Windows 10: Appear to have been attacked with Bitlocker

Discus and support Appear to have been attacked with Bitlocker in AntiVirus, Firewalls and System Security to solve the problem; ....I had a power blip, and after rebooting, it would accept none of my passwords. Fini..........I restored from a Macrium backup. I lose some data I... Discussion in 'AntiVirus, Firewalls and System Security' started by simrick, Apr 5, 2018.

  1. simrick Win User

    Appear to have been attacked with Bitlocker

    Glad you were able to restore; sorry you lost some data.
    I'd suggest getting yourself a BackUPS to prevent data loss and other issues resulting from power blips in the future. *Wink
    simrick, Apr 5, 2018
  2. alternety Win User

    Today I started my computer and shortly thereafter, Bitlocker was running and going through my drives. I am running Malwarebytes and Bitdefender. No apparent protection. I presume it is a malicious attack.

    Malware bytes is not helpful. Bitdefender flags a bunch of stuff but provides nothing I understand to recover. No relationship shown between files and where Bitlocker came from. Bitdefender has had an ongoing objective to remove control and information from the user. So it is harder now.

    I have C and D drives. C is locked and needs a password. D was in progress when I stopped the process by a restart. But it too is already encrypted and needs a password.

    Is there any way to recover from this mess? Searching, I have only really found information on how to set Bitlocker up. Not my problem. Searching has only yielded how to set up Bitlocker.

    alternety, Apr 6, 2018
  3. Ransomeware and Bitlocker

    Will installing Bitlocker stop ransomeware attacks?
    Philip Gross, Apr 6, 2018
  4. Appear to have been attacked with Bitlocker

    BitLocker on Windows 10 Home edition

    As much as I like BitLocker, it has no bearing on the current ransomware crisis.

    BitLocker protects one's data from physical theft. It cannot protect against online attacks.
    Dean Gibson, Apr 6, 2018
  5. Samuria Win User
    Is windows loading or not can you get to cmd prompt or safe mode. I am wondering if a its a fake or a script ran to do it which be on the system which may contain the password
    Samuria, Apr 6, 2018
  6. alternety Win User
    The computer runs. It is the machine I am typing this on. That is part of the puzzle.

    When I try to open C or D with explorer, I get a message about needing a password.
    alternety, Apr 6, 2018
  7. Bitlocker is part of Windows OS and should not be attacking your computer, is it possible that this is a ransomware attack that mimics Bitlocker? If so you need to find help of a forum that deals with malware. If this is actually Bitlocker that is malfunctioning you may be hooped and have to reformat.
    Digmor Crusher, Apr 6, 2018
  8. simrick Win User

    Appear to have been attacked with Bitlocker

    simrick, Apr 10, 2018
  9. Samuria Win User
    Please download and save FRST 64bit or FRST 32 bit to your Desktop.

    Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    Make sure that Addition option is checked.
    Press Scan button.
    It will produce a log called FRST.txt in the same directory the tool is run from.
    Please copy and paste log back .
    The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
    Samuria, Apr 10, 2018
  10. simrick Win User
    At present, there is no known way out of the Bit Locker Ransomware.
    simrick, Apr 10, 2018
  11. alternety Win User
    Just saw the posts above. Unfortunately it will take a bit to download the file indicated. I just can't seem to win.

    I recently installed a new router. Asus has included a TrendMicro service. Today I turned it on. It will not accept the bleepingcomputer site. I could find no way to tell it to stop screwing around, and let me go there. So, I tried to deactivate the application; it appears that is also a nono. Argh! My computer continues to take forever to go to most web sites. It did not do that until I got the Bitlocker issue.

    I got the TrendMicro app to stop by going to another piece of the application in the router. Suddenly the web works again.

    On the positive side, the application showed it had stopped some nasties. Talk about rock and hard place.

    Ill be back.
    alternety, Apr 11, 2018
  12. alternety Win User
    OK. Got the files. I can only get to files if I use Revo or some alternate access. I can't get explorer to work.


    I am not sure this worked.
    alternety, Apr 11, 2018
  13. simrick Win User

    Appear to have been attacked with Bitlocker

    Looking over the files:

    Code: System32\Tasks\Spiceworks Surface Scan Launcher => explorer "hxxps://" <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION[/quote] Did you put the Spiceworks scanner on the system?

    Honestly, if you have the Bit Locker encryption malware, I don't expect to see a whole lot in these 2 FRST files, because it's using Windows Bitlocker to encrypt your files; just not giving you the key until you pay the ransom.

    If you rebooted the computer before the ransom note was displayed, that could be why you never saw a ransom note. The Bleeping Computer site I gave you is all the information they have on this right now.

    The only other thing is, if you somehow started Windows Bitlocker yourself, your key would be saved in your OneDrive account. But, from the description in your first post, it sounds like the infection hit you.

    Would be interested to know, exactly what did it show?

    I see you have Macrium on there. Can't you restore an image of the operating system from before this happened? and do you have Macrium backups of your data to restore? That is the way out of this.
    simrick, Apr 11, 2018
  14. alternety Win User
    Something else I found. Something has turned protected boot on in the BIOS. I have never enabled that. Does that feel like an attack vector could change it; or is someone trying to help.

    I have not gotten a ransom screen. There is a message that the C drive failed Bitlocker install. I had not looked at that drive.

    It says:
    Attachment 184453

    D drive has put up a message asking for me to enter passwords
    Attachment 184454
    I will continue looking.
    alternety, Apr 11, 2018
  15. Samuria Win User
    Samuria, Apr 11, 2018

Appear to have been attacked with Bitlocker

  1. Appear to have been attacked with Bitlocker - Similar Threads - Appear been attacked

  2. Bitlocker HELP been on hold 4 hours

    in AntiVirus, Firewalls and System Security
    Bitlocker HELP been on hold 4 hours: The recovery key I saved to my windows account does not work. Drive seized in autorepair/did not start successfully. Boot usb is no use. I've been on hold with data security for 4 hours and ready to go all night on hold. Suggestions or is my PC now an $800 paper weight?...
  3. Been having bluescreens for months

    in Windows 10 BSOD Crashes and Debugging
    Been having bluescreens for months: It started happening about 6 months ago. Between then and now i have replaced multiple parts that seemed to fix the problem for a while. Like MOBO, Ram 5 weeks ago i reinstalled windows because i kept getting bluescreens every 20 seconds, safe mode was fine. Now it's...
  4. I've been attacked

    in AntiVirus, Firewalls and System Security
    I've been attacked: Today I received an e-mail stating that I've been hacked and they showed me that they know what one of my passwords are. They threatened me unless I send them money they are going to send compromising video taken of me thru my computer camera to everyone on my contact list....
  5. Sudden appearance of BitLocker

    in AntiVirus, Firewalls and System Security
    Sudden appearance of BitLocker: Hey folks. I friend of mine just called and asked if I could help fix his laptop. He says that he turned it off the other day, and on turning it back on again he is being asked for a bitlocker drive encryption key. He says he has never seen bitlocker, never turned it on,...
  6. Malware has been attacked to my system

    in Windows 10 BSOD Crashes and Debugging
    Malware has been attacked to my system: [ATTACH] Every time I turn my PC on or restart it forfiles run on command prompt. I was trying to install a software due to which a malware has been added into my system. I scanned my system and found trojan which I deleted. Now, if I scan it again antivirus does not show...
  7. Have I been hacked?

    in AntiVirus, Firewalls and System Security
    Have I been hacked?: I restarted my PC and then my lockscreen changed. My windows button no longer works and now there is a new user on my PC. It is defaultuser1 (22). They are using 101.3MB of memory. I can't delete them, either. I can delete myself, but not them. They are a local admin. What...
  8. Bitlocker recovery servers appear to be down

    in AntiVirus, Firewalls and System Security
    Bitlocker recovery servers appear to be down: I am attempting to access my bitlocker recovery key, but the online service appears to be down any idea when it will be back up?[ATTACH]"
  9. BitLocker and DMA and Memory Resilience attacks?

    in AntiVirus, Firewalls and System Security
    BitLocker and DMA and Memory Resilience attacks?: I an running BitLocker with fully encrypted OS drive with TPM only authentication. I have Sleep mode disabled with a setting: Never When not using my laptop, I power OFF my system completely. My question is, am I still vulnerable to DMA attacks if I shutdown my laptop...
  10. Bitlocker Recovery Keys keeps appearing

    in AntiVirus, Firewalls and System Security
    Bitlocker Recovery Keys keeps appearing: I tried to restart my laptop yesterday ......Dell 15 inch ..........purchased 27 October 2017. I received a message that I needed to enter some BITLOCK recovery keys. After about a half hour of searching on the web I found the recovery keys for my laptop. I entered the...