Appear to have been attacked with Bitlocker

Page 1 of 2 12 LastLast

  1. Posts : 48
    10 1709
       #1

    Appear to have been attacked with Bitlocker


    Today I started my computer and shortly thereafter, Bitlocker was running and going through my drives. I am running Malwarebytes and Bitdefender. No apparent protection. I presume it is a malicious attack.

    Malware bytes is not helpful. Bitdefender flags a bunch of stuff but provides nothing I understand to recover. No relationship shown between files and where Bitlocker came from. Bitdefender has had an ongoing objective to remove control and information from the user. So it is harder now.

    I have C and D drives. C is locked and needs a password. D was in progress when I stopped the process by a restart. But it too is already encrypted and needs a password.

    Is there any way to recover from this mess? Searching, I have only really found information on how to set Bitlocker up. Not my problem. Searching has only yielded how to set up Bitlocker.
      My Computer


  2. Posts : 8,057
    windows 10
       #2

    Is windows loading or not can you get to cmd prompt or safe mode. I am wondering if a its a fake or a script ran to do it which be on the system which may contain the password
      My Computer


  3. Posts : 48
    10 1709
    Thread Starter
       #3

    The computer runs. It is the machine I am typing this on. That is part of the puzzle.

    When I try to open C or D with explorer, I get a message about needing a password.
      My Computer


  4. Posts : 194
    Windows 10
       #4

    Bitlocker is part of Windows OS and should not be attacking your computer, is it possible that this is a ransomware attack that mimics Bitlocker? If so you need to find help of a forum that deals with malware. If this is actually Bitlocker that is malfunctioning you may be hooped and have to reformat.
      My Computer


  5. Posts : 16,325
    W10Prox64
       #5

    Hi.
    I realize I'm late to the party....but.... this does sound suspicious to me.
    There is an encryption virus that uses Bitlocker to encrypt your drives and then demands a ransom.
    Bit Locker Ransomware Support Help Topic - Ransomware Help & Tech Support

    .
      My Computer


  6. Posts : 8,057
    windows 10
       #6

    Please download and save FRST 64bit or FRST 32 bit to your Desktop.

    http://download.bleepingcomputer.com/farbar/FRST.exe

    http://download.bleepingcomputer.com/farbar/FRST64.exe

    Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

    Make sure that Addition option is checked.
    Press Scan button.
    It will produce a log called FRST.txt in the same directory the tool is run from.
    Please copy and paste log back .
    The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
      My Computer


  7. Posts : 16,325
    W10Prox64
       #7

    At present, there is no known way out of the Bit Locker Ransomware.
      My Computer


  8. Posts : 48
    10 1709
    Thread Starter
       #8

    Just saw the posts above. Unfortunately it will take a bit to download the file indicated. I just can't seem to win.

    I recently installed a new router. Asus has included a TrendMicro service. Today I turned it on. It will not accept the bleepingcomputer site. I could find no way to tell it to stop screwing around, and let me go there. So, I tried to deactivate the application; it appears that is also a nono. Argh! My computer continues to take forever to go to most web sites. It did not do that until I got the Bitlocker issue.

    I got the TrendMicro app to stop by going to another piece of the application in the router. Suddenly the web works again.

    On the positive side, the application showed it had stopped some nasties. Talk about rock and hard place.

    Ill be back.
      My Computer


  9. Posts : 48
    10 1709
    Thread Starter
       #9

    OK. Got the files. I can only get to files if I use Revo or some alternate access. I can't get explorer to work.

    FRST.txt
    Addition.txt

    I am not sure this worked.
      My Computer


  10. Posts : 16,325
    W10Prox64
       #10

    Looking over the files:

    Code:
    System32\Tasks\Spiceworks Surface Scan Launcher => explorer "hxxps://apps.spiceworks.com/tools/device-inventory?agent_uuid=cfd93948-757a-4731-a311-ebc4a35c38a1" <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    Did you put the Spiceworks scanner on the system?

    Honestly, if you have the Bit Locker encryption malware, I don't expect to see a whole lot in these 2 FRST files, because it's using Windows Bitlocker to encrypt your files; just not giving you the key until you pay the ransom.

    If you rebooted the computer before the ransom note was displayed, that could be why you never saw a ransom note. The Bleeping Computer site I gave you is all the information they have on this right now.

    The only other thing is, if you somehow started Windows Bitlocker yourself, your key would be saved in your OneDrive account. But, from the description in your first post, it sounds like the infection hit you.

    On the positive side, the application showed it had stopped some nasties.
    Would be interested to know, exactly what did it show?

    I see you have Macrium on there. Can't you restore an image of the operating system from before this happened? and do you have Macrium backups of your data to restore? That is the way out of this.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:38.
Find Us




Windows 10 Forums