Malware Takeover


BIC

Member
Member
Local time
6:35 AM
Posts
33
OS
Windows 11
Less than one-year old HP Desktop with OEM Win11 Home. While browsing web, Windows froze with some malware messages flashing all over the screen. My recollection is it said to not do anything with PC but to call a phone number. I recall something similar a few years ago. At that time, I shutdown and restarted OK.

I powered down (I should have grabbed a screenshot first, but didn't). When I power up, I can get the Windows lock screen, enter password, then Windows starts to load but freezes after a few seconds on the lock screen. I can boot to BIOS menu.

I got to Advanced Options. Tried Startup Repair to fix problems that keep Windows from loading but that didn't help. Looks like next best option is System Restore which goes to a recent restore point. What should I do? Thanks.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Envy TE01-3197c
    CPU
    12th Generation i7-12700F
    Memory
    32GB DDR4-3200 SDRAM
    Graphics Card(s)
    NVIDIA GeForce GTX 1660 Super 6GB GDDR6
If you are getting message to contact which indicates you have Ransomware malware infection which best think to do is use backup to restore your system.

Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). The computer itself may become locked, or the data on it might be stolen, deleted or encrypted.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    Erica6
    Memory
    Micron Technology DDR4-3200 16GB
    Graphics Card(s)
    NVIDIA GeForce RTX 3060
    Sound Card
    Realtek ALC671
    Monitor(s) Displays
    Samsung SyncMaster U28E590
    Screen Resolution
    3840 x 2160
    Hard Drives
    SAMSUNG MZVLQ1T0HALB-000H1
Less than one-year old HP Desktop with OEM Win11 Home. While browsing web, Windows froze with some malware messages flashing all over the screen. My recollection is it said to not do anything with PC but to call a phone number. I recall something similar a few years ago. At that time, I shutdown and restarted OK.

I powered down (I should have grabbed a screenshot first, but didn't). When I power up, I can get the Windows lock screen, enter password, then Windows starts to load but freezes after a few seconds on the lock screen. I can boot to BIOS menu.

I got to Advanced Options. Tried Startup Repair to fix problems that keep Windows from loading but that didn't help. Looks like next best option is System Restore which goes to a recent restore point. What should I do? Thanks.
If you are not using a 3rd party backup, then System Restore is probably the next best solution. Just an FYI, System Restore is not the best for recovering your system and I suggest using a reliable 3rd party application in the future.
 

My Computer

System One

  • OS
    Windows 11 Professional
    Computer type
    PC/Desktop
    Manufacturer/Model
    Microcenter B677
    CPU
    Intel Core i5-9400
    Motherboard
    ASRock H310CM-HDV/M.2
    Memory
    32GB
    Graphics Card(s)
    Integrated Intel UHD Graphics 630
    Sound Card
    Intel Kaby Lake - High Definition Audio / cAVS (Audio, Voice, Speech) [A0]
    Monitor(s) Displays
    LG Model: GSM59F1
    Screen Resolution
    2560x1080
    Case
    Lian Li 205M
    Antivirus
    Kaspersky AV
I do backup periodically to an external hard drive. Probably been a couple of weeks, I won't lose much, maybe a few files, none critical. Any downside to trying a restore point first?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Envy TE01-3197c
    CPU
    12th Generation i7-12700F
    Memory
    32GB DDR4-3200 SDRAM
    Graphics Card(s)
    NVIDIA GeForce GTX 1660 Super 6GB GDDR6
If malware has indeed gotten into your system, depending on how sophisticated it is, IMO, I would not trust a restore point either. While a piece of malware may only affect windows, that same malware may be resident inside your user account as well. Keep in mind system restore does nothing to correct a user account or his files.
In such cases restoring a system image or a clean install is ALL I trust.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 24H2 2600.1742
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 nvme+256gb SKHynix m.2 nvme /External +512gb Samsung m.2 sata+1tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
I was getting ready to do the clean Windows install and was at the lock screen and decided to try login one more time. Windows loaded and took me to my Desktop. I ran free version of MalwareBytes. Clean. Ran Windows Security Quick Scan & Full Scan. Both clean.

Went to run the Windows Security Offline Scan. When rebooting as part of process, it took me back to the repair options screen. I chose shutdown. After restart, got lockscreen & entered Windows password. After a few seconds froze up again. Shutdown and retry, left it frozen a few minutes, then it logged on. Next, ran TrendMicro online Housecall (a quick scan) and EsEt full scan (35 minutes). Both clean.

Tried the Windows Security Offline Scan again. Again, it restarts and goes to the repair options screen. Shutdown and restart. Quickly goes to login screen. After logging in, spinner goes for a few seconds then freezes for about three minutes, then slowly goes to Desktop and all seems normal.

Any idea what's going on? Any other online scanners I should try?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Envy TE01-3197c
    CPU
    12th Generation i7-12700F
    Memory
    32GB DDR4-3200 SDRAM
    Graphics Card(s)
    NVIDIA GeForce GTX 1660 Super 6GB GDDR6

My Computer

System One

  • OS
    Windows 11 Home 24H2 26100.2033
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion TP01-2xxx
    CPU
    AMD Ryzen 3 5300G
    Memory
    8gb
    Graphics Card(s)
    Radeon Graphics 4.00GHZ
    Monitor(s) Displays
    ViewSonic
    Keyboard
    HP
    Mouse
    wireless Microsoft
    Browser
    FireFox
    Antivirus
    Avira
Kaspersky seems to be really quick at picking up new malware/viruses. I would try their virus removal tool too, in a safe mode.


From just your description alone, though, that sounded like it could be just a scam, without really installing a virus on your system, especially because you didn't say you opened a file or installed anything. I would try running this in a safe admin mode too, just in case:

sfc /scannow
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex Micro 5000
    CPU
    Intel Core i5-12500T
    Memory
    2 x 8GB DDR4 SO-DIMM 3200
Hi folks
not sure how a Virus got into your system -- but however it did IMO there's only one sensible fix -- clean format the HDD -- I mean clean format --i.e write x'00' or whatever on every physical sector or address if it's an SSD / NVME and clean install Windows or if you have a guaranteed clean copy restore that.

Using an "Infected" machine to "repair itself" is dodgy in the extreme --it's like telling a Pilot --here's a defective plane -- please take it into the air and repair it there !!! .

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
I would clean install anyway. I would delete all partitions and clean install windows.

Then I would install all updates, run a windows defender scan and malwarebytes (with rootkit option checked) as secondary. Make sure they are clean again.

Then I would check for an update for your bios for your machine so it can overwrite it with a known good bios version. This can potentially help stop a deep infection with a good overwrite.

Use HP ia to look for updates for your device found here:

 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell G15 5525
    CPU
    Ryzen 7 6800H
    Memory
    32 GB DDR5 4800mhz
    Graphics Card(s)
    RTX 3050 Mobile 4GB Vram
    Monitor(s) Displays
    Gigabyte M27Q (rev. 2.0) 2560 x 1440 @ 170hz HDR
    Screen Resolution
    Internal laptop screen: 1920 x 1080 @ 120hz
    Hard Drives
    2TB Solidigm™ P41 Plus nvme
    Internet Speed
    800mbps down, 20 up
  • Operating System
    Chrome OS
    Computer type
    Laptop
    Manufacturer/Model
    HP Chromebook
    CPU
    Intel Pentium Quad Core
    Memory
    4GB LPDDR4
    Monitor(s) Displays
    14 Inch HD SVA anti glare micro edge display
    Hard Drives
    64 GB emmc
Don't know how to write x'00' to the SSD. For install, I'm using USB with Microsoft media creation tool (Option 2). Not sure if that or ISO (Option 3) is preferable at link, below. Can't find the install instructions link from this forum. Thanks.

Download Windows 11
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Envy TE01-3197c
    CPU
    12th Generation i7-12700F
    Memory
    32GB DDR4-3200 SDRAM
    Graphics Card(s)
    NVIDIA GeForce GTX 1660 Super 6GB GDDR6
Don't know how to write x'00' to the SSD. For install, I'm using USB with Microsoft media creation tool (Option 2). Not sure if that or ISO (Option 3) is preferable at link, below. Can't find the install instructions link from this forum. Thanks.

Download Windows 11
HP bios have an option called secure erase. You can use that.

Access your bios by mashing F12 at boot and then in the bios menu under security should be that option.

Then you can follow my post.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell G15 5525
    CPU
    Ryzen 7 6800H
    Memory
    32 GB DDR5 4800mhz
    Graphics Card(s)
    RTX 3050 Mobile 4GB Vram
    Monitor(s) Displays
    Gigabyte M27Q (rev. 2.0) 2560 x 1440 @ 170hz HDR
    Screen Resolution
    Internal laptop screen: 1920 x 1080 @ 120hz
    Hard Drives
    2TB Solidigm™ P41 Plus nvme
    Internet Speed
    800mbps down, 20 up
  • Operating System
    Chrome OS
    Computer type
    Laptop
    Manufacturer/Model
    HP Chromebook
    CPU
    Intel Pentium Quad Core
    Memory
    4GB LPDDR4
    Monitor(s) Displays
    14 Inch HD SVA anti glare micro edge display
    Hard Drives
    64 GB emmc

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Envy TE01-3197c
    CPU
    12th Generation i7-12700F
    Memory
    32GB DDR4-3200 SDRAM
    Graphics Card(s)
    NVIDIA GeForce GTX 1660 Super 6GB GDDR6

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell G15 5525
    CPU
    Ryzen 7 6800H
    Memory
    32 GB DDR5 4800mhz
    Graphics Card(s)
    RTX 3050 Mobile 4GB Vram
    Monitor(s) Displays
    Gigabyte M27Q (rev. 2.0) 2560 x 1440 @ 170hz HDR
    Screen Resolution
    Internal laptop screen: 1920 x 1080 @ 120hz
    Hard Drives
    2TB Solidigm™ P41 Plus nvme
    Internet Speed
    800mbps down, 20 up
  • Operating System
    Chrome OS
    Computer type
    Laptop
    Manufacturer/Model
    HP Chromebook
    CPU
    Intel Pentium Quad Core
    Memory
    4GB LPDDR4
    Monitor(s) Displays
    14 Inch HD SVA anti glare micro edge display
    Hard Drives
    64 GB emmc
As I was preparing for Windows reload, I was taking screenshots of data I would lose since last backup. I opened Chrome to screenshot my history. I saw the offending tab, which was the "Access to this PC has been blocked" scam. Now that I got to see the offender details, it's definitely the same thing described in link, below.

Don't Call The "Access To This PC Has Been Blocked" Scam Number - Here's Why

Nonetheless, I've had a problem running the rootkit in Windows Defender and now having a problem with Malwarebytes when I check rootkit, even though it shows rootkit scan complete in the first minute. At about 20 minutes Malwarebytes crashes with rootkit checked.

Proceeding on, my HP BIOS does not have a secure erase option under Security or anywhere else. Any other way to erase SSD? Supposedly, I was not exposed to malware as I never followed up on scam, but still quirky trying to scan rootkit. Sometimes a little slow to boot from lock-screen, sometimes normal.

Should I leave as is, find method to erase SSD or just go straight to Windows re-install? Thanks.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Envy TE01-3197c
    CPU
    12th Generation i7-12700F
    Memory
    32GB DDR4-3200 SDRAM
    Graphics Card(s)
    NVIDIA GeForce GTX 1660 Super 6GB GDDR6
  1. Boot from windows install media
  2. use command prompt instead of install option. Through repair computer or shift + f10 at the install screen.
  3. Type in: diskpart
  4. Type in: list disk
  5. Type in: sel disk 0 which is most likely the internal drive you want to completely wipe. If you have other internal drives, You can also go back and select other disks to wipe since you have backups not plugged into the machine.
  6. Type in: clean all this may take some time. You'll know it's ready when the prompt allows you to type another command.
  7. Type quit to finally exit.
  8. Clean install windows.

    Then I would install all updates, run a windows defender scan and malwarebytes (with rootkit option checked) as secondary. Make sure they are clean again.

    Then I would check for an update for your bios for your machine so it can overwrite it with a known good bios version. This can potentially help stop a deep infection with a good overwrite.

    Use HP ia to look for updates for your device found here:

 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell G15 5525
    CPU
    Ryzen 7 6800H
    Memory
    32 GB DDR5 4800mhz
    Graphics Card(s)
    RTX 3050 Mobile 4GB Vram
    Monitor(s) Displays
    Gigabyte M27Q (rev. 2.0) 2560 x 1440 @ 170hz HDR
    Screen Resolution
    Internal laptop screen: 1920 x 1080 @ 120hz
    Hard Drives
    2TB Solidigm™ P41 Plus nvme
    Internet Speed
    800mbps down, 20 up
  • Operating System
    Chrome OS
    Computer type
    Laptop
    Manufacturer/Model
    HP Chromebook
    CPU
    Intel Pentium Quad Core
    Memory
    4GB LPDDR4
    Monitor(s) Displays
    14 Inch HD SVA anti glare micro edge display
    Hard Drives
    64 GB emmc
I do backup periodically to an external hard drive. Probably been a couple of weeks, I won't lose much, maybe a few files, none critical. Any downside to trying a restore point first?


The restore of a full backup is much better at removing ransomware.
System Restore is pretty much useless for removing ransomware.


Backup Software.png


NOTE: If you do decide to restore from a backup, don't do it from within Windows.
Use the backup software's bootable rescue media... which I hope you already made. ^^
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26100.2161 ♦♦♦♦♦♦♦24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
  1. Type in: clean all this may take some time. You'll know it's ready when the prompt allows you to type another command.
  2. Type quit to finally exit.
  3. Clean install windows.
It's running now---although there's no way to tell until it's finished if I understand you correctly. Says there is 25 GB free out of 57 GB on Disk 0, the only disk listed. But, it's a 2 TB SSD. Been 40 minutes so far, will it take a few hours? Thanks.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Envy TE01-3197c
    CPU
    12th Generation i7-12700F
    Memory
    32GB DDR4-3200 SDRAM
    Graphics Card(s)
    NVIDIA GeForce GTX 1660 Super 6GB GDDR6
It's running now---although there's no way to tell until it's finished if I understand you correctly. Says there is 25 GB free out of 57 GB on Disk 0, the only disk listed. But, it's a 2 TB SSD. Been 40 minutes so far, will it take a few hours? Thanks.


For a 2TB SSD, it's gonna take about 5-6 hours, probably.
Maybe head out to your favorite pizza joint or something. :-)
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26100.2161 ♦♦♦♦♦♦♦24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
The disk clean took about 90 minutes or so but my Windows account is still on PC. Shouldn't that be gone?

Why did the diskpart say there's 25GB free out of 57GB on a 2TB SSD?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Envy TE01-3197c
    CPU
    12th Generation i7-12700F
    Memory
    32GB DDR4-3200 SDRAM
    Graphics Card(s)
    NVIDIA GeForce GTX 1660 Super 6GB GDDR6

Latest Support Threads

Back
Top Bottom