Appear to have been attacked with Bitlocker

Page 1 of 2 12 LastLast
  1.    06 Apr 2018 #1

    Appear to have been attacked with Bitlocker

    Today I started my computer and shortly thereafter, Bitlocker was running and going through my drives. I am running Malwarebytes and Bitdefender. No apparent protection. I presume it is a malicious attack.

    Malware bytes is not helpful. Bitdefender flags a bunch of stuff but provides nothing I understand to recover. No relationship shown between files and where Bitlocker came from. Bitdefender has had an ongoing objective to remove control and information from the user. So it is harder now.

    I have C and D drives. C is locked and needs a password. D was in progress when I stopped the process by a restart. But it too is already encrypted and needs a password.

    Is there any way to recover from this mess? Searching, I have only really found information on how to set Bitlocker up. Not my problem. Searching has only yielded how to set up Bitlocker.
      My ComputerSystem Spec

  2.    06 Apr 2018 #2

    Is windows loading or not can you get to cmd prompt or safe mode. I am wondering if a its a fake or a script ran to do it which be on the system which may contain the password
      My ComputerSystem Spec

  3.    07 Apr 2018 #3

    The computer runs. It is the machine I am typing this on. That is part of the puzzle.

    When I try to open C or D with explorer, I get a message about needing a password.
      My ComputerSystem Spec

  4.    07 Apr 2018 #4

    Bitlocker is part of Windows OS and should not be attacking your computer, is it possible that this is a ransomware attack that mimics Bitlocker? If so you need to find help of a forum that deals with malware. If this is actually Bitlocker that is malfunctioning you may be hooped and have to reformat.
      My ComputerSystem Spec

  5.    10 Apr 2018 #5

    I realize I'm late to the party....but.... this does sound suspicious to me.
    There is an encryption virus that uses Bitlocker to encrypt your drives and then demands a ransom.
    Bit Locker Ransomware Support Help Topic - Ransomware Help & Tech Support

      My ComputerSystem Spec

  6.    10 Apr 2018 #6

    Please download and save FRST 64bit or FRST 32 bit to your Desktop.

    Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

    Make sure that Addition option is checked.
    Press Scan button.
    It will produce a log called FRST.txt in the same directory the tool is run from.
    Please copy and paste log back .
    The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
      My ComputerSystem Spec

  7.    10 Apr 2018 #7

    At present, there is no known way out of the Bit Locker Ransomware.
      My ComputerSystem Spec

  8.    11 Apr 2018 #8

    Just saw the posts above. Unfortunately it will take a bit to download the file indicated. I just can't seem to win.

    I recently installed a new router. Asus has included a TrendMicro service. Today I turned it on. It will not accept the bleepingcomputer site. I could find no way to tell it to stop screwing around, and let me go there. So, I tried to deactivate the application; it appears that is also a nono. Argh! My computer continues to take forever to go to most web sites. It did not do that until I got the Bitlocker issue.

    I got the TrendMicro app to stop by going to another piece of the application in the router. Suddenly the web works again.

    On the positive side, the application showed it had stopped some nasties. Talk about rock and hard place.

    Ill be back.
      My ComputerSystem Spec

  9.    11 Apr 2018 #9

    OK. Got the files. I can only get to files if I use Revo or some alternate access. I can't get explorer to work.


    I am not sure this worked.
      My ComputerSystem Spec

  10.    11 Apr 2018 #10

    Looking over the files:

    System32\Tasks\Spiceworks Surface Scan Launcher => explorer "hxxps://" <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    Did you put the Spiceworks scanner on the system?

    Honestly, if you have the Bit Locker encryption malware, I don't expect to see a whole lot in these 2 FRST files, because it's using Windows Bitlocker to encrypt your files; just not giving you the key until you pay the ransom.

    If you rebooted the computer before the ransom note was displayed, that could be why you never saw a ransom note. The Bleeping Computer site I gave you is all the information they have on this right now.

    The only other thing is, if you somehow started Windows Bitlocker yourself, your key would be saved in your OneDrive account. But, from the description in your first post, it sounds like the infection hit you.

    On the positive side, the application showed it had stopped some nasties.
    Would be interested to know, exactly what did it show?

    I see you have Macrium on there. Can't you restore an image of the operating system from before this happened? and do you have Macrium backups of your data to restore? That is the way out of this.
      My ComputerSystem Spec

Page 1 of 2 12 LastLast

Related Threads
Solved Attacked by Tech Support Scam Pop-Up Today (01-18-2018) in AntiVirus, Firewalls and System Security
Today, at about 4:30 pm EST, I was hit by a Pop-Up Tech Support Scam. I couldn't close it out, but I could still use Windows Defender. I ran the Quick Scan (It only took about 3 minutes.), and it showed No Threats. I then immediately ran the Full...
Solved Bitlocker without TPM help in AntiVirus, Firewalls and System Security
Hi all, I've been having a bit of trouble trying to get Bitlocker working on my Dad's laptop. He recently bought a new laptop with Win 7 pro and I upgraded it to Win 10. It all went smoothly except now when I'm trying to get Bitlocker to encrypt...
Yahoo accounts attacked. in AntiVirus, Firewalls and System Security
I get my satellite tv and landline broadband from SKY. They have just announced on their home page that Yahoo have been the victims of a cyber attack in "late 2014". A bit slow telling us, don't you think? I cannot remember when SKY became...
Firefox Add-ons attacked in Windows 10 News
NoScript and other popular Firefox add-ons open millions to new attack | Ars Technica
Before installing Win 10 preview onto an HDD I disconnect the other bootable drives lest they be molested by the Windows 10 install process. After installing the preview and updating everything I shutdown the PC and re-attach the other HDDs. My...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 12:38.
Find Us