The fake FBI virus is annoying, do you know if his user account had admin rights? Generally you can create a new user account and clean it from there. I like to yank the hard drive and scan from a known clean system, but you can also just make a backup of his current profile and delete the existing one and recreate/restore data.
On Sun, Mar 31, 2013 at 9:46 PM, Bobby Heid <bh...@sc.rr.com> wrote: > Thanks Julian. I tried to get him into safe mode. He cannot do anything > there. He gets the same ransom screen in safe mode as regular mode. > > Bobby > > -----Original Message----- > From: hardware-boun...@lists.hardwaregroup.com > [mailto:hardware-boun...@lists.hardwaregroup.com] On Behalf Of Julian > Zottl > Sent: Sunday, March 31, 2013 8:41 PM > To: hardw...@lists.hardwaregroup.com > Subject: Re: [H] Reveton ransomware > > He can reboot his computer in safe mode and look at both the StartUp items > and the run entries in the registry (might be best for him to run msconfig > to do this) and find the name of the software. It will be <random > letters>.exe. Delete the places in reg/startup where it is and then go and > delete the file. > > ---- > Julian > > > On Sun, Mar 31, 2013 at 8:24 PM, Bobby Heid <bh...@sc.rr.com> wrote: > > > Hey, > > > > > > > > My brother-in-law just called me, He is apparently infected with the > > reveton ransomware by citadel. He has the one with the FBI warning that > > all > > of his communications are being monitored by the FBI. It says he needs > to > > pay $300 for them release his pc back to him. I tried to get him into > safe > > mode (with networking), but the ransomware has that blocked also. > > > > > > > > My quick research online basically says we need to download stuff and > burn > > an image onto a CD/DVD/USB. I am 300 miles away from him and they are > not > > technically able to do what is needed to clean it. > > > > > > > > Anyone have any insights into this malware so that I might help them? I > > basically told him he needs to take it somewhere locally to have it > > cleaned. > > > > > > > > Thanks, > > > > Bobby > > > > > > >