Author Topic: FBI Randsome Ware (Read 8707 times)

drmtree · « **Reply #15 on:** September 12, 2012, 03:03:06 PM »

Thank you. Attached are the logs 1) log after a fix using your files: command 2) log after a quick scan. Internet is still now working. Last night, I downloaded and executed a program that was intened to resolve the network error from Microsoft, but it did not work.

I am awaiting for your response. At the same time, I am seriously thinking about reinstalling the OS.

Pondus · « **Reply #16 on:** September 12, 2012, 03:12:16 PM »

Quote

At the same time, I am seriously thinking about reinstalling the OS.

dont give up before Essexboy do

drmtree · « **Reply #17 on:** September 12, 2012, 03:33:49 PM »

Thanks, Pondus. That gives me hope.

essexboy · « **Reply #18 on:** September 12, 2012, 05:30:07 PM »

Quote

< netsh winsock reset /c >
Access is denied.

This is the problem the registry key has had the permissions changed

Download Windows Repair (all in one) from this site

Install the programme then run

Go to step 3 and allow it to run SFC

On the start repairs tab click start

Select the following items and tick restart system when finished

drmtree · « **Reply #19 on:** September 12, 2012, 08:26:03 PM »

It did not work... I ran OTL fix to see how it responds to "netsh winsock reset /c" and I got the following error message in the log.

"Error: Unable to interpret <netsh winsock reset /c> in the current context!"

Awaiting your response.

essexboy · « **Reply #20 on:** September 12, 2012, 08:34:54 PM »

Still no net connection ?

drmtree · « **Reply #21 on:** September 12, 2012, 08:39:18 PM »

No internet connection. It appears that winsock.dll has been deleted or missing. I ran cmd to see if how it responds, and it says "The system cannot find the file specified."

drmtree · « **Reply #22 on:** September 12, 2012, 09:29:29 PM »

FYI
- As a follow up, I used Compete Internet Repair - no luck
- Also used MicrosoftFixit50203, which is intended to fix the internet connection error including reinstalling winsock. - no luck
- Ran OTL and CMD, and used netsh winsock reset /c, and got "The system cannot find the file specified".

The file is still missing.

Left123 · « **Reply #23 on:** September 12, 2012, 10:16:30 PM »

You have to be careful,this is the only type of ransomware that can repair its files and come back.
Please see this youtube video http://www.youtube.com/watch?v=KNJNsRBtwxM
Fix Windows Errors by Re-registering All Your DLL's

essexboy · « **Reply #24 on:** September 12, 2012, 10:40:58 PM »

OK lets get a spare winsock.dll

Run OTL.

Select All Users
Under the Custom Scan box paste this in

/md5start
winsock.*
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
Attach the log

drmtree · « **Reply #25 on:** September 13, 2012, 12:54:46 AM »

Please see attached for the OTL quick scan log.

Aventador · « **Reply #26 on:** September 13, 2012, 04:23:25 AM »

Here is a complete guide that works all the time.

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

essexboy · « **Reply #27 on:** September 13, 2012, 02:15:51 PM »

Aventador does that replace the missing file... Please read the entire thread before jumping in with unrelated fixes

drmtree
Download the file from the link below to your windows/system32 folder
https://dl.dropbox.com/u/73555776/wsock32.dll

Then re-run Internet repair

Author Topic: FBI Randsome Ware (Read 8707 times)

drmtree

Re: FBI Randsome Ware

Pondus

Re: FBI Randsome Ware

drmtree

Re: FBI Randsome Ware

essexboy

Re: FBI Randsome Ware

drmtree

Re: FBI Randsome Ware

essexboy

Re: FBI Randsome Ware

drmtree

Re: FBI Randsome Ware

drmtree

Re: FBI Randsome Ware

Left123

Re: FBI Randsome Ware

essexboy

Re: FBI Randsome Ware

drmtree

Re: FBI Randsome Ware

Aventador

Re: FBI Randsome Ware

essexboy

Re: FBI Randsome Ware