Railworks America Website

[NS9030]

Okay so for the last few month so haven't been able to do anything on my laptop. It's a PC and I think it's a HP G62? That's what it says on it at least. Anyways so when I click the button to log in the entire screen goes white. It's been like this for two months now and before that it said I needed to pay money to the FBI to unlock it for having child pornagraphy on it which is absolute bull and it wanted my social security number. So I kinda am thinking it's a virus. I can't log on at all so I'm not sure how to fix it and keep all my files(thousands of railroad pictures and scanned historical documents) which I really do not want to lose. Any help? Thanks.

[PolyesterMafia]

Sounds like bad-ole Ransomware. Of course you know not to give any of the "requested" information.

No expert on this, but have you tried physically disconnecting from your internet connection and rebooting your computer in Safe-Mode? Sometimes that will do just enough to let you be able to get in and transfer your files off the computer. Other than that, if you don't have an anti-virus, anti-malware, or tech supoort that will remove it, you may be looking at a complete wipe and re-install.

And, not something you want to hear right now, but it cannot be stressed enough that you should never have important documents on your computer if you cannot also keep an off-computer back-up.

[dgallina]

Bad news. That ransom ware will encrypt your hard drive. Suggest that you need to format and start over. Make sure you have virus / malware protection, keep your software patched, and be careful about what you access / click on in future.

Hopefully you have backups, right?

Diego

[arizonachris]

OK, this is worse than we talked about. I was trying to help NS9030 by PM, but suggested an open Forum topic, which it turns out was a great idea. You guys nailed it right away. I never heard of this nasty little virus. And it is really a scandalous bit of work.

Found this on the Net: http://www.f-secure.com/en/web/labs_glo ... ransomware As the others said, try "Safe mode" (that's the F8 key before Windows starts up) try safe mode with networking. That "should" allow you to use that F Secure online scanner. That's if "known last good configuration" didn't work. Or try the manual method that is outlined in that link. I do trust F Secure, they are one of the best in that field.

And if you can't get anything to fix the infected drive, instead of wiping it, something to consider is, if you can get another hard drive and get it installed, disconnect the current drive and reinstall Windows on the new drive. Disconnecting the existing drive will keep that virus contained. Now, on the new drive, fix it up with anti virus like Microsoft Security Essentials, then connect back the old drive and scan it. Or get the removal tool from F Secure on the new drive. If files have not yet been encrypted, you can always use Windows Explorer to move them to the new drive.

One more option I found: http://botcrawl.com/how-to-remove-the-f ... e-removal/

[XDriver]

Right. Try safe mode. Do a virus scan if you can. Then I would try System restore if nothing else works. Then almost last but not least, do a windows repair. Insert windows disc start PC with disc. Do a windows repair. Last and if all else fails, reinstall windows.

[PolyesterMafia]

It's such a shame that the little ****** that write this garbageware are so talented, yet can think of nothing more to do than make other peoples lives miserable.

Good info, that last bit. Will bookmark for unfortunate future reference.

[Antwerp]

I've gotten that Virus before.

I just do a system Restore and It's all fixed.

[Chacal]

And when you're back to normal, the only way to effectively protect your PC against ANY virus, and I do mean ANY, is DeepFreeze from Faronics.

I've been using it for more than 12 years, both at home and in a high school where I was IT administrator. It protects against any problem except hardware failure. I used to have students deleting the C:\Windows folder on PCs in the lab, or installing malware. WIth DeepFreeze, couldn't care less **.
I still test viruses on purpose on my home PC just for fun.

I remember going to an IT-in-education show where Faronics had a booth for DeepFreeze, and IT administrators were lining up to say thanks to them!

It costs less than 30$ I think for 3 computers, and you can try it for free for 30 days.



** OK, when they realized that they started breaking hardware and stealing parts instead, but that's a different story.

[NS9030]

Well system restore did not work, there wasn't a restore point far enough back. Safe mode doesn't work either, logs me off as soon as I log in then logs me back in in normal mode. I'll probably try downloading something from one of those links onto a flash drive and having that get rid of it. The amount of help I've gotten here is awesome, this is a great community and I really appreciate all the suggestions!

[buzz456]

Deep Freeze. It looks to be $45 now.

[mojo12012]

Go to Malwarebytes' site. They have an easy to follow process to get rid of this one. How do I know? In the UK you get the same message but it's linked to a local Police force. The early versions of this malware could be foxed by starting in safe mode, but later versions overcame this work around. Best of luck.

[arizonachris]

You could also take that infected hard drive out of the PC, put it into an external hard drive dock and hook it thru USB to another PC that's running a good Anti Virus. Then use Windows Explorer, and do the manual file removal in the links I provided. I'm not sure what the Malwarebytes method is.

[peterhayes]

I agree with mojo malwarebytes clears it out easily (we get an Australian Federal Police threat).
One caveat before you try to remove it - if it is open then force a close down using task manager (end task) and then run malwarebytes
Regards
PeterH

[NS9030]

I feel like I haven't made this entirely clear I can't do anything on my computer at all. I get to the login screen, I then log in and the whole screen goes completely white. There's no way I can open the task manager or start menu or anything. Safe mode and safe mode with networking do not work. I really don't want to have to shell out the money at Best Buy or Staples but then again I don't want I have to wipe it. I still have to try some of the options you guys referred to me. You guys really make me look dumb when it comes to computers! Really appreciate the help guys.

[Chacal]

Usually when someone installs Windows on a PC he should make an emergency disk for just that kind of problem.
Perhaps one was supplied by whoever installed Windows on your PC?
If not, borrow an emergency disk and boot from it, then go into safe mode and do as suggested above.
Or let a technician do it.
This should let you avoid a reinstall.