I'm being held hostage by ransomware

[Clix Pix]

Coming in a bit late to this thread, Mike, and don't really have much to offer as far as help since I am a Mac user. You have my sympathy and I hope you are able to successfully resolve this -- looks as though you have gotten some good and thoughtful suggestions.

I use Malware Bytes and periodically scan my machines, and I also am a big believer in on-site and off-site backups. I also have backups of my photo files which are separate from the backups of my other files and I tend not to keep a lot of files on my machine's internal drive but rather safeguard them on external HDDs and SSDs. My backups have backups! That said, the one thing I have NOT done, although I have meant to do so for a long time, is to create complete image backups of the computer's contents. Reading this thread is again nudging me to take care of that sooner rather than later. Good luck with your restoration to computer health!

 

[Mike Buckley]

I'm nearly ready to format the hard drive. Please confirm:

• Do I format using Windows on my hard drive or using Windows on the thumb drive?
  
• When formatting, which file system should I use?
• When formatting, which cluster size should I use? (I don't use the computer for viewing movies or playing games.)

 

[Growltiger]

I'm nearly ready to format the hard drive. Please confirm:

• Do I format using Windows on my hard drive or using Windows on the thumb drive?
  
• When formatting, which file system should I use?
• When formatting, which cluster size should I use? (I don't use the computer for viewing movies or playing games.)

Boot from the thumb drive. Format using default settings (which will be NTFS). Just let it do what it wants.

 

[dburanich]

I'm nearly ready to format the hard drive. Please confirm:

• Do I format using Windows on my hard drive or using Windows on the thumb drive?
  
• When formatting, which file system should I use?
• When formatting, which cluster size should I use? (I don't use the computer for viewing movies or playing games.)

Mike
Here's a link to a YouTube video that may help you.
Don't do what they show on the first two minutes.
After the two minute mark looks like what you need.

Hopefully Richard will chime in soon and he can add any information.

 

[Mike Buckley]

Thank you again to Richard and Dave!

 

[dburanich]

Thank you again to Richard and Dave!

Definitely go by what Richard suggests.
He is definitely the expert.
When I sent you the link I was fearing that Richard might not be online any longer for the evening.
There is quite a difference between his time zone and yours and mine.

 

[Growltiger]

I'm on time zone zero. I was away eating but I'll be around on and off until bed time.
It is essential to boot from the USB drive, that way you know you are running clean software. Also it is the way to do a clean install.
Make sure you are connected to the internet and you will find that Windows magically activates itself.

 

[Walter Rowe]

One note of caution to everyone who uses scheduled jobs to clone (mirror) their drives to external disks. I recommend keeping those external disks DISCONNECTED at all times except when those jobs need to run. Malware is very system aware. It will invade ALL of your connected disks as a means of increasing its impact and to preserve itself.

Mike .. make sure your IT security professional scans your BACKUP disks as well as your system disk(s) to insure they have fully eradicated the malware.

 

[Mike Buckley]

Walter: I decided to give this a go myself thinking that if I can't get everything up and running over the weekend, I'll be no worse off than turning it over to a pro on Monday.

 

[Mike Buckley]

I seem to be at a dead end before getting started because I can't boot up using the USB drive.

My Dell computer manual says to press F12 when the Dell logo appears to make that happen but F12 isn't affecting anything. The manual also says that pressing F2 instead gets me into the BIOS setup, which would allow me to manually change the setting that determines the boot device. Using F2 also affects nothing. I was unsuccessful using two keyboards, one of which is a Dell keyboard.

Dell tells me that for a one-time charge of $129, they'll get it fixed remotely no matter how long it takes and that if they can't fix it, the charge will be cancelled.

Considering the cost of turning the machine over to a pro at $85/hour, I'm tempted to try Dell's offer. I'll fix supper over a very good wine and then make a decision.

Any other ideas from you folks?

 

[Growltiger]

I seem to be at a dead end before getting started because I can't boot up using the USB drive.

My Dell computer manual says to press F12 when the Dell logo appears to make that happen but F12 isn't affecting anything. The manual also says that pressing F2 instead gets me into the BIOS setup, which would allow me to manually change the setting that determines the boot device. Using F2 also affects nothing. I was unsuccessful using two keyboards, one of which is a Dell keyboard.

Dell tells me that for a one-time charge of $129, they'll get it fixed remotely no matter how long it takes and that if they can't fix it, the charge will be cancelled.

Considering the cost of turning the machine over to a pro at $85/hour, I'm tempted to try Dell's offer. I'll fix supper over a very good wine and then make a decision.

Any other ideas from you folks?

Nonsense, don't pay, you can do it! I'm guessing that you didn't sit there pounding at the F12 or F2 key again and again. You don't just press it once. Try again but keep hitting it again and again quickly from when you power on until it works. It has to work.
I have to go now but will be around again in 8 hours or so.

 

[nuclearjock]

Nonsense, don't pay, you can do it! I'm guessing that you didn't sit there pounding at the F12 or F2 key again and again. You don't just press it once. Try again but keep hitting it again and again quickly from when you power on until it works. It has to work.
I have to go now but will be around again in 8 hours or so.

+1 Keep trying Mike.

 

[Mike Buckley]

Thanks, Richard. Have a good night's sleep! Rick, enjoy your wine as good luck for me.

I actually did press the function keys repetitiously because I had read on a website that doing so is required.

 

[nuclearjock]

Rick, enjoy your wine as good luck for me.

As we speak .

 

[Growltiger]

Thanks, Richard. Have a good night's sleep! Rick, enjoy your wine as good luck for me.

I actually did press the function keys repetitiously because I had read on a website that doing is is required.

Try holding it down then. It just has to work. I'm assuming you have the right manual.

I'm wondering if it is possible that the malware managed to inhibit it by changing a BIOS setting. It doesn't seem at all likely. If that did happen somehow then the solution would be to open the case, having unplugged from the power, and remove the CMOS battery (it is a small lithium cell on the motherboard). Then wait an hour. Then put the battery back in and power on. Then the F12 or F2 should work.

Tell me the Dell model number. There may be a key sequence that will trigger a recovery to factory state (using a hidden partition).

 

[nuclearjock]

Mike, try the Del key.

 

[dburanich]

Thanks, Richard. Have a good night's sleep! Rick, enjoy your wine as good luck for me.

I actually did press the function keys repetitiously because I had read on a website that doing so is required.

As Richard said keep hitting the F keys.
Once you get into the bios you can change the boot sequence.
Right now it probably says #1 is hard drive.
Change #1 to USB
Make #2 hard drive
Once you get it changed, make sure you have the thumb drive in the USB port, as it powers up it will say hit any key to boot from usb
Hit your space bar several times and that should do it.

 

[Mike Buckley]

I was finally able to interrupt the normal boot process. The trick was your suggestion to begin pressing F12 immediately upon startup rather than waiting for the Dell logo to appear, as explained by the manual. I wasn't able to intuitively use the interface that appeared, so I'll fix supper, become a bit refreshed and make another go of it while following the manual.

 

[Walter Rowe]

Wishing you the best of luck Mike.

 

[Mike Buckley]

I've had a certain amount of success but I'm not completely there yet and I don't know how to proceed.

I successfully booted using the USB drive. Windows was installed during that process.

There was one screen that gave me two choices but went by so fast that I have no idea what they were. Something perhaps about choosing between Windows and Windows Option 4 ("option" may not be the accurate word). The default was the first of those two choices. When the process automatically advanced to the next screen, the default was selected.

Windows was installed and I can now boot without using the USB drive. There is no data in any of the directories such as Documents, Pictures, Music, etc. However, the amount of disk space being used remains about the same as before I installed Windows using the USB drive. That makes sense to me because I was never given the opportunity, at least not that I noticed while watching the entire process, to format the hard drive.

So, it seems that I have two Windows sections, the old section, which contains all of the old information, and the new section which contains very little information. I wouldn't know how to access the old section and, as far as I know, I wouldn't want to. I remember seeing something during the Windows installation process about that but it either went by too fast or I didn't understand it.

Current Status
My hard drive has not been formatted, which I thought I would do from the USB drive. I wasn't given that opportunity, at least not that I saw.

What is my next step?

Many thanks for everyone's help throughout this process!