UEFI and GPT partition

[Bobbing]

Hi,

I have this Dell machine with Windows 8 X64 all in one built into the display.
Its booting up with the FBI ransomware. I am trying to scan the drive with a boot disc. I am getting nowhere with it. I have disabled UEFI and secure boot.
I have tried Hitman Pro with kickstart and that goes nowhere.
How do I mount and scan the partition?

 

[nlinecomputers]

Don't disable UEFI. it's required for GPT to work correctly. Disable secure boot and fastboot.

 

[Bobbing]

Don't disable UEFI. it's required for GPT to work correctly. Disable secure boot and fastboot.

I have tried with UEFI enabled and secure boot disabled and it skips over my boot disc and goes straight to the hard drive. I will check to see if there is a fastboot option to disable.

 

[MobileTechie]

UEFI is not required for GPT: http://msdn.microsoft.com/en-us/library/windows/hardware/gg463525.aspx - it's the other way around. GPT is required for UEFI.

What boot disk are you trying to use? Does it support mounting GPT disks?

Have you tried using Windows 8 disk be that original, repair or DART/ERD?

 

[Galdorf]

I don't think any av rescue cd supports uefi yet i have tried all major ones no luck even booting from legacy mode , you need to activate boot menu and select legacy cd/dvd boot but i have had no luck getting anything to boot.
What i do is slave hard drive to a old legacy based p4 and scan it from there from windows 7.
What i find odd is that no av running in windows found anything tried every major one, slaved it to my old p4 win7 system found trojanspy.zbot,zip.mailbomb and more thought uefi was rootkit proof guess not.

 

[Avgsmoe]

I had the same situation come in today. I had to disable secure boot, uefi, and turn the sata operation to ahci. Then a Windows 8 disc would allow me to access the hdd. I removed the start up entries, removed the files, and renamed cmd.exe, which finally allowed me to boot the os with out the ransomware. Ubuntu 12.10 can also access the drive, but there is not an easy way to edit the registry.

Good luck

 

[Bobbing]

I had to pull the drive then connect it into my machine. Then a chkdsk was run upon boot up, after I was able to access the files and remove the Javascript virus.

Thanks for all your ideas.