• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Ransomware removal

G

GammaAzazel

Member
Stupidly, I've infected my phone with the moneypak "Adobe" ransomware. I booted into safe mode and managed to remotely install Avast! Ransomware removal but it wouldn't run in safemode. Had to restart my phone and boot it up like normal and start it that way but the ransomware still locks up and "takes priority" so it's always on top and I can't see if this is working or not. Anyone have experience this way? Trying not to completely factory reset my phone. I have too many memories saved in photos. (Won't let me remove photos via computer)
 
The key to remove the problem and Dont put another one on it. Now your question will be how do I know if its affected.
My answer would be where did you get it from and why do you need adobe on your device . but to answer your question just remove clear the device and you may need to do a factory data reset .
 
BRAINZ2013 said:
The key to remove the problem and Dont put another one on it. Now your question will be how do I know if its affected.
My answer would be where did you get it from and why do you need adobe on your device . but to answer your question just remove clear the device and you may need to do a factory data reset .
Click to expand...

You've not answered any part of my question and it's very difficult to understand you.
 
Mikestony said:
Are you not able to launch to Avast app to scan and remove the ransomware?
Click to expand...

I can start the app but after a few seconds of it running (it hits about 6%) the "FBI" message pops up over it like every other app. I don't know if AVAST is still running underneath or not.
 
A bit more information:

It's disguised as Adobe Flash Player and I cannot uninstall vai safe mode. That's why I've installed avast.
 
Mikestony said:
Hmmm, I found this and it looks like you are doing the right thing, save for the issue of Avast only getting to about 6% for you:
How to Use Avast's Ransomware Removal App

Let me look around some more and see if I can find anything. I realize you don't want to factory reset, I can totally understand that;)
Click to expand...

Yeah, biggest thing about it is I have pictures of my mom on here and she passed away in January. If it would let me get the pictures off of the phone I wouldn't mind.
 
Mikestony said:
Hmmm, I found this and it looks like you are doing the right thing, save for the issue of Avast only getting to about 6% for you:
How to Use Avast's Ransomware Removal App

Let me look around some more and see if I can find anything. I realize you don't want to factory reset, I can totally understand that;)
Click to expand...

Factory reset and app removed is the only fix. Just like when this affect windows its 2ways but everyone say that wiping the computer or device with a fresh start is the key.
 
GammaAzazel said:
Yeah, biggest thing about it is I have pictures of my mom on here and she passed away in January. If it would let me get the pictures off of the phone I wouldn't mind.
Click to expand...

Sorry about your mom you can get the photos off just remove the SD card or plug up and move photos to SD card or your PC .
 
BRAINZ2013 said:
You didn't try a box or Google drive account . its not much to do at this point
Click to expand...

You aren't making much sense. I'm not sure if english is your first language or not but it's nearly impossible to understand what you're saying. If you can understand what I'm saying then

This is what I've done before.

1. Booted into safe mode, found the fake app. Won't let me uninstall via THE GIANT UNINSTALL BUTTON
2. Tried to remove my pictures from my phone onto my PC, the ransomware hides my device from the PC.
3. Safemode, Installed avast, boot up normal, run avast. Starts to run but ransomware still pops up over top of it.

whatever "box" or google drive account you're talking about wouldn't work to begin with seeing as how those are completely unrelated to what I'm trying to do.
 
This might be a digression from what you want to do. In cases like this I tend to trust NOTHING and get things cleaned up ASAP and back to a guaranteed state that I can TRUST.

I just put my un-root-ed Droid Maxx in Safe Mode for you and connected with a USB cable to my Windows 7 desktop. It was set to Media device and did not show up on Windows. On the Maxx I switched to Camera and it did show up. I then switched to Media device and it did show up.

I copied an image from my Maxx to my PC and then deleted it (requested delete from PC to Maxx).

So ... after the other avenues are investigated ... you could try running in Safe Mode, copy all the images you wanted to save to the PC, and then do a Factory Data Reset.

... Thom
 
Thom said:
This might be a digression from what you want to do. In cases like this I tend to trust NOTHING and get things cleaned up ASAP and back to a guaranteed state that I can TRUST.

I just put my un-root-ed Droid Maxx in Safe Mode for you and connected with a USB cable to my Windows 7 desktop. It was set to Media device and did not show up on Windows. On the Maxx I switched to Camera and it did show up. I then switched to Media device and it did show up.

I copied an image from my Maxx to my PC and then deleted it (requested delete from PC to Maxx).

So ... after the other avenues are investigated ... you could try running in Safe Mode, copy all the images you wanted to save to the PC, and then do a Factory Data Reset.

... Thom
Click to expand...

I've tried this and it's still not showing up. I'm just about to bite the bullet and factory reset my phone....
 
It did not show up for me initially ... I immediately thought it was somehow prevented in Safe Mode ... I then switched to Camera ... it did show up ... I then switched back to Media device ... it did show up.

Where is it failing in this process for you?

... Thom
 
Box or Drive = he meant cloud storage. Dropbox has an app that will let you TF pics to whatever else Dropbox runs on. - PC, Mac Linux

Drive is a Google app that does the same.

The other option would be to use a file explorer and find the pic (DCIM) and see if you can email it to yourself from a file explorer via the share command.
 
Thom said:
It did not show up for me initially ... I immediately thought it was somehow prevented in Safe Mode ... I then switched to Camera ... it did show up ... I then switched back to Media device ... it did show up.

Where is it failing in this process for you?

... Thom
Click to expand...

I can vouch for this method, works with my phone too!
 
You must log in or register to reply here.
Back
Top Bottom