PC blocked

Paperhouse · 11/05/13 - 19:31

I seem to have ransom ware on my PC. Even when not connected to the Internet my screen is taken over by an official looking page which states 'ATTENTION! Your PC is blocked due to at least one of the reasons specified below'. I am then accused of downloading porn and invited to pay a £100 fine. The page occupies all of my screen and I have no access to any computer function. What should I do?

curiousclive · 11/05/13 - 19:37

If you have the installation disk for your computer or a retail version Maybe you can reformat your hard drive and do a clean install. Or if you have done image backups from before the problem you can restore from that.
In my opinion this is the only way to be sure of removing all of the malware of this type.
Whatever you do do not click on any links in the popup or even think about paying anything.

max99 · 11/05/13 - 19:42

Post the exact name (FBI CyberCrime, etc) and any other relevant wording and someone will point you towards a suitable removal guide.

Paperhouse · 11/05/13 - 19:49

Would know where to being in reformatting the hard drive and I don't know what this thing is called. In any event it takes over the entire screen so there's no address bar and no icons. It renders the entire PC inoperative.

max99 · 11/05/13 - 20:09

Post all the wording, or even better, post a photo of it.

There are plenty of 'general' removal guides, but it's best to follow one which is specific to your exact version:

https://www.google.co.uk/search?q=ATTENTION!+Your+PC+is+blocked+due+to+at+least+one+of+the+reasons+specified+below

A lot of the guides will just encourage you to download their own (sometimes dodgy) software, so again, post more information so we can identify the malware.

In the meantime, see if you can boot into Safe Mode by tapping F8 as soon as you switch on.

call100 · 11/05/13 - 20:09

Several possible solutions.....There are a couple here.
Good luck...

Paperhouse · 11/05/13 - 20:25

call100 wrote: »

Several possible solutions.....There are a couple here.
Good luck...

That's the one 'Ukash scam'. But I can't find any way of starting in safe mode. Arrows don't work and neither does F8. Looks like a trip to my friendly PC repair man!

LION8TIGER · 11/05/13 - 20:45

Paperhouse wrote: »

That's the one 'Ukash scam'. But I can't find any way of starting in safe mode. Arrows don't work and neither does F8. Looks like a trip to my friendly PC repair man!

http://forums.digitalspy.co.uk/showthread.php?t=1815658&highlight=

You need to boot from a rescue disk if safe mode is not working.

max99 · 11/05/13 - 21:02

Paperhouse wrote: »

That's the one 'Ukash scam'. But I can't find any way of starting in safe mode. Arrows don't work and neither does F8. Looks like a trip to my friendly PC repair man!

If you mean that F8 and the arrows aren't being recognised as keypresses, that's usually down to a USB keyboard issue. Using a PS2 keyboard or altering a setting in the BIOS ('Enable Legacy USB' or words to that effect) will normally fix it.

Paperhouse · 11/05/13 - 21:03

LION8TIGER wrote: »

http://forums.digitalspy.co.uk/showthread.php?t=1815658&highlight=

You need to boot from a rescue disk if safe mode is not working.

Or, since I have no idea of how to do that, visit my friendly PC repair man.

call100 · 11/05/13 - 21:18

Paperhouse wrote: »

Or, since I have no idea of how to do that, visit my friendly PC repair man.

At the end of the day, it's whatever is simplest for you...Good luck.

LION8TIGER · 11/05/13 - 22:01

max99 wrote: »

If you mean that F8 and the arrows aren't being recognised as keypresses, that's usually down to a USB keyboard issue. Using a PS2 keyboard or altering a setting in the BIOS ('Enable Legacy USB' or words to that effect) will normally fix it.

That could be an issue max especially if OP is using XP but I've seen a couple of posts on here in the last month or so where it disables safe mode.

max99 · 11/05/13 - 22:39

LION8TIGER wrote: »

That could be an issue max especially if OP is using XP but I've seen a couple of posts on here in the last month or so where it disables safe mode.

True. The ones I've seen recently prevent Safe Mode from loading, but it's not clear from the OP's description if they can even call up the F8 menu.

tealady · 11/05/13 - 22:42

max99 wrote: »

True. The ones I've seen recently prevent Safe Mode from loading,

Does that mean you can only go back to a system image? Or can you use a recovery disk?

max99 · 11/05/13 - 22:54

tealady wrote: »

Does that mean you can only go back to a system image? Or can you use a recovery disk?

Safe Mode not working makes it a bit harder to fix, but you still have the option of using a rescue disk (as per L8T's link), a Linux disk, or by connecting the drive to another machine and scanning/manually removing the infected files.

A lot of this ransomware consists of just a couple of .exe files, which are easily spotted and removed - as long as you can actually access them. Some, however, are far more difficult to remove.

Paperhouse · 11/05/13 - 23:44

max99 wrote: »

True. The ones I've seen recently prevent Safe Mode from loading, but it's not clear from the OP's description if they can even call up the F8 menu.

For the avoidance of doubt, I can't call up any menu.

Paperhouse · 11/05/13 - 23:49

Seems my daughter had this on her laptop recently and it rendered the machine unusable. She left it turned off for a couple of days and the virus disappeared!

tealady · 12/05/13 - 04:00

max99 wrote: »

Safe Mode not working makes it a bit harder to fix, .... however, are far more difficult to remove.

Thanks for the info .

Smiley433 · 12/05/13 - 12:59

Paperhouse wrote: »

Seems my daughter had this on her laptop recently and it rendered the machine unusable. She left it turned off for a couple of days and the virus disappeared!

You absolutely sure it had disappeared? Perhaps it's just gone into lurking mode and is pilfering your login details for all sorts of sites without the user noticing. I'd be very cautious about knowingly having seen a virus of this nature on my PC, then not seeing any sign of it after taking no action myself - I'd be pretty convinced it was still there.

Zenith · 12/05/13 - 16:29

Paperhouse wrote: »

Seems my daughter had this on her laptop recently and it rendered the machine unusable. She left it turned off for a couple of days and the virus disappeared!

As posted above, I very much doubt that it has gone.

I would suggest that you tell your daughter to run Malwarebytes on her laptop. Perform a "full scan" of the C: drive.

Paperhouse · 12/05/13 - 21:16

I borrowed a keyboard with a PS2 plug and was able to access safe mode and ran Malwarebytes. All seems to be back to normal. Thanks for all advice received.

Paperhouse · 15/05/13 - 00:44

Now this may or may not have anything to do with the previous problem but............

The following keeps appearing on the screen..........

RunDLL Error loading C:\PROGRA~3\Jelwib.dat the specified module could not be found

Also..........

When doing a McAffee scan the follow appears on a blue screen...........

IRQL_GT_ZERO_AT_SYSTEM_SERVICE

Any ideas?

Hey there!

Quick Links

PC blocked

Comments