Ransomware, Windows Vista, Ubuntu and General Computer Oddities

Over the weekend I had the fun of fixing a laptop that had become infected with what is known as ransomware. This is a particularly nasty form of virus which renders the computer useless by displaying a graphic on screen and making all other functions of the computer effectively unusable.

The displayed graphic proclaims that the computer has been used to perform illegal activities and carries several authoritative logos and says that the user must pay a fine in order to get the use of the computer back. This is of course not an official action and the money from the ‘fine’ actually goes to the people behind the virus. Suffice to say, payment of the fine does nothing to fix the computer either.

I have fixed a laptop from this virus before. It’s a fairly crude and unsophisticated implementation and I found it possible to get round it by using the safe mode boot and locating the processes behind it and manually removing them. It did take me all day though.

Not wishing to spend the same amount of time again I decided to try and shortcut the procedure and make use of Microsoft’s offline removal utility. Supposedly all I needed to do was create a CD on my computer from the downloaded ISO file and boot the sick laptop from it.

Ooops

It all sounded so easy.

I should add at this point that the laptop in question was brought to me because the owner doesn’t have money to waste and had taken the laptop to PC World to investigate and had been told the virus had killed the hard disk and the cost was going to be no less than £75 to look and £50 to fix, or something. Plus the cost of the hard disk of course.

No idea what they were going to do with the customers data.

Before trying the Microsoft fix CD I did boot the laptop and confirm the presence of the virus, but did nothing else to try and fix it.

Sadly, the Microsoft CD reported and failure to run after displaying a logo and the status bar for a short time. No indication of what may or may not have been done to the computer, just an error saying it could not load something.

After that the laptop would not boot again, giving as error saying there was no boot partition or OS found. Maybe this was the error that PC World ran into. It did seem odd that I had one good boot and then after running the MS disk I could not boot the laptop again. It could be just bad luck, I have no idea. What I did know though was that I was sure the hard disk was not dead.

Copy That Data Off

Thankfully I have the means to attach a laptop disk to my computer and attempted to copy the data off the laptop to my network storage. I probably should have done this first. It turns out the disk was split into two partitions. My computer, however, was only able to read the secondary partition, which had most of the data on it. The system partition was unreadable. My Windows 7 disk manager showed the partition to be RAW instead of NTFS and would not read any data from it. The same was true of my Windows 8 computer.

Linux to the Rescue

A bit of web searching later set me onto the tip that the Linux Operating System would be able to read the disk. This would be my first foray into the murky world of free OS software but I was prepared to give it a go.

I headed off to the Ubuntu website and created a DVD from the easy to download image. The helpful thing about this is that you can boot from the DVD and run the OS direct without having to install it onto any disk. On starting up Linux displayed to me all my available disks, including the two partitions on the suspect disk and all the data. More than that, it also connected to my network and enabled me to copy the data from the system partition to the same network disk that I had already copied the data to from the secondary partition.

What impressed me most about this experience was that Windows 7 had copied the data at a rate of less that 400kb/s while Ubunu was copying the data at a rate of about 700kb/s, almost twice as fast. In both cases, the data was being copied from a laptop disk in a caddy attached to my computer via a USB port and onto an external disk that is connected to my router via a USB port at the back of the router and presented as a storage device on the network.

I will point out that in situations like this, both Windows and Ubuntu feature the same stupidity that has bugged me about GUI Operating Systems for a long time. When someone (me) is copying a large volume of data from one drive to another there will inevitably be the occasional item requiring clarification. Say a system file, or hidden file, which the OS wants confirmation that the file should be copied along with all the other. This I don’t mind. What does bug me is that the copy process stops at that point and waits for the response. The copy should continue in the background and any further errors should get added to the message dialog while the OS continues to process the task in hand in the background as requested. At this point in the history of computers basic usability items like that should exist in ALL operating systems, yet developers continue to fail the users this way.

Now to Install Vista

Data safe, now it was time to recover the OS. Sadly, no matter what I tried, I was unable to get the RAW partition recovered to a point that I could boot the laptop again and look into removing the virus so I had to revert to the next best option, install Vista again.

One small problem, I have no disk or licence key.

After yet more searching about I managed to discover that this brand of laptop (Acer) includes a hidden rescue partition than can be accessed by pressing ALT-F10 during boot. How wonderfully helpful.

About an hour later Vista is restored onto the original partition. This is probably the best way to remove a virus like this anyway. Or any virus for that matter.

The Update Mountain.

This is where the fun really started. Vista is now, ahem, a few years old and there are numerous updates so the first job was to install Microsoft Security Essentials, scan the drives and then get on with the updates.

First rotation: 104 updates.

Yes, Windows Update said that’s how many updates needed to be installed and so I left it running and did other things.

On completion, one of the updates was the ridiculous Browser Choice Screen, I won’t go into the history of it, but it’s a bloody stupid thing and the judges that made MS create it are even more stupid. That aside, the choice screen presented me with a choice of browsers and so I chose Internet Explorer, so off it went to install it.

Except it wouldn’t because apparently a required update was missing in order for IE9 to install. Helpfully a link was provided for me to download and install Vista SP2, which is needed for IE9. SP2, it told me, includes all previous updates. So why did I just have to install 104 updates I wonder.

Except that wouldn’t install because SP2 requires SP1 to be installed first, and a link is provided. SP1, apparently also includes all previous updates.

Riiiight. Okay.

SP1 and SP2 get installed, along with the chosen browser. Its several hours later now and into the evening. It is also a bank holiday weekend, this should be so much easier.

Second rotation: 136 updates!

But I’ve just installed 2 Service Packs! Yes it really did install that many updates!

Being helpful, I have a spare licence key for Office 2007 and install that for the owner. I also install Office 2007 SP2, which it seems does not require SP1 first. Unless the Office install I have comes with SP1 embedded, I don’t actually recall.

Third rotation: 41 updates.

Yes, after installing all the Windows updates and then Office and its SP2 update, there were still more to come.

In total the amount of time installing updates was longer than the amount of time it took to confirm the virus, copy the data and recover to factory install.

Sometimes working in IT is fun, sometimes it leaves me wondering ….

Related articles

• Employ bootable CD to recover data, thus, users still can recover lost data when computer can’t normally boot. (powerdatarecovery.wordpress.com)
• How to create a bootable ubuntu USB stick? (techosolutions.wordpress.com)
• Ubuntu Love (mbman.wordpress.com)
• Rescuing windows when boot loader is deleted. (seethesource.wordpress.com)