstall Windows and drivers

5.Problem Solved
__________________
I hope that the world runs out of oil today so we can build a world free of hate and greed and money. Build one based on love and respect for all forms of life.
WYSIWUG is offline   Reply With Quote
Old 12-06-2012, 07:38 PM   #6
Fully Optimized
 
vampist's Avatar
 
Join Date: Oct 2008
Location: USA
Posts: 2,404
Default Re: System locked by a pay me scam

I'm surprised no one has mentioned this yet.

Got a spare USB thumb drive? You frequent CF.org of course you do.
Create a easy multiboot drive!

Grab the newest version of YUMI.

Select your drive.
Scroll down the list and pick an antivirus (I recommend AVG).
Click "download the ISO" after clicking the antivirus of your choice.
Select the downloaded ISO, click create.

You can now scan the windows partition with AVG via linux running off the thumb drive. Plug the laptop in via ethernet and you can also update the virus database.
__________________
Everyone's Favorite Turd xD
ET: "Phone home!"
Geek: "ping 127.0.0.1"

"If that guy knew half the $h*t that I know, his fuzzy little head would explode. " - Matthew Farrell
vampist is offline   Reply With Quote
Old 12-06-2012, 11:21 PM   #7
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: System locked by a pay me scam

I went the YUMI route. Thanks for the tip. It's doing a scan now as I type this and watch Agent Gibbs. I'll let ya'll know how it comes out.
setishock is offline   Reply With Quote
Old 12-07-2012, 08:37 AM   #8
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: System locked by a pay me scam

No joy there. I formated it using a spare vista disk I have. I'll let it install Vista for now. The gal that owns the lappy is getting 4 copies of win7 from the university she's going to. Student price for win7 home premium, $30 a pop.
setishock is offline   Reply With Quote
Old 12-07-2012, 11:25 AM   #9
Fully Optimized
 
vampist's Avatar
 
Join Date: Oct 2008
Location: USA
Posts: 2,404
Default Re: System locked by a pay me scam

Must have been a pretty good goof on the kids part haha. I had a case recently I deemed to far gone as well. Luckily I was able to get in and grab the keys though.
__________________
Everyone's Favorite Turd xD
ET: "Phone home!"
Geek: "ping 127.0.0.1"

"If that guy knew half the $h*t that I know, his fuzzy little head would explode. " - Matthew Farrell
vampist is offline   Reply With Quote
Old 12-07-2012, 11:35 AM   #10
Fully Optimized
 
ssc456's Avatar
 
Join Date: Jan 2007
Posts: 4,279
Send a message via MSN to ssc456
Default Re: System locked by a pay me scam

Personally if I ever get a situation like that where someone non tech savvy has had some hardware for any period of time i'm afraid I will always recommend a complete reboot (format and reinstall windows).

It's the only way to be sure.

The FBI thing may be what's jumping out at you, but there could be god knows what other spyware / malways or viruses on there and believe me all the protection programs in the world won't get rid of all of it once it has been infected.

Clean install is the safest and often the quickest way.
__________________

__________________
He who has never failed has never attempted anything worth succeeding at.

Dont Eat Animals, Its Not Good For Them And They Dont Like It!
ssc456 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 07:30 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0