PC hacked encrypted files

[Iwantcookies]

Hi there 

Well, it seems my system has been hacked and files are encrypted. Asked me for bitcoins.... 

Funny thing I got nothing on the system it's just for playing games. Had ESET on my system this hack however or whatever deleted the antivirus didnt allow me to uninstall to install again. 

Reinstalled windows and same thing. Antivirus deleted, deleted partition only and installed windows. This time didnt install antivirus and left the PC on for few hours on and this encrypted thing happened. 

Any idea how to clean the system from anything left on it? 

256gb SSD 

1Tb hard drive

 

Currently nothing is installed on it. How do I clean the system making sure whatever is on it is gonna be taken care of

[Sauron]

Can you post a screenshot? Are there any other PCs on your network, particularly something old with Windows Xp or an outdated version of 7?

 

Have you completely formatted both your drives?

[Enderman]

When you isntalled windows did you delete all the partitions on your drives?

[Iwantcookies]

10 minutes ago, Sauron said:

Can you post a screenshot? Are there any other PCs on your network, particularly something old with Windows Xp or an outdated version of 7?

 

Have you completely formatted both your drives?

There is nothing to show now it was a ransomware attack, and system is totally gone.

I deleted the windows.

 

I have a separate laptop not infected creating ubuntu flash now. 

I thought first just to delete partitions while installing the windows and creating new one and simple format in windows 10 installation would work but nope. I dont even trust my bios now and have to flash that. 

 

[Vishera]

It's possible that the USB drive you installed Windows with is infected,

Did you use the official iso image from Microsoft's website to install?

[Iwantcookies]

4 minutes ago, Enderman said:

When you isntalled windows did you delete all the partitions on your drives?

Yap did but it didnt work somehow this attack is able to survive that. 

Also, not sure how it gets Eset. I know it makes the system boot on safe mode and then does something to the antivirus. And it just stops working 

[Iwantcookies]

1 minute ago, Vishera said:

It's possible that the USB drive you installed Windows with is infected,

Did you use the official iso image from Microsoft's website to install?

Well, i dont trust USB drives. Using CD to install the windows. That you cant infect so it's not from that 

[Vishera]

Just now, Iwantcookies said:

Well, i dont trust USB drives. Using CD to install the windows. That you cant infect so it's not from that 

Any storage medium can get infected with malware,including CDs...

[Iwantcookies]

3 minutes ago, Vishera said:

Any storage medium can get infected with malware,including CDs...

I know but I know this one is clean. It's an old cd which I use only during installation. I will try to get a new one and try it I want to format the hard drive not sure how any ideas?I know it's on boot sector I detected it on bios too

[Void Master]

4 minutes ago, Vishera said:

Any storage medium can get infected with malware,including CDs...

Yes, but if the disc wasn't re-writable  which is 100% this case, since there are no windows installation discs on re-writable discs.

(unless u make one)

Thus the information is already burned to disc and can't be changed.

I would do the same as last resort... 

[Vishera]

11 minutes ago, Iwantcookies said:

I want to format the hard drive not sure how any ideas?I know it's on boot sector I detected it on bios too

Download Hiren's BootCD PE,and make a bootable CD or USB drive out of it.

Boot into it then open "AOMEI Partition Assistant",click on the drive and click on "Wipe Hard Drive".

 

Hiren's BootCD PE download page:

https://www.hirensbootcd.org/download/

[Iwantcookies]

17 minutes ago, Void Master said:

Yes, but if the disc wasn't re-writable  which is 100% this case, since there are no windows installation discs on re-writable discs.

(unless u make one)

Thus the information is already burned to disc and can't be changed.

I would do the same as last resort... 

Ya I dont think it's the cd but it a normal DVD_R 

[Iwantcookies]

10 minutes ago, Vishera said:

Download Hiren's BootCD PE,and make a bootable CD or USB drive out of it.

Boot into it then open "AOMEI Partition Assistant",click on the drive and click on "Wipe Hard Drive".

 

Hiren's BootCD PE download page:

https://www.hirensbootcd.org/download/

Thank you very much really appreciate it, any idea which antivirus would work best against this? ESET seems to be useless 

[Vishera]

4 minutes ago, Iwantcookies said:

Thank you very much really appreciate it, any idea which antivirus would work best against this? ESET seems to be useless 

Hiren's BootCD PE has multiple anti-virus solutions in it,It's a bootable emergency environment after all.

 

In Hiren's BootCD PE open Malwarebytes,update it and then start a scan.

[Iwantcookies]

1 hour ago, Vishera said:

Hiren's BootCD PE has multiple anti-virus solutions in it,It's a bootable emergency environment after all.

 

In Hiren's BootCD PE open Malwarebytes,update it and then start a scan.

Sorry for the late reply I was busy with linux trying to erase the hard drive with linux and then with hiren's boot cd 

Do you think the usb is safe to use after this? Or could the virus have jumped into it?

[Vishera]

Just now, Iwantcookies said:

Sorry for the late reply I was busy with linux trying to erase the hard drive with linux and then with hiren's boot cd 

Do you think the usb is safe to use after this? Or could the virus have jumped into it?

You can scan it in Hiren's BootCD,there is Malwarebytes in there you just need to update it and scan.

[Iwantcookies]

1 hour ago, Void Master said:

Yes, but if the disc wasn't re-writable  which is 100% this case, since there are no windows installation discs on re-writable discs.

(unless u make one)

Thus the information is already burned to disc and can't be changed.

I would do the same as last resort... 

Sorry for late reply, to be honest I'm not sure what happened if the windows closed it or the DVD is still open to be written on and if it's possible for the virus to do that. Now I'm using linux to format the drive. I'm gonna do the hard drive first then the SsD separately and bios is already flashed. Do you think this is enough?

[Iwantcookies]

2 hours ago, Vishera said:

You can scan it in Hiren's BootCD,there is Malwarebytes in there you just need to update it and scan.

It keeps finding the same thing over and over again, any idea how to fix it?

[Vishera]

3 hours ago, Iwantcookies said:

It keeps finding the same thing over and over again, any idea how to fix it?

 

Spoiler

 

It's possible that the Windows image you are using for installation is infected,

Try downloading the latest version from Microsoft and use that.

[nanopone]

this is ransomware. there's nothing you can do, the encryption would take years to break.