Rogue+no safe mode w/ cmd

Hi Guys,

I'm curing a PC with ransomware, where safemode with command prompt failed.

I booted to KAV rescue disc 10, every 5 minutes or so, KAV rescue would, blank screen. Acting like a screen saver. The screen saver, interrupt could not be from windows, as it did not load.

So does KAV rescue cd/usb have a built in screen saver?

Throughout out the scan KAV said the machine was infected chose delete, upon completion, quarantine was empty. Seems rather awkward, is this just a Russian English thing?

Also at KAV rescue > chose terminal > windowsunlocker <enter> 1 unlock windows > reboot > got into windows but did not have network, nor would MBAM load, then rogue re-appeared.

Next reboot to KAV rescue 10 > terminal windowsunlocker > scan with KAV (about 3.5 hours)

Next being skeptical > safemode with cmd prompt >create admin account remove virus > boot to remove virus > update & scan MBAM

Have I missed something obvious, please critique with suggestions:

Thanks
Rico

 

The behaviour is normal. I didn't bother to see exactly if it's a screen saver (if it is, it's not the Windows one, of course) or the monitor's power saving feature, but it happens to me as well.

 

You could try Hitman pro kickstart.

 

Thanks guys,

Kickstart -did not think of that one

 

Did you have a look at the hard drive partitions with a bootable partition management software such as GParted?

A few months ago I saw a video on Britec09's YouTube Channel which showed that a Rogue made a new partition and set the new partition as "Active". The Windows System Partition was still there and was no longer set as "Active".

If it exists, could this Rogue "Active" Partition be contributing to your problems?

 

Thanks I'll check it out!