Windows 8 computer locked up - Ransom virus

On my way to help somebody who has one of those viruses where your computer gets locked up and you have to call a number for ransom.  It's a new computer so one possibility is to wipe it and start over.  Any work arounds will be appreciated.  I will post back details in about an hour.
LVL 56
Scott Fell, EE MVEDeveloper & EE ModeratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam LeinssServer SpecialistCommented:
Try booting to a WinPE disc (http://www.ubcd4win.org/ probably the quickest one to download) and see if you can open up the files from WinPE.  Look for text files.  If they don't open from WinPE, then the files are probably encrypted and it's best to wipe and reload.  If you can open the files from WinPE, then you can try doing a system restore and running HitMan Pro, TDSSKiller, etc.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
Some of those will encrypt all the data. If that happened, might be out of luck and have to restore everything from scratch. Otherwise booting off a USB stick or some other way of getting access to the drive should allow you to scan it and clean up the problem.

If you can get access to the drive, I would suggest just get the data off and then wipe it. Lingering damage from viruses can cause all sorts of problems.
Sudeep SharmaTechnical DesignerCommented:
If it is old CryptoLocker it would be decrypted but if it is new variant of some other encryption locking virus it would not be that easy to decrypt.

Removing any of these is not hard but getting the files back it.

See the link below and other ways to get your files back from backups after removing the infection:
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Sudeep
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Nick RhodeIT DirectorCommented:
There are a couple methods to try but I would count on not being able to recover the data that has been encrypted if that's the case from the ransomware.  

Here is a good article that covers a few things: Ransomware

Covers the types of popular scareware, ransomware, crypto-locker etc along with some methods of removal.

I have also composed an article to removing all kinds of malware/viruses etc which can be found here:  Virus Removal Guide
Scott Fell, EE MVEDeveloper & EE ModeratorAuthor Commented:
I am just wiping everything out and starting over.  I had malewarebytes (paid) installed but notice that the realtime protection was off.  Is there something better than malewarebytes?
Adam LeinssServer SpecialistCommented:
An ounce of prevention is worth a pound of cure.  I would start by making sure they don't have admin rights or use a special account when they want to install software, then log off of that admin account when done.  AntiVirus solutions are about 40% effective based on recent studies.  Essentially: keep all software up-to-date and don't download crapware.
NVITEnd-user supportCommented:
> ...realtime protection was off.  
I wonder how that happened

> ...Is there something better than malewarebytes?
For ransomware, I've protected user stations with Malwarebytes Anti-Exploit. They free and paid versions. It has a helped a few times so far.

Another free and paid alternative is CryptoPrevent.

Both have low footprints.
Scott Fell, EE MVEDeveloper & EE ModeratorAuthor Commented:
Thank you to all Experts and especially for the very fast response!

Fortunately this was a week old computer with no data.  It came with a feature to reinstall windows feature that wipes all old data out (lenovo yoga) and that is what I did.    I also added the paid Malwarebytes Anti-Exploit to the paid Malwarebytes anti virus.

As a side note, I instructed the user to put all files on a paid dropbox folder because if something were to be corrupted or accidentally deleted, all revisions are saved forever in dropbox.
NVITEnd-user supportCommented:
Glad you worked it out, Scott.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 8

From novice to tech pro — start learning today.