Hey guys, got phoned this morning by the old man, his laptop has been taken over by a virus that just displays an official looking Irish language page. basically it demands €100 to unlock the comp. Tried to remove it but cmd prompts and safe mode won't start so Im stumped. Anyone been hit by this or know how to remove it? Thanks :-)
> Hey guys, got phoned this morning by the old man, his laptop has been
> taken over by a virus that just displays an official looking Irish language
> page. basically it demands €100 to unlock the comp. Tried to remove it but
> cmd prompts and safe mode won't start so Im stumped. Anyone been hit by
> this or know how to remove it? Thanks :-)
my first thought would've been safe mode then system restore, but if
you cant get into safe mode it wont be straight forward to sort it
out. feel free to leave the laptop in the Labs, let me know when its
there and i'll pop up and collect and sort it for ya if you like. i'm
sure i'll get it fixed if i have my hands on it, but i dont know what
advice to give you to have a go at it yourself if it wont go into safe
mode for you
On Thu, Sep 27, 2012 at 12:55 PM, calcrea <calc...@gmail.com> wrote:
> Hey guys, got phoned this morning by the old man, his laptop has been taken over by a virus that just displays an official looking Irish language page. basically it demands €100 to unlock the comp. Tried to remove it but cmd prompts and safe mode won't start so Im stumped. Anyone been hit by this or know how to remove it? Thanks :-)
Hmm. Depending on how long it's been since your last restore point, using
system restore to "fix" such problems is a bit like giving yourself a
lobotomy to forget something you don't like. Okay, that's a little
dramatic, but you get what I mean. Anyway, there are plenty of viruses and
things that are more than aware of System Restore and infect your restore
points as well to be sure.
On Thu, Sep 27, 2012 at 1:02 PM, Martin ODonnell <marti...@gmail.com> wrote:
> my first thought would've been safe mode then system restore, but if
> you cant get into safe mode it wont be straight forward to sort it
> out. feel free to leave the laptop in the Labs, let me know when its
> there and i'll pop up and collect and sort it for ya if you like. i'm
> sure i'll get it fixed if i have my hands on it, but i dont know what
> advice to give you to have a go at it yourself if it wont go into safe
> mode for you
> On Thu, Sep 27, 2012 at 12:55 PM, calcrea <calc...@gmail.com> wrote:
> > Hey guys, got phoned this morning by the old man, his laptop has been
> taken over by a virus that just displays an official looking Irish language
> page. basically it demands €100 to unlock the comp. Tried to remove it but
> cmd prompts and safe mode won't start so Im stumped. Anyone been hit by
> this or know how to remove it? Thanks :-)
On Thursday, September 27, 2012 12:55:37 PM UTC+1, calcrea wrote:
> Hey guys, got phoned this morning by the old man, his laptop has been > taken over by a virus that just displays an official looking Irish language > page. basically it demands €100 to unlock the comp. Tried to remove it but > cmd prompts and safe mode won't start so Im stumped. Anyone been hit by > this or know how to remove it? Thanks :-)
Does anyone boot from an OS on a USB stick or external drive?
I know you can setup ubuntu to boot from a stick, I am wondering though if
this is a good general approach to take with security - especially if you
can load software from the USB stick that can clean up windows.
Possibly spawn a windows image from virtualbox?
On Thu, Sep 27, 2012 at 1:13 PM, calcrea <calc...@gmail.com> wrote:
> Thanks guys, I'll be bringing it with me to the labs. Gotta go meet katie
> there now actually lol.
> On Thursday, September 27, 2012 12:55:37 PM UTC+1, calcrea wrote:
>> Hey guys, got phoned this morning by the old man, his laptop has been
>> taken over by a virus that just displays an official looking Irish language
>> page. basically it demands €100 to unlock the comp. Tried to remove it but
>> cmd prompts and safe mode won't start so Im stumped. Anyone been hit by
>> this or know how to remove it? Thanks :-)
Viruses are starting to be aware of VMs, that policy could be unwise. Also,
most USB sticks don't have hardware write protect switches, which could
scupper you, particularly with a compromised BIOS.
On 27 Sep 2012 13:21, "Richard Conroy" <richard.con...@gmail.com> wrote:
> Does anyone boot from an OS on a USB stick or external drive?
> I know you can setup ubuntu to boot from a stick, I am wondering though if
> this is a good general approach to take with security - especially if you
> can load software from the USB stick that can clean up windows.
> Possibly spawn a windows image from virtualbox?
> On Thu, Sep 27, 2012 at 1:13 PM, calcrea <calc...@gmail.com> wrote:
>> Thanks guys, I'll be bringing it with me to the labs. Gotta go meet katie
>> there now actually lol.
>> On Thursday, September 27, 2012 12:55:37 PM UTC+1, calcrea wrote:
>>> Hey guys, got phoned this morning by the old man, his laptop has been
>>> taken over by a virus that just displays an official looking Irish language
>>> page. basically it demands €100 to unlock the comp. Tried to remove it but
>>> cmd prompts and safe mode won't start so Im stumped. Anyone been hit by
>>> this or know how to remove it? Thanks :-)
If you have a windows disc you can get it to "repair" the OS, which
overwrites any OS files which might have been modified. At least you could
with XP, presume the feature is still there in 7.
On Thu, Sep 27, 2012 at 1:11 PM, Domhnall Walsh <domhn...@091labs.com>wrote:
> Hmm. Depending on how long it's been since your last restore point, using
> system restore to "fix" such problems is a bit like giving yourself a
> lobotomy to forget something you don't like. Okay, that's a little
> dramatic, but you get what I mean. Anyway, there are plenty of viruses and
> things that are more than aware of System Restore and infect your restore
> points as well to be sure.
> On Thu, Sep 27, 2012 at 1:02 PM, Martin ODonnell <marti...@gmail.com>wrote:
>> my first thought would've been safe mode then system restore, but if
>> you cant get into safe mode it wont be straight forward to sort it
>> out. feel free to leave the laptop in the Labs, let me know when its
>> there and i'll pop up and collect and sort it for ya if you like. i'm
>> sure i'll get it fixed if i have my hands on it, but i dont know what
>> advice to give you to have a go at it yourself if it wont go into safe
>> mode for you
>> On Thu, Sep 27, 2012 at 12:55 PM, calcrea <calc...@gmail.com> wrote:
>> > Hey guys, got phoned this morning by the old man, his laptop has been
>> taken over by a virus that just displays an official looking Irish language
>> page. basically it demands €100 to unlock the comp. Tried to remove it but
>> cmd prompts and safe mode won't start so Im stumped. Anyone been hit by
>> this or know how to remove it? Thanks :-)
> If you have a windows disc you can get it to "repair" the OS, which
> overwrites any OS files which might have been modified. At least you could
> with XP, presume the feature is still there in 7.
> On Thu, Sep 27, 2012 at 1:11 PM, Domhnall Walsh <domhn...@091labs.com>wrote:
>> Hmm. Depending on how long it's been since your last restore point, using
>> system restore to "fix" such problems is a bit like giving yourself a
>> lobotomy to forget something you don't like. Okay, that's a little
>> dramatic, but you get what I mean. Anyway, there are plenty of viruses and
>> things that are more than aware of System Restore and infect your restore
>> points as well to be sure.
>> On Thu, Sep 27, 2012 at 1:02 PM, Martin ODonnell <marti...@gmail.com>wrote:
>>> my first thought would've been safe mode then system restore, but if
>>> you cant get into safe mode it wont be straight forward to sort it
>>> out. feel free to leave the laptop in the Labs, let me know when its
>>> there and i'll pop up and collect and sort it for ya if you like. i'm
>>> sure i'll get it fixed if i have my hands on it, but i dont know what
>>> advice to give you to have a go at it yourself if it wont go into safe
>>> mode for you
>>> On Thu, Sep 27, 2012 at 12:55 PM, calcrea <calc...@gmail.com> wrote:
>>> > Hey guys, got phoned this morning by the old man, his laptop has been
>>> taken over by a virus that just displays an official looking Irish language
>>> page. basically it demands €100 to unlock the comp. Tried to remove it but
>>> cmd prompts and safe mode won't start so Im stumped. Anyone been hit by
>>> this or know how to remove it? Thanks :-)
7, like Vista, is a little different, I seem to remember. Something about
copying an image of a working install off the installer disk rather than a
file-by-file installer in the classical sense like XP.
Could be wrong on that though.
On 27 Sep 2012 13:29, "Barry Coughlan" <b.coughl...@gmail.com> wrote:
> If you have a windows disc you can get it to "repair" the OS, which
> overwrites any OS files which might have been modified. At least you could
> with XP, presume the feature is still there in 7.
> On Thu, Sep 27, 2012 at 1:11 PM, Domhnall Walsh <domhn...@091labs.com>wrote:
>> Hmm. Depending on how long it's been since your last restore point, using
>> system restore to "fix" such problems is a bit like giving yourself a
>> lobotomy to forget something you don't like. Okay, that's a little
>> dramatic, but you get what I mean. Anyway, there are plenty of viruses and
>> things that are more than aware of System Restore and infect your restore
>> points as well to be sure.
>> On Thu, Sep 27, 2012 at 1:02 PM, Martin ODonnell <marti...@gmail.com>wrote:
>>> my first thought would've been safe mode then system restore, but if
>>> you cant get into safe mode it wont be straight forward to sort it
>>> out. feel free to leave the laptop in the Labs, let me know when its
>>> there and i'll pop up and collect and sort it for ya if you like. i'm
>>> sure i'll get it fixed if i have my hands on it, but i dont know what
>>> advice to give you to have a go at it yourself if it wont go into safe
>>> mode for you
>>> On Thu, Sep 27, 2012 at 12:55 PM, calcrea <calc...@gmail.com> wrote:
>>> > Hey guys, got phoned this morning by the old man, his laptop has been
>>> taken over by a virus that just displays an official looking Irish language
>>> page. basically it demands €100 to unlock the comp. Tried to remove it but
>>> cmd prompts and safe mode won't start so Im stumped. Anyone been hit by
>>> this or know how to remove it? Thanks :-)
> 7, like Vista, is a little different, I seem to remember. Something about
> copying an image of a working install off the installer disk rather than a
> file-by-file installer in the classical sense like XP.
> Could be wrong on that though.
> On 27 Sep 2012 13:29, "Barry Coughlan" <b.coughl...@gmail.com> wrote:
>> If you have a windows disc you can get it to "repair" the OS, which
>> overwrites any OS files which might have been modified. At least you could
>> with XP, presume the feature is still there in 7.
>> On Thu, Sep 27, 2012 at 1:11 PM, Domhnall Walsh <domhn...@091labs.com>wrote:
>>> Hmm. Depending on how long it's been since your last restore point,
>>> using system restore to "fix" such problems is a bit like giving yourself a
>>> lobotomy to forget something you don't like. Okay, that's a little
>>> dramatic, but you get what I mean. Anyway, there are plenty of viruses and
>>> things that are more than aware of System Restore and infect your restore
>>> points as well to be sure.
>>> On Thu, Sep 27, 2012 at 1:02 PM, Martin ODonnell <marti...@gmail.com>wrote:
>>>> my first thought would've been safe mode then system restore, but if
>>>> you cant get into safe mode it wont be straight forward to sort it
>>>> out. feel free to leave the laptop in the Labs, let me know when its
>>>> there and i'll pop up and collect and sort it for ya if you like. i'm
>>>> sure i'll get it fixed if i have my hands on it, but i dont know what
>>>> advice to give you to have a go at it yourself if it wont go into safe
>>>> mode for you
>>>> On Thu, Sep 27, 2012 at 12:55 PM, calcrea <calc...@gmail.com> wrote:
>>>> > Hey guys, got phoned this morning by the old man, his laptop has been
>>>> taken over by a virus that just displays an official looking Irish language
>>>> page. basically it demands €100 to unlock the comp. Tried to remove it but
>>>> cmd prompts and safe mode won't start so Im stumped. Anyone been hit by
>>>> this or know how to remove it? Thanks :-)
Some of these extortion-ware things will encrypt files too, so getting the
thing off is irrelevant unless you have the decryption key too.
On Sep 27, 2012 2:08 PM, "Mark Grealish" <m...@bhalash.com> wrote:
> Reboot in safe mode and run a virus scan. Also look in msconfig for
> details of where the virus resides and delete the .exe there.
> It's worked for me on numerous occasions for muggles' computers.
> On Thu, Sep 27, 2012 at 1:32 PM, Domhnall Walsh <domhn...@091labs.com>wrote:
>> 7, like Vista, is a little different, I seem to remember. Something about
>> copying an image of a working install off the installer disk rather than a
>> file-by-file installer in the classical sense like XP.
>> Could be wrong on that though.
>> On 27 Sep 2012 13:29, "Barry Coughlan" <b.coughl...@gmail.com> wrote:
>>> If you have a windows disc you can get it to "repair" the OS, which
>>> overwrites any OS files which might have been modified. At least you could
>>> with XP, presume the feature is still there in 7.
>>> On Thu, Sep 27, 2012 at 1:11 PM, Domhnall Walsh <domhn...@091labs.com>wrote:
>>>> Hmm. Depending on how long it's been since your last restore point,
>>>> using system restore to "fix" such problems is a bit like giving yourself a
>>>> lobotomy to forget something you don't like. Okay, that's a little
>>>> dramatic, but you get what I mean. Anyway, there are plenty of viruses and
>>>> things that are more than aware of System Restore and infect your restore
>>>> points as well to be sure.
>>>> On Thu, Sep 27, 2012 at 1:02 PM, Martin ODonnell <marti...@gmail.com>wrote:
>>>>> my first thought would've been safe mode then system restore, but if
>>>>> you cant get into safe mode it wont be straight forward to sort it
>>>>> out. feel free to leave the laptop in the Labs, let me know when its
>>>>> there and i'll pop up and collect and sort it for ya if you like. i'm
>>>>> sure i'll get it fixed if i have my hands on it, but i dont know what
>>>>> advice to give you to have a go at it yourself if it wont go into safe
>>>>> mode for you
>>>>> On Thu, Sep 27, 2012 at 12:55 PM, calcrea <calc...@gmail.com> wrote:
>>>>> > Hey guys, got phoned this morning by the old man, his laptop has
>>>>> been taken over by a virus that just displays an official looking Irish
>>>>> language page. basically it demands €100 to unlock the comp. Tried to
>>>>> remove it but cmd prompts and safe mode won't start so Im stumped. Anyone
>>>>> been hit by this or know how to remove it? Thanks :-)
On Thu, Sep 27, 2012 at 2:11 PM, gerryk <ger...@gmail.com> wrote:
> Some of these extortion-ware things will encrypt files too, so getting the
> thing off is irrelevant unless you have the decryption key too.
> On Sep 27, 2012 2:08 PM, "Mark Grealish" <m...@bhalash.com> wrote:
>> msconfig -> Startup Programs -> Disable all.
>> Reboot in safe mode and run a virus scan. Also look in msconfig for
>> details of where the virus resides and delete the .exe there.
>> It's worked for me on numerous occasions for muggles' computers.
>> On Thu, Sep 27, 2012 at 1:32 PM, Domhnall Walsh <domhn...@091labs.com>wrote:
>>> 7, like Vista, is a little different, I seem to remember. Something
>>> about copying an image of a working install off the installer disk rather
>>> than a file-by-file installer in the classical sense like XP.
>>> Could be wrong on that though.
>>> On 27 Sep 2012 13:29, "Barry Coughlan" <b.coughl...@gmail.com> wrote:
>>>> If you have a windows disc you can get it to "repair" the OS, which
>>>> overwrites any OS files which might have been modified. At least you could
>>>> with XP, presume the feature is still there in 7.
>>>> On Thu, Sep 27, 2012 at 1:11 PM, Domhnall Walsh <domhn...@091labs.com>wrote:
>>>>> Hmm. Depending on how long it's been since your last restore point,
>>>>> using system restore to "fix" such problems is a bit like giving yourself a
>>>>> lobotomy to forget something you don't like. Okay, that's a little
>>>>> dramatic, but you get what I mean. Anyway, there are plenty of viruses and
>>>>> things that are more than aware of System Restore and infect your restore
>>>>> points as well to be sure.
>>>>> On Thu, Sep 27, 2012 at 1:02 PM, Martin ODonnell <marti...@gmail.com>wrote:
>>>>>> my first thought would've been safe mode then system restore, but if
>>>>>> you cant get into safe mode it wont be straight forward to sort it
>>>>>> out. feel free to leave the laptop in the Labs, let me know when its
>>>>>> there and i'll pop up and collect and sort it for ya if you like. i'm
>>>>>> sure i'll get it fixed if i have my hands on it, but i dont know what
>>>>>> advice to give you to have a go at it yourself if it wont go into safe
>>>>>> mode for you
>>>>>> On Thu, Sep 27, 2012 at 12:55 PM, calcrea <calc...@gmail.com> wrote:
>>>>>> > Hey guys, got phoned this morning by the old man, his laptop has
>>>>>> been taken over by a virus that just displays an official looking Irish
>>>>>> language page. basically it demands €100 to unlock the comp. Tried to
>>>>>> remove it but cmd prompts and safe mode won't start so Im stumped. Anyone
>>>>>> been hit by this or know how to remove it? Thanks :-)
On Thu, Sep 27, 2012 at 2:15 PM, Mark Grealish <m...@bhalash.com> wrote:
> Something something Reamde.
> On Thu, Sep 27, 2012 at 2:11 PM, gerryk <ger...@gmail.com> wrote:
>> Some of these extortion-ware things will encrypt files too, so getting
>> the thing off is irrelevant unless you have the decryption key too.
>> On Sep 27, 2012 2:08 PM, "Mark Grealish" <m...@bhalash.com> wrote:
>>> msconfig -> Startup Programs -> Disable all.
>>> Reboot in safe mode and run a virus scan. Also look in msconfig for
>>> details of where the virus resides and delete the .exe there.
>>> It's worked for me on numerous occasions for muggles' computers.
>>> On Thu, Sep 27, 2012 at 1:32 PM, Domhnall Walsh <domhn...@091labs.com>wrote:
>>>> 7, like Vista, is a little different, I seem to remember. Something
>>>> about copying an image of a working install off the installer disk rather
>>>> than a file-by-file installer in the classical sense like XP.
>>>> Could be wrong on that though.
>>>> On 27 Sep 2012 13:29, "Barry Coughlan" <b.coughl...@gmail.com> wrote:
>>>>> If you have a windows disc you can get it to "repair" the OS, which
>>>>> overwrites any OS files which might have been modified. At least you could
>>>>> with XP, presume the feature is still there in 7.
>>>>> On Thu, Sep 27, 2012 at 1:11 PM, Domhnall Walsh <domhn...@091labs.com>wrote:
>>>>>> Hmm. Depending on how long it's been since your last restore point,
>>>>>> using system restore to "fix" such problems is a bit like giving yourself a
>>>>>> lobotomy to forget something you don't like. Okay, that's a little
>>>>>> dramatic, but you get what I mean. Anyway, there are plenty of viruses and
>>>>>> things that are more than aware of System Restore and infect your restore
>>>>>> points as well to be sure.
>>>>>> On Thu, Sep 27, 2012 at 1:02 PM, Martin ODonnell <marti...@gmail.com>wrote:
>>>>>>> my first thought would've been safe mode then system restore, but if
>>>>>>> you cant get into safe mode it wont be straight forward to sort it
>>>>>>> out. feel free to leave the laptop in the Labs, let me know when its
>>>>>>> there and i'll pop up and collect and sort it for ya if you like. i'm
>>>>>>> sure i'll get it fixed if i have my hands on it, but i dont know what
>>>>>>> advice to give you to have a go at it yourself if it wont go into
>>>>>>> safe
>>>>>>> mode for you
>>>>>>> On Thu, Sep 27, 2012 at 12:55 PM, calcrea <calc...@gmail.com> wrote:
>>>>>>> > Hey guys, got phoned this morning by the old man, his laptop has
>>>>>>> been taken over by a virus that just displays an official looking Irish
>>>>>>> language page. basically it demands €100 to unlock the comp. Tried to
>>>>>>> remove it but cmd prompts and safe mode won't start so Im stumped. Anyone
>>>>>>> been hit by this or know how to remove it? Thanks :-)
>>>> Reboot in safe mode and run a virus scan. Also look in msconfig for
>>>> details of where the virus resides and delete the .exe there.
>>>> It's worked for me on numerous occasions for muggles' computers.
>>>> On Thu, Sep 27, 2012 at 1:32 PM, Domhnall Walsh <domhn...@091labs.com>
>>>> wrote:
>>>>> 7, like Vista, is a little different, I seem to remember. Something
>>>>> about copying an image of a working install off the installer disk rather
>>>>> than a file-by-file installer in the classical sense like XP.
>>>>> Could be wrong on that though.
>>>>> On 27 Sep 2012 13:29, "Barry Coughlan" <b.coughl...@gmail.com> wrote:
>>>>>> If you have a windows disc you can get it to "repair" the OS, which
>>>>>> overwrites any OS files which might have been modified. At least you could
>>>>>> with XP, presume the feature is still there in 7.
>>>>>> On Thu, Sep 27, 2012 at 1:11 PM, Domhnall Walsh <domhn...@091labs.com>
>>>>>> wrote:
>>>>>>> Hmm. Depending on how long it's been since your last restore point,
>>>>>>> using system restore to "fix" such problems is a bit like giving yourself a
>>>>>>> lobotomy to forget something you don't like. Okay, that's a little dramatic,
>>>>>>> but you get what I mean. Anyway, there are plenty of viruses and things that
>>>>>>> are more than aware of System Restore and infect your restore points as well
>>>>>>> to be sure.
>>>>>>> On Thu, Sep 27, 2012 at 1:02 PM, Martin ODonnell <marti...@gmail.com>
>>>>>>> wrote:
>>>>>>>> my first thought would've been safe mode then system restore, but if
>>>>>>>> you cant get into safe mode it wont be straight forward to sort it
>>>>>>>> out. feel free to leave the laptop in the Labs, let me know when its
>>>>>>>> there and i'll pop up and collect and sort it for ya if you like.
>>>>>>>> i'm
>>>>>>>> sure i'll get it fixed if i have my hands on it, but i dont know
>>>>>>>> what
>>>>>>>> advice to give you to have a go at it yourself if it wont go into
>>>>>>>> safe
>>>>>>>> mode for you
>>>>>>>> On Thu, Sep 27, 2012 at 12:55 PM, calcrea <calc...@gmail.com> wrote:
>>>>>>>> > Hey guys, got phoned this morning by the old man, his laptop has
>>>>>>>> > been taken over by a virus that just displays an official looking Irish
>>>>>>>> > language page. basically it demands €100 to unlock the comp. Tried to remove
>>>>>>>> > it but cmd prompts and safe mode won't start so Im stumped. Anyone been hit
>>>>>>>> > by this or know how to remove it? Thanks :-)
> >>>> msconfig -> Startup Programs -> Disable all.
> >>>> Reboot in safe mode and run a virus scan. Also look in msconfig for
> >>>> details of where the virus resides and delete the .exe there.
> >>>> It's worked for me on numerous occasions for muggles' computers.
> >>>> On Thu, Sep 27, 2012 at 1:32 PM, Domhnall Walsh <domhn...@091labs.com
> >>>> wrote:
> >>>>> 7, like Vista, is a little different, I seem to remember. Something
> >>>>> about copying an image of a working install off the installer disk
> rather
> >>>>> than a file-by-file installer in the classical sense like XP.
> >>>>>> If you have a windows disc you can get it to "repair" the OS, which
> >>>>>> overwrites any OS files which might have been modified. At least
> you could
> >>>>>> with XP, presume the feature is still there in 7.
> >>>>>> On Thu, Sep 27, 2012 at 1:11 PM, Domhnall Walsh <
> domhn...@091labs.com>
> >>>>>> wrote:
> >>>>>>> Hmm. Depending on how long it's been since your last restore point,
> >>>>>>> using system restore to "fix" such problems is a bit like giving
> yourself a
> >>>>>>> lobotomy to forget something you don't like. Okay, that's a little
> dramatic,
> >>>>>>> but you get what I mean. Anyway, there are plenty of viruses and
> things that
> >>>>>>> are more than aware of System Restore and infect your restore
> points as well
> >>>>>>> to be sure.
> >>>>>>> On Thu, Sep 27, 2012 at 1:02 PM, Martin ODonnell <
> marti...@gmail.com>
> >>>>>>> wrote:
> >>>>>>>> my first thought would've been safe mode then system restore, but
> if
> >>>>>>>> you cant get into safe mode it wont be straight forward to sort it
> >>>>>>>> out. feel free to leave the laptop in the Labs, let me know when
> its
> >>>>>>>> there and i'll pop up and collect and sort it for ya if you like.
> >>>>>>>> i'm
> >>>>>>>> sure i'll get it fixed if i have my hands on it, but i dont know
> >>>>>>>> what
> >>>>>>>> advice to give you to have a go at it yourself if it wont go into
> >>>>>>>> safe
> >>>>>>>> mode for you
> >>>>>>>> On Thu, Sep 27, 2012 at 12:55 PM, calcrea <calc...@gmail.com>
> wrote:
> >>>>>>>> > Hey guys, got phoned this morning by the old man, his laptop has
> >>>>>>>> > been taken over by a virus that just displays an official
> looking Irish
> >>>>>>>> > language page. basically it demands €100 to unlock the comp.
> Tried to remove
> >>>>>>>> > it but cmd prompts and safe mode won't start so Im stumped.
> Anyone been hit
> >>>>>>>> > by this or know how to remove it? Thanks :-)
> On Thu, Sep 27, 2012 at 2:30 PM, Duncan Thomas <duncan.tho...@gmail.com>wrote:
>> If you're really paranoid, there's an ide (pata & sata) usb write
>> blocking forensic copier in my pile of stuff in the corner...
>> On 27 September 2012 14:16, Mark Grealish <m...@bhalash.com> wrote:
>> > I thankfully haven't run into any ransomware that encrypts files - yet!
>> > Is it also worth educating your father on Those Kinds Of Websites?
>> > On Thu, Sep 27, 2012 at 2:15 PM, Mark Grealish <m...@bhalash.com>
>> wrote:
>> >> Something something Reamde.
>> >> On Thu, Sep 27, 2012 at 2:11 PM, gerryk <ger...@gmail.com> wrote:
>> >>> Some of these extortion-ware things will encrypt files too, so getting
>> >>> the thing off is irrelevant unless you have the decryption key too.
>> >>>> msconfig -> Startup Programs -> Disable all.
>> >>>> Reboot in safe mode and run a virus scan. Also look in msconfig for
>> >>>> details of where the virus resides and delete the .exe there.
>> >>>> It's worked for me on numerous occasions for muggles' computers.
>> >>>> On Thu, Sep 27, 2012 at 1:32 PM, Domhnall Walsh <
>> domhn...@091labs.com>
>> >>>> wrote:
>> >>>>> 7, like Vista, is a little different, I seem to remember. Something
>> >>>>> about copying an image of a working install off the installer disk
>> rather
>> >>>>> than a file-by-file installer in the classical sense like XP.
>> >>>>>> If you have a windows disc you can get it to "repair" the OS, which
>> >>>>>> overwrites any OS files which might have been modified. At least
>> you could
>> >>>>>> with XP, presume the feature is still there in 7.
>> >>>>>> On Thu, Sep 27, 2012 at 1:11 PM, Domhnall Walsh <
>> domhn...@091labs.com>
>> >>>>>> wrote:
>> >>>>>>> Hmm. Depending on how long it's been since your last restore
>> point,
>> >>>>>>> using system restore to "fix" such problems is a bit like giving
>> yourself a
>> >>>>>>> lobotomy to forget something you don't like. Okay, that's a
>> little dramatic,
>> >>>>>>> but you get what I mean. Anyway, there are plenty of viruses and
>> things that
>> >>>>>>> are more than aware of System Restore and infect your restore
>> points as well
>> >>>>>>> to be sure.
>> >>>>>>> On Thu, Sep 27, 2012 at 1:02 PM, Martin ODonnell <
>> marti...@gmail.com>
>> >>>>>>> wrote:
>> >>>>>>>> my first thought would've been safe mode then system restore,
>> but if
>> >>>>>>>> you cant get into safe mode it wont be straight forward to sort
>> it
>> >>>>>>>> out. feel free to leave the laptop in the Labs, let me know when
>> its
>> >>>>>>>> there and i'll pop up and collect and sort it for ya if you like.
>> >>>>>>>> i'm
>> >>>>>>>> sure i'll get it fixed if i have my hands on it, but i dont know
>> >>>>>>>> what
>> >>>>>>>> advice to give you to have a go at it yourself if it wont go into
>> >>>>>>>> safe
>> >>>>>>>> mode for you
>> >>>>>>>> On Thu, Sep 27, 2012 at 12:55 PM, calcrea <calc...@gmail.com>
>> wrote:
>> >>>>>>>> > Hey guys, got phoned this morning by the old man, his laptop
>> has
>> >>>>>>>> > been taken over by a virus that just displays an official
>> looking Irish
>> >>>>>>>> > language page. basically it demands €100 to unlock the comp.
>> Tried to remove
>> >>>>>>>> > it but cmd prompts and safe mode won't start so Im stumped.
>> Anyone been hit
>> >>>>>>>> > by this or know how to remove it? Thanks :-)
> On Thu, Sep 27, 2012 at 2:30 PM, Duncan Thomas <duncan.tho...@gmail.com>wrote:
>> If you're really paranoid, there's an ide (pata & sata) usb write
>> blocking forensic copier in my pile of stuff in the corner...
>> On 27 September 2012 14:16, Mark Grealish <m...@bhalash.com> wrote:
>> > I thankfully haven't run into any ransomware that encrypts files - yet!
>> > Is it also worth educating your father on Those Kinds Of Websites?
>> > On Thu, Sep 27, 2012 at 2:15 PM, Mark Grealish <m...@bhalash.com>
>> wrote:
>> >> Something something Reamde.
>> >> On Thu, Sep 27, 2012 at 2:11 PM, gerryk <ger...@gmail.com> wrote:
>> >>> Some of these extortion-ware things will encrypt files too, so getting
>> >>> the thing off is irrelevant unless you have the decryption key too.
>> >>>> msconfig -> Startup Programs -> Disable all.
>> >>>> Reboot in safe mode and run a virus scan. Also look in msconfig for
>> >>>> details of where the virus resides and delete the .exe there.
>> >>>> It's worked for me on numerous occasions for muggles' computers.
>> >>>> On Thu, Sep 27, 2012 at 1:32 PM, Domhnall Walsh <
>> domhn...@091labs.com>
>> >>>> wrote:
>> >>>>> 7, like Vista, is a little different, I seem to remember. Something
>> >>>>> about copying an image of a working install off the installer disk
>> rather
>> >>>>> than a file-by-file installer in the classical sense like XP.
>> >>>>>> If you have a windows disc you can get it to "repair" the OS, which
>> >>>>>> overwrites any OS files which might have been modified. At least
>> you could
>> >>>>>> with XP, presume the feature is still there in 7.
>> >>>>>> On Thu, Sep 27, 2012 at 1:11 PM, Domhnall Walsh <
>> domhn...@091labs.com>
>> >>>>>> wrote:
>> >>>>>>> Hmm. Depending on how long it's been since your last restore
>> point,
>> >>>>>>> using system restore to "fix" such problems is a bit like giving
>> yourself a
>> >>>>>>> lobotomy to forget something you don't like. Okay, that's a
>> little dramatic,
>> >>>>>>> but you get what I mean. Anyway, there are plenty of viruses and
>> things that
>> >>>>>>> are more than aware of System Restore and infect your restore
>> points as well
>> >>>>>>> to be sure.
>> >>>>>>> On Thu, Sep 27, 2012 at 1:02 PM, Martin ODonnell <
>> marti...@gmail.com>
>> >>>>>>> wrote:
>> >>>>>>>> my first thought would've been safe mode then system restore,
>> but if
>> >>>>>>>> you cant get into safe mode it wont be straight forward to sort
>> it
>> >>>>>>>> out. feel free to leave the laptop in the Labs, let me know when
>> its
>> >>>>>>>> there and i'll pop up and collect and sort it for ya if you like.
>> >>>>>>>> i'm
>> >>>>>>>> sure i'll get it fixed if i have my hands on it, but i dont know
>> >>>>>>>> what
>> >>>>>>>> advice to give you to have a go at it yourself if it wont go into
>> >>>>>>>> safe
>> >>>>>>>> mode for you
>> >>>>>>>> On Thu, Sep 27, 2012 at 12:55 PM, calcrea <calc...@gmail.com>
>> wrote:
>> >>>>>>>> > Hey guys, got phoned this morning by the old man, his laptop
>> has
>> >>>>>>>> > been taken over by a virus that just displays an official
>> looking Irish
>> >>>>>>>> > language page. basically it demands €100 to unlock the comp.
>> Tried to remove
>> >>>>>>>> > it but cmd prompts and safe mode won't start so Im stumped.
>> Anyone been hit
>> >>>>>>>> > by this or know how to remove it? Thanks :-)
> It'll be there when you re next about
> On Sep 27, 2012 7:16 PM, "Mark Grealish" <m...@bhalash.com> wrote:
>> I totally want to play with that. :[
>> On Thu, Sep 27, 2012 at 2:30 PM, Duncan Thomas <duncan.tho...@gmail.com>wrote:
>>> If you're really paranoid, there's an ide (pata & sata) usb write
>>> blocking forensic copier in my pile of stuff in the corner...
>>> On 27 September 2012 14:16, Mark Grealish <m...@bhalash.com> wrote:
>>> > I thankfully haven't run into any ransomware that encrypts files - yet!
>>> > Is it also worth educating your father on Those Kinds Of Websites?
>>> > On Thu, Sep 27, 2012 at 2:15 PM, Mark Grealish <m...@bhalash.com>
>>> wrote:
>>> >> Something something Reamde.
>>> >> On Thu, Sep 27, 2012 at 2:11 PM, gerryk <ger...@gmail.com> wrote:
>>> >>> Some of these extortion-ware things will encrypt files too, so
>>> getting
>>> >>> the thing off is irrelevant unless you have the decryption key too.
>>> >>>> msconfig -> Startup Programs -> Disable all.
>>> >>>> Reboot in safe mode and run a virus scan. Also look in msconfig for
>>> >>>> details of where the virus resides and delete the .exe there.
>>> >>>> It's worked for me on numerous occasions for muggles' computers.
>>> >>>> On Thu, Sep 27, 2012 at 1:32 PM, Domhnall Walsh <
>>> domhn...@091labs.com>
>>> >>>> wrote:
>>> >>>>> 7, like Vista, is a little different, I seem to remember. Something
>>> >>>>> about copying an image of a working install off the installer disk
>>> rather
>>> >>>>> than a file-by-file installer in the classical sense like XP.
>>> >>>>>> If you have a windows disc you can get it to "repair" the OS,
>>> which
>>> >>>>>> overwrites any OS files which might have been modified. At least
>>> you could
>>> >>>>>> with XP, presume the feature is still there in 7.
>>> >>>>>> On Thu, Sep 27, 2012 at 1:11 PM, Domhnall Walsh <
>>> domhn...@091labs.com>
>>> >>>>>> wrote:
>>> >>>>>>> Hmm. Depending on how long it's been since your last restore
>>> point,
>>> >>>>>>> using system restore to "fix" such problems is a bit like giving
>>> yourself a
>>> >>>>>>> lobotomy to forget something you don't like. Okay, that's a
>>> little dramatic,
>>> >>>>>>> but you get what I mean. Anyway, there are plenty of viruses and
>>> things that
>>> >>>>>>> are more than aware of System Restore and infect your restore
>>> points as well
>>> >>>>>>> to be sure.
>>> >>>>>>> On Thu, Sep 27, 2012 at 1:02 PM, Martin ODonnell <
>>> marti...@gmail.com>
>>> >>>>>>> wrote:
>>> >>>>>>>> my first thought would've been safe mode then system restore,
>>> but if
>>> >>>>>>>> you cant get into safe mode it wont be straight forward to sort
>>> it
>>> >>>>>>>> out. feel free to leave the laptop in the Labs, let me know
>>> when its
>>> >>>>>>>> there and i'll pop up and collect and sort it for ya if you
>>> like.
>>> >>>>>>>> i'm
>>> >>>>>>>> sure i'll get it fixed if i have my hands on it, but i dont know
>>> >>>>>>>> what
>>> >>>>>>>> advice to give you to have a go at it yourself if it wont go
>>> into
>>> >>>>>>>> safe
>>> >>>>>>>> mode for you
>>> >>>>>>>> On Thu, Sep 27, 2012 at 12:55 PM, calcrea <calc...@gmail.com>
>>> wrote:
>>> >>>>>>>> > Hey guys, got phoned this morning by the old man, his laptop
>>> has
>>> >>>>>>>> > been taken over by a virus that just displays an official
>>> looking Irish
>>> >>>>>>>> > language page. basically it demands €100 to unlock the comp.
>>> Tried to remove
>>> >>>>>>>> > it but cmd prompts and safe mode won't start so Im stumped.
>>> Anyone been hit
>>> >>>>>>>> > by this or know how to remove it? Thanks :-)
> I _think_ I have this sorted...
> On 28 Sep 2012 16:19, "Duncan Thomas" <duncan.tho...@gmail.com> wrote:
>> It'll be there when you re next about
>> On Sep 27, 2012 7:16 PM, "Mark Grealish" <m...@bhalash.com> wrote:
>>> I totally want to play with that. :[
>>> On Thu, Sep 27, 2012 at 2:30 PM, Duncan Thomas <duncan.tho...@gmail.com>wrote:
>>>> If you're really paranoid, there's an ide (pata & sata) usb write
>>>> blocking forensic copier in my pile of stuff in the corner...
>>>> On 27 September 2012 14:16, Mark Grealish <m...@bhalash.com> wrote:
>>>> > I thankfully haven't run into any ransomware that encrypts files -
>>>> yet!
>>>> > Is it also worth educating your father on Those Kinds Of Websites?
>>>> > On Thu, Sep 27, 2012 at 2:15 PM, Mark Grealish <m...@bhalash.com>
>>>> wrote:
>>>> >> Something something Reamde.
>>>> >> On Thu, Sep 27, 2012 at 2:11 PM, gerryk <ger...@gmail.com> wrote:
>>>> >>> Some of these extortion-ware things will encrypt files too, so
>>>> getting
>>>> >>> the thing off is irrelevant unless you have the decryption key too.
>>>> >>>> msconfig -> Startup Programs -> Disable all.
>>>> >>>> Reboot in safe mode and run a virus scan. Also look in msconfig for
>>>> >>>> details of where the virus resides and delete the .exe there.
>>>> >>>> It's worked for me on numerous occasions for muggles' computers.
>>>> >>>> On Thu, Sep 27, 2012 at 1:32 PM, Domhnall Walsh <
>>>> domhn...@091labs.com>
>>>> >>>> wrote:
>>>> >>>>> 7, like Vista, is a little different, I seem to remember.
>>>> Something
>>>> >>>>> about copying an image of a working install off the installer
>>>> disk rather
>>>> >>>>> than a file-by-file installer in the classical sense like XP.
>>>> >>>>>> If you have a windows disc you can get it to "repair" the OS,
>>>> which
>>>> >>>>>> overwrites any OS files which might have been modified. At least
>>>> you could
>>>> >>>>>> with XP, presume the feature is still there in 7.
>>>> >>>>>> On Thu, Sep 27, 2012 at 1:11 PM, Domhnall Walsh <
>>>> domhn...@091labs.com>
>>>> >>>>>> wrote:
>>>> >>>>>>> Hmm. Depending on how long it's been since your last restore
>>>> point,
>>>> >>>>>>> using system restore to "fix" such problems is a bit like
>>>> giving yourself a
>>>> >>>>>>> lobotomy to forget something you don't like. Okay, that's a
>>>> little dramatic,
>>>> >>>>>>> but you get what I mean. Anyway, there are plenty of viruses
>>>> and things that
>>>> >>>>>>> are more than aware of System Restore and infect your restore
>>>> points as well
>>>> >>>>>>> to be sure.
>>>> >>>>>>> On Thu, Sep 27, 2012 at 1:02 PM, Martin ODonnell <
>>>> marti...@gmail.com>
>>>> >>>>>>> wrote:
>>>> >>>>>>>> my first thought would've been safe mode then system restore,
>>>> but if
>>>> >>>>>>>> you cant get into safe mode it wont be straight forward to
>>>> sort it
>>>> >>>>>>>> out. feel free to leave the laptop in the Labs, let me know
>>>> when its
>>>> >>>>>>>> there and i'll pop up and collect and sort it for ya if you
>>>> like.
>>>> >>>>>>>> i'm
>>>> >>>>>>>> sure i'll get it fixed if i have my hands on it, but i dont
>>>> know
>>>> >>>>>>>> what
>>>> >>>>>>>> advice to give you to have a go at it yourself if it wont go
>>>> into
>>>> >>>>>>>> safe
>>>> >>>>>>>> mode for you
>>>> >>>>>>>> On Thu, Sep 27, 2012 at 12:55 PM, calcrea <calc...@gmail.com>
>>>> wrote:
>>>> >>>>>>>> > Hey guys, got phoned this morning by the old man, his laptop
>>>> has
>>>> >>>>>>>> > been taken over by a virus that just displays an official
>>>> looking Irish
>>>> >>>>>>>> > language page. basically it demands €100 to unlock the comp.
>>>> Tried to remove
>>>> >>>>>>>> > it but cmd prompts and safe mode won't start so Im stumped.
>>>> Anyone been hit
>>>> >>>>>>>> > by this or know how to remove it? Thanks :-)
>>>> --
>>>> Duncan Thomas
-- Paul Mac Eoin
Irish Mobile (Three): (+353) 87 126 37 58
Skype: paul.mac.eoin
