>>13969381
Is it the "locked screen" or the "encrypted files" variant?

It's a locked screen. I don't think it's encrypted. How can I tell if it's locked screen or encryption?

I'll write some more info

Win7 ult
Normal startup: a pop-up comes up and blocks everything. I cannot access taskmanager because it is disabled. I can ctrl+alt+del , but nothing useful other than restarting.

Safemode: start up fine. I can run Cmd and other microsoft programs, but I cannot access "Control Panel" and whenever any program other than a microsoft program starts (firefox or something) the pop-up will start again while again disabling task manager (which then I cannot reenable task manager. I forgot to mention I can reenable taskamanager through regedit, but as soon as this virus starts then I'm blocked out again.

>>13969468
Well, if you can access your files (images, videos, documents) then it's no the encryption one.

>>13969489
You see, the encryption one changes all of your stuff. It deletes the original and creates an encrypted copy.

>>13969489
Ok then. What can I do? I cannot start an anti-virus software because the virus pop-up blocks everything if I start a program.

>>13969493
Whatever you do DON'T pay. NEVER pay.

>>13969495
Yeah I haven't thanks. Can you believe my friend actually told me to pay them so I they "might" give me back my computer?

>>13969493

My advice would be to just format everyhting and be smarter next time. It's a learning experience. There is also the fact that there's absolutely nothing you can do now at this point. Even paying doesn't guarantee you anything. Besides, paying just means someone could do the same shit again to you.

>>13969508
Yeah I know I've been complacent. I can only blame myself for this stupid thing.

Yeah reformating is the last resort I'll take. One good thing about this virus is that I can still access my data through safemode so maybe I can save all my stuff on a usb and just reformat everything. But I wanted to see if anybody knows how to fix it before I use my last resort?

>>13969508
Not trying to be an ass, similar shit happened to me.
But at this point whining or looking for solutions are pretty much pointless. That type of ransomware is pretty harsh and you're 99% fucked.

>>13969503
If your friends not computer savvy his answer is quite common. Heard the same thing when it happened to me. But yeah, you never negotiate with criminals, terrorists, lunatics, etc. Since this shit happened online there's absolutely nothing you can do. Sorry man. Learn from it and come out smarter!

>>13969381
I am curious as how you got this?
Porn? Pirate game?
Where the fuck do you even get that from?

>>13969527
Thanks. My friend is actually pretty good with computers and already knew which virus I was talking about before I finished explaining to him so I take his advice with weight.

But it's starting to look like this problem is unsolvable.

>>13969535
probably from pirating a game [spoiler]fallout 4[/spoiler]

>>13969381
if you have a DVD drive, you may be able to mount linux mint via live cd, and then extract your files to a blank external. then you can scan the external, and format the infected drive.

>>13969527
one caveat is the cryptolocker stuff. They actually undo it if you pay, so people in the future will.

>>13969540
Probably? You should look through files and actually see if there's anything that isn't going to cause this situation.
Can you get a screen grab of this?

>>13969525
Well, in my case it was looking for a livestream of a football match...the worst thing about it: I don' even like football.

>>13969540
Type the exact sentences that pop up in google and look for solutions. Maybe there's a chance you can salvage some data. Good luck!

>>13969552
Just no. Never pay, never.

>>13969563
I agree with you, accidentally hit enter button on wrong widow. much easier to just do backups anyway.

>>13969558
god, that sucks. I assume you are running an ad blocker now?

>>13969552
I used to have an usb with linux for situations like this, but I lost it...I'm pretty much doing that right now anyways without linux since it's apparently allowing me to browse. I'm actually not sure what'll happen if I copy these files to my usb.

Wait, will my usb become useless if I copy the files on my corrupted computer unto it? Can I even use my files on another computer if I transfer them unto my usb?

>>13969556
I can take a pic of it with my phone give me a second...

>>13969558
I guess I'm on the same boat. I don't even like fallout 4 lol.

I've tried all the available "support" websites that came up in google. And they all say the same thing. I miss the days when I would find random, unexpected solutions in niche tech forums...

>>13969596
depending on how it is coded, it won't run on linux. It is allowing you to browse, but you do not know what it is doing in the backround. In general, malicious programs target system files, not documents and the like. get 2 usb, one to run linux live, the other to extract info for scanning on a unconnected machine with good antivirus and anti malware

also, anon you can use files on another computer, so long as they are not OS parts (like game saves, pics, and the like)

>>13969576
Backups and everything important (mostly documents and a few pictures with sentimental value) on external drives. Thinking back I don't care about the movies, games, books that I lost. It was mostly the documents and some pictures with family and friends that made me sad. Everything else is downloadable. My mistake for not printing the pictures and saving those documents on different hard drives.

>>13969596
Damn, man. The shit we get into for the ones we like.
Be careful with some of the solutions on google though. I just remembered that some of the programs that you'll come across aren't really helpful and want to charge AFTER the scanning process but BEFORE fixing it.

>>13969596
>I miss the days when I would find random, unexpected solutions in niche tech forums...

Well you'll still find those solutions in the future. It just that this type of ransomware is very specific and absolutely harmful. It's the crazy suicide bomber of the malware family. A money extortion scheme. It's not annoying like a virus, it's 100% criminal.

File: awww shit.jpg (1 MB, 3264x1836) Image search: [Google]

1 MB, 3264x1836

Here's what it looks like.

>>13969641
Paying per PayPal? I thought those criminals usually use Bitcoin.

>>13969646
>>13969641
most likely leads to a fake site, or a stolen account.

that auto format thing makes me think there is a security feature on it that will self nuke if you mess with it.

my recomendation is still go in via linux, extract your important stuff, and then nuke it

I can almost guarantee that the people that are paying the ransom are using the infected computer to do it.
THAT is exactly what they are after!
They are just looking to capture your credentials. The dumb users will be overjoyed that their problem is "over" but then they will wonder why their bank accounts get drained & they credit cards are maxed out.
OP, look into knoppix.
You may be able to get your files back to put them on an external but do make sure that you format your system & zero out all data. Also make sure you install an antivirus like Avast or AVG before you connect that back up & run a complete scan of your system & the back up.

File: 20151123_220853.jpg (2 MB, 3264x1836) Image search: [Google]

2 MB, 3264x1836

I actually got some access to my computer due to some sheer luck. THANK YOU BISON PRO!

What should I do? I can run .exe files now.

>>13969672
I thought AVG was too "popular" to be a viable anti-virus software. Am I wrong?

>>13969674
do what these guys say
>>13969672
>>13969660

>>13969676
it's not popularity, it's what features they have, and how effective it is, especially with the free versions

>>13969676
Do you think that most coders have learned how to bypass it? I am not sure but hopefully it shouldn't be an issue if he reformats.

Also, I don't mean to self bump like this but, I think I found the source of my problems. I think I left my laptop on (not even with the lip closed) while I was at school and I downloaded this virus from an opened pop-up I did not close. I found this out by opening my Opera again and looking at the last page that was open, and it was some random pop-up with "download this porn game now!" kind of stuff written on it.

Use another account. Then find the virus.

>>13969682
more important question:

why no addblocker?

>>13969682
First of all dump Opera.
Use Firefox & install AdBlockPlus & Ghostery.
They really do help to not even see shit like that.

>>13969697
>>13969700
I just like Opera, been using it since it was the first to come out with mouse motion navigation.

But you guys may be right. Time for a change I've learned my lesson.

But more importantly is there anything I can do while I still have control of my computer?

>>13969727
>>13969700
also, ublock orgin as an alt to adblock

>>13969672
>>13969660
do what these guys say. if you stay in the windows OS, the virus can react. if you change OSs, it won't be able to react, or even run

OP here. I'll do as you say. You guys are geniuses. I love you all and I'm so glad 4chan is still alive.

If you can run an executable than try Malwarebytes and if that doesn't work Combofix. If you need to use another computer to put them in a usb drive.

>>13970002
As soon as I run Combofix the virus starts back up again. It actually responds to anti-virus programs specifically.

File: Screenshot_2015-11-18-12-35-00.png (1 MB, 1920x1080) Image search: [Google]

1 MB, 1920x1080

I have gotten this shit twice and removed it twice!
1. U need to be faster then it, there is always a delay when it starts up
2. Network off and safe mode ( I know u said it doesn't work but mine did)
3. If task manager works but doesn't end the task then ur in the clear.
4. U need to open Explorer through the task as a new task just any folder location.
5. Go to ur c drive and find the temp folder./[any updated one]
6. See what was the recent modified date folder.
7. Try and narrow down the date to when it started.
8. When u find the weird folder name (both times it was different) RENAME IT TO RANDOM SHIT every file in there rename it to random shot NEVER DELETE IT!
9. Since u renamed those files and folder (I MEAN EVERYTHING) restart in normal mode
10. If done correctly there will be a lag to start. This is good it means it can not find the files
11. Now find the program and uninstall it from programs.
12. Restart
13. if u go amd see the program not in the program list u r now free (technically) ov it now back up those certain files and do a deep clean on them
14. Reinstall windows if u have a spare drive format the old one and them reinstall

Hope this helps this normally what I do with all viruses and move shit for peeps

>>13970251
Thanks. My safemode doesn't work, but I found a loop hole around it for normal mode. I made another account in safemode (because why not?) and when I logged into the new account in normal mode it reacted. Ok nothing unexpected. But when I logged in again into my old account the virus did not react (HOLYSHIT) lol.

I'll try that renaming thing you're talking about. But how did you find the program? When I checked my Temp folder I couldn't find anything new that had an ".exe" on it?

File: Screenshot_2015-11-18-12-35-40.png (1 MB, 1920x1080) Image search: [Google]

1 MB, 1920x1080

>>13970272
There won't be an exe in temp just a name to reference.
Once u have that name now you have to do the hard digging and pull it up.
Mine installed in the c:/program file location and windows and my user documents.
You also can do a search that works to if u have the name or names. Roughly (3-5 folders urs my vary).
when u find the right folder either have an exe or a notepad file (something else I forgot sorry) for doing cmd stuff in the background.
Just rename this stuff and u should be good to go through.
Cause if u stalled it u can now use malware or cc to tidy up temporarily.

>>13970293
With the loophole I've found I've been running as many anti-virus software as I can without tripping up the virus to block me.

I can't believe you got this twice...I haven't gotten a virus in like 6 years. I thought those hackers finally grew up and went to work or something...

I've gotten it once, and I got around it by booting into safemode and just resetting from a system restore point from some time earlier that month. Didn't lose anything worthwhile and virus was gone. I don't actually know what the usual guides tell you to try first, so no idea if you tried that or not.

Buy a Mac.

i had this once (fuck you swfchan).

i set my bios to boot from the DVD drive, booted from my win7 disc and restored from the last good restore point.

what's that? you don't have a win7 disc? or a restore point? "... I'd like to help you, son, but you smell like a goat." - dead milkmen

File: wat_finland.jpg (56 KB, 251x251) Image search: [Google]

56 KB, 251x251

>>13970505

buying a mac won't get his files back, you shit-stain. why don't YOU buy him a mac? you can afford one, you can probably afford two.

File: Screenshot_2015-11-18-12-35-21.png (815 KB, 1920x1080) Image search: [Google]

815 KB, 1920x1080

>>13970349
Sorry I needed some sleep prior to work.
That's good! u at least got a loop hole.
Yeah i couldn't believe it also. But this is when I would jump through hoops for certain files and had (avast[God that was a mistake ]) as main/only anti virus. {we all learn shit when our baby's get sick}
Okay I can also suggest go to
1. open .cmd and type 'msconfig' (no ' ') hit enter
2. When it opens, go to the startup tab and see what programs are running at startup (Google any ones u don't know) and that will be a trace to .....
2a. You now have the name
2b. And a location.
3. Search for anything similar to that to the said areas I suggested prior.

And ov course if this still doesn't help there is the Linux way

By that I mean find a netbook or a shitty comp(1 u don't mind hooking up ur infected hardrive to)and install either Mint or unbuntu and then take out ur infected hardrive and have it plugged into that system
(like a portable one)running Linux and go through the process like my 1st comment.

All n all
~

If this still can't help you, I am officially out ov ideas and I apologize. I'll check back around noon on American east coast time GOODLUCK!

OP is beyond help, but if others are reading this, this is a textbook example of what not to do when you get this kind of virus.
Once infected, the virus begins chewing away at your files, encrypting them and making them unusable. Holding them ransom until you pay to decrypt them. Unfortunately for most, the virus makers know all too well that if they give out the key, their virus would be worthless in a matter of days, as the key would be circulated around the web. Paying the ransom merely restores your access to the computer, it doesn't repair the damage.

And it's not like the old days, where you could simply detect corrupted files and easily replace them. The newest of these viruses encrypts the files and re-encrypts the files again and again, including file information.
You can't even read filenames to know what files to replace.

Don't sit there for 3 days trying to access your computer, turn it off when you realize that you're infected to prevent further damage to your files. Every minute that the computer is running, regardless if you are locked out or not, it's eating more and more data... your documents and pictures. It's not ransoming your operating system, anyone can easily replace or restore that. Their target is your personal files, and documents, your irreplaceable pictures.
At this stage OP probably has very little left on his hard drive that is useable, and likely has 400 copies of the virus replicating itself as it eats what's left of his data.

turn your infected computer off as soon as possible, and contact someone who knows a lot more about computers than you do.

>>13969674
>regedit.exe
>Taskmgr.exe
look for the whatever process that is. I usually deduce this by finding it in taskmanager. Look for any weirdly named processes/services. 'Find' function works well in regedit. Once you find said [s]suppositories[/s] repositories you can delete them.

Don't bother backing up your registry as you're fucked already and have literally nothing to lose.

>>13970842
OP here. What seriously? How can you confirm that this virus encrypts my personal files could you tell us? By the way I've had access to my personal files and I've stored them to a usb through a loop hole. I will just reformat my computer and be done with it.

>>13970819
Thanks for your assistance. I opened msconfig (totally forgot about that), but couldn't find anything unusual. And also I've ran 3 different anti virus scanners and they couldn't find anything, which makes me feel even more scared.

Thank you all for the support. I've saved my important personal files and now I'm going to nuke my computer. Watch out for viruses and make sure to update your antivirus/backup/personal files.

>>13970971
You're lucky the one you have doesn't encrypt files.

But many ransom wares do and his advice is for dealing with those.

>>13969381
I work in IT support and I had this case a lot, I don't know if someone offered you a solution yet, I'm too lazy to read everything.
What I can tell is that there is a file the "\Users\Local settings\somewhere" or a registry key. I've had both.

You said you have a Win7 Utlimate, which means, like a professional version, that you should have a "Administrator" account besides yours. Because I was at work, I was able to activate it and it worked fine, that's how I knew there must've been something in Local Settings.

I was lucky because, at work, we had a CD that could be booted on, with a antivirus launching automatically. If you look a little on Google, you might be able to find it.

You put the CD in, you boot up the computer and choose the CD as boot device, then you just scan your PC with that.

If you cannot find it, and if you still have your Windows CD, you can also try and restore to a save point like from a week or two weeks ago, to be sure.

The Linux solution works, I've done it, but is much more complicated and very long to explain. Again, you can find the procedure somewhere on Google.

What you don't want is booting on your Windows too many times, it will fuck your files up everytime a bit more.

(I just found a link to an ISO with Kaspersky which you can boot with)
Try it : http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso

>>13971609
Thank you. I'll try that too. I've ran 3 antivirus softwares (Malbyte, Microsoft Security, CCleaner, and something else), but they haven't been able to detect any viruses. I'll try this one where I can boot it up instead of running it.

I'm glad 4chan still has its good people around.

Is it bad that I don't use any sort of anti virus? However I am not downloading random exe files and running them.