My personal desk top got infected tonight. Im working from a tablet right now. I thought I stopped the opening of that zip file but obviously didnt. Im not about to click any of their links or download their special SW. Ive already screwed up once tonight. I dont know how high their ransom is, but Im guessing that even if I got my data back Id have backdoors and spyware installed all over the place. This computer is about 4 yrs old, running Vista. I backed up a few months ago and, while inconvenient, could probably live without the data Im losing.

Is there a straight forward way to recover - like go back to my last restore point? Else, I might just go buy a new machine for $500.

Id really appreciate your advice on how to correct this.

Thanks guys.
Fred

I have a couple of these sites and just hit ctrl>alt>delete, log off and then reboot. Not sure if it will work for all sites though...

I have a couple of these sites and just hit ctrl>alt>delete, log off and then reboot. Not sure if it will work for all sites though...

Thanks Keith. Im bitten real good. Rebooting didnt help. (Sigh)

Was your backup drive attached when you got hit?

If not, I'd suggest secure-erasing the drive and then restoring your backup.

Was your backup drive attached when you got hit?

If not, I'd suggest secure-erasing the drive and then restoring your backup.

Thanks Phil. It was not attached - one good thing! I appreciate your advice.
Fred

I loaded some software my Vista PC didn't like, wasn't a virus but got a Blue screen when I rebooted. I did a System Restore from Safe Mode and everything was good again. Do a Google search to see how to do a System Restore for you computer as each one is a little different. You won't lose anything when do this except programs that got loaded (i.e Virus) after the date of the restore you pick.

I loaded some software my Vista PC didn't like, wasn't a virus but got a Blue screen when I rebooted. I did a System Restore from Safe Mode and everything was good again. Do a Google search to see how to do a System Restore for you computer as each one is a little different. You won't lose anything when do this except programs that got loaded (i.e Virus) after the date of the restore you pick.

Thanks Peter!

My personal desk top got infected tonight. Im working from a tablet right now. I thought I stopped the opening of that zip file but obviously didnt. Im not about to click any of their links or download their special SW. Ive already screwed up once tonight. I dont know how high their ransom is, but Im guessing that even if I got my data back Id have backdoors and spyware installed all over the place. This computer is about 4 yrs old, running Vista. I backed up a few months ago and, while inconvenient, could probably live without the data Im losing.

Is there a straight forward way to recover - like go back to my last restore point? Else, I might just go buy a new machine for $500.

Id really appreciate your advice on how to correct this.

Thanks guys.
Fred

Can you wipe the hard d rive and reinstall windows? Do you have the original install disk? The cryptovirus infections are difficult and a ransom is usually demanded to unlock the computer. If you can go back to a restore point then maybe it will work again. But with your backup files, as was mentioned, are safe but do not connect the external drive until the virus is gone.

or possible this youtube video may be of some help...
https://www.youtube.com/watch?v=gPelrlpQIJg

Reboot in safe mode. When you turn the computer back on, keep hitting F8 until safe mode is available. You might have to reboot several times until this is successful. Select Safe Mode with Networking so you can use the internet. Download Spyhunter and run it to clear the virus.

edited to add: Sorry I missed the Vista part of the original post. I don't know anything about that.

Buy a new drive (they're cheap) and restore to that.

All of this other advice is going to do absolutely nothing for CryptoWall. Those files on that drive are gone...finito...no more. Getting rid of the virus will do zippo to get the data back. If you'd like to, keep the drive around and wait. They may find these guys and gain access to the private keys, just like they did with CryptoLocker, and then you can get the data back.

Buy a new drive (they're cheap) and restore to that..
^^This^^
What happens is the boot sector gets the infection. You are not going to fix it with Safe Mode, scan programs, anything.
Toss the drive and re-install.
Also consider a new machine. Even Microsoft admits Vista was a bad idea.

For the future I recommend backing up to the cloud if you have a decent Internet connection. I pay $50 a year with Acronis Cloud, but I also had to spend about $50 for the software. I back up my machine every day both to an external drive and to the cloud. I do both as the hard drive restore will be much faster if my main drive fails. I don't think the virus could get to the files in the cloud, at least not yet.

I know some are worried about data mining and security in the cloud, but I am not that worried about it.

You have to be careful. The crypto-whatever viruses often encrypt cloud data too.

Sorry about your troubles....

Moral of the story....backup...backup....backup.....image file

Do not leave your backup drive attached....

Buy a new drive (they're cheap) and restore to that.

All of this other advice is going to do absolutely nothing for CryptoWall. Those files on that drive are gone...finito...no more. Getting rid of the virus will do zippo to get the data back. If you'd like to, keep the drive around and wait. They may find these guys and gain access to the private keys, just like they did with CryptoLocker, and then you can get the data back.

Did you watch the video linked above? It cleanly, and safely appeared to remove the problem in less than 4 minutes. He even showed examples of the files being encrypted and then afterwards, opening that same text file and you could read it.

Sorry that your computer got infected - but I am curious, what where you doing when this happened (I would like to avoid a similar occurrence if possible)

Did you watch the video linked above? It cleanly, and safely appeared to remove the problem in less than 4 minutes. He even showed examples of the files being encrypted and then afterwards, opening that same text file and you could read it.

If his backup drive wasn't attached, there would be nothing to restore between the time of the last backup, and the time the infection occurred.

And I wouldn't continue to use an O/S that had been compromised by something as serious as a crypto variant.

Because if I was releasing a crypto variant, I'd build a version that waits thirty days and then does it all again. And if I've thought of that, I imagine the hackers actually doing this have thought of it, and a lot more.

The video only works if you're doing shadow copy, and if that particular file is saved unencrypted. It's essentially restoring from backup. There's no practical way to actually decrypt any files without the private key. So it still comes down to if you have a backup or not. If not, you're toast until they catch them and grab the keys off the drives.

The video only works if you're doing shadow copy, and if that particular file is saved unencrypted. It's essentially restoring from backup. There's no practical way to actually decrypt any files without the private key. So it still comes down to if you have a backup or not. If not, you're toast until they catch them and grab the keys off the drives.

If a backup was done, either to the cloud or to an external drive then my advice is to wipe the drive clean and reinstall windows. After restore information to the fresh install, documents etc.

The video only works if you're doing shadow copy, and if that particular file is saved unencrypted. It's essentially restoring from backup. There's no practical way to actually decrypt any files without the private key. So it still comes down to if you have a backup or not. If not, you're toast until they catch them and grab the keys off the drives.

I must me watching a different video. The guy used restore on a folder, he didn't do any shadow copying stuff. He clearly solved the problem enough that it changed the encrypted files to non encrypted files. There are now a number of videos online showing how to beat this thing.

As long as your system restore is setup, which is more than likely is, then you should have enough tools to get the job done. What's it hurt to try? It's free to try and you don't have to buy another drive or do any of the other things being mentioned.

It might get you on in and, in the case it did, I'd run a scan on it with some of the tools available and once known to be clean, I'd get my data off there or backed up and then carry on, having a better backup strategy in the future.

You'll know if it works in about 10 minutes. If it doesn't, you're not worse off than you were.

Some of you aren't reading the thread.
These virii/trojans/etc. get into the Master Boot Record, or MBR. Formatting a drive ain't gonna get rid of it.
Buy a new drive!!!

Some of you aren't reading the thread.
These virii/trojans/etc. get into the Master Boot Record, or MBR. Formatting a drive ain't gonna get rid of it.
Buy a new drive!!!

It's not an MBR virus...

Some of you aren't reading the thread.
These virii/trojans/etc. get into the Master Boot Record, or MBR. Formatting a drive ain't gonna get rid of it.
Buy a new drive!!!

if it does get in there you just have to do an mbr rebuild.

Many many thanks to all of you for helping me with this nightmare. I had decided to buy a new hard drive and restore from there, when I saw a new ASUS machine on sale and just decided to bite the bullet. The new machine is about twice the speed of my 4 yr old one. God only knows why I need TERABYTE disk drive - Im not a big photo or video guy - but maybe its like horsepower and you can never have too much, huh? :) It came with Windows 8 and a touch screen - those will take some getting used to. (Every time I get a faster processor, Gates' boys create a more processor-intensive OS. Funny how that works.) But for under $700, the new machine looked like the way to go.

Once again, thank you all!
Fred

And I wouldn't continue to use an O/S that had been compromised by something as serious as a crypto variant. Because if I was releasing a crypto variant, I'd build a version that waits thirty days and then does it all again. And if I've thought of that, I imagine the hackers actually doing this have thought of it, and a lot more.

Thats exactly where I got to Phil. Thanks.

Buy a new drive (they're cheap) and restore to that.

All of this other advice is going to do absolutely nothing for CryptoWall. Those files on that drive are gone...finito...no more. Getting rid of the virus will do zippo to get the data back. If you'd like to, keep the drive around and wait. They may find these guys and gain access to the private keys, just like they did with CryptoLocker, and then you can get the data back.

Yeah John, I agree. That data is unrecoverable. And I just could not get comfortable that I could get all of the malware erased with my moderate IT skills. Thanks man!

Yeah John, I agree. That data is unrecoverable. And I just could not get comfortable that I could get all of the malware erased with my moderate IT skills. Thanks man!

Scott does have a point that IF you currently have shadow copies of the files involved, and you may, you may be able to get them back following the instructions in the video, just like with any other backup. It's all about having a backup. Still, safest is to restore to a different drive, lest you risk encrypting your backup too if you're not tech savvy. But do hang on to that old drive. One day, you may be able to get that data back if you really want it.

I went 20 years without ever having a anti-virus on my personal computers, and I went 20 years without ever having a virus. When Cryptolocker came out, I finally installed some virus protection. It's such a nasty way of attacking a system that I just couldn't take the chance. Now I have a fairly sophisticated backup solution too. It cost a bit of money, but I've been tempting fate too long.

Scott does have a point that IF you currently have shadow copies of the files involved, and you may, you may be able to get them back following the instructions in the video, just like with any other backup. It's all about having a backup. Still, safest is to restore to a different drive, lest you risk encrypting your backup too if you're not tech savvy. But do hang on to that old drive. One day, you may be able to get that data back if you really want it.

I'm with you. Plan to keep it as is, on the off chance a solution comes in the future. Thanks!

Frederick, how did you get the infection onto your computer or don't you know?

Some of you aren't reading the thread.
These virii/trojans/etc. get into the Master Boot Record, or MBR. Formatting a drive ain't gonna get rid of it.
Buy a new drive!!!
Myk, You are wrong about the MBR on the hard d rive. A low level format will remove all data and the virus from the drive. It has to be a low level format so that a write and rewrite is done for every bit.

.................................................. .............
It came with Windows 8 and a touch screen - those will take some getting used to. (Every time I get a faster processor, Gates' boys create a more processor-intensive OS. Funny how that works.) But for under $700, the new machine looked like the way to go.

Once again, thank you all!
Fred

If you find Windows 8 too much of a PITA, there are free or low cost add-ons to restore more 'traditional' functioning. Here is an article about desktop replacements:

http://www.howtogeek.com/127699/6-start-menu-replacements-for-windows-8/?PageSpeed=noscript

Myk, You are wrong about the MBR on the hard d rive. A low level format will remove all data and the virus from the drive. It has to be a low level format so that a write and rewrite is done for every bit.

I didn't even realize you could low level format hard drives anymore. I remember doing this years ago to hard drives back in the 80s or 90s.

I didn't even realize you could low level format hard drives anymore. I remember doing this years ago to hard drives back in the 80s or 90s.

i think it is still possible with multiple programs available for the job....DBAN comes to mind. And this....
http://knowledge.seagate.com/articles/en_US/FAQ/203931en

I was talking with our son about this. More computer literate than I, and we both build them.
At one time he got a trojan. His first warning was the BIOS needed resetting.
A week later, this trojan eats the BIOS, or UEFI. Whichever one he had at the time.
Erased. Unable to flash it. Fried.

That's what these trojans do. They can destroy a computer.
That's what Frederick picked up. If you don't pay up, zap.
They can embed themselves so deeply, you will have to throw the machine, and backup drives away. You have to start over.
Put a new HD in it, or buy a new machine. Those are the only options.

I was talking with our son about this. More computer literate than I, and we both build them.
At one time he got a trojan. His first warning was the BIOS needed resetting.
A week later, this trojan eats the BIOS, or UEFI. Whichever one he had at the time.
Erased. Unable to flash it. Fried.

That's what these trojans do. They can destroy a computer.
That's what Frederick picked up. If you don't pay up, zap.
They can embed themselves so deeply, you will have to throw the machine, and backup drives away. You have to start over.
Put a new HD in it, or buy a new machine. Those are the only options.

I disagree with your asserttion that a new drive is needed.

I was talking with our son about this. More computer literate than I, and we both build them.
At one time he got a trojan. His first warning was the BIOS needed resetting.
A week later, this trojan eats the BIOS, or UEFI. Whichever one he had at the time.
Erased. Unable to flash it. Fried.

That's what these trojans do. They can destroy a computer.
That's what Frederick picked up. If you don't pay up, zap.
They can embed themselves so deeply, you will have to throw the machine, and backup drives away. You have to start over.
Put a new HD in it, or buy a new machine. Those are the only options.

It is pretty difficult to manipulate a drive at a low enough level to cause the sort of infection you're talking about. Typically the drives have to be put in service mode and this is accomplished differently depending on the family/manufacturer of the drive.

So wiping the drive (I call it a secure erase so people understand we're actually physically erasing the contents of each sector, but a single pass of some secure erasing app is sufficient) pretty much makes any drive safe to use again.

It is pretty difficult to manipulate a drive at a low enough level to cause the sort of infection you're talking about. Typically the drives have to be put in service mode and this is accomplished differently depending on the family/manufacturer of the drive.

So wiping the drive (I call it a secure erase so people understand we're actually physically erasing the contents of each sector, but a single pass of some secure erasing app is sufficient) pretty much makes any drive safe to use again.

I agree with you Phil by doing a wipe and reloading the formatting the drive with the drive makers software you are starting fresh. replacing the drive would be like having to replace the engine in yor car if someone dumped water in the gas tank

The point of getting a new drive is:

1) to eliminate the risk of corrupting your backup, because presumably the OP is not tech savvy and one slip up or missed step can trash his backup too

2) to allow leaving the old drive alone so if they're able to retrieve the private keys, as has happened in the past, the data will be recoverable at that time.

Just getting rid of a virus doesn't even require the so-called low level formats, which haven't actually done low level formatting for 20 years. They're not magic, and getting in there with bootable media designed to scan and clean is the most you'd ever have to do...but there are other reasons to leave the old drive alone.

I was talking with our son about this. More computer literate than I, and we both build them.
At one time he got a trojan. His first warning was the BIOS needed resetting.
A week later, this trojan eats the BIOS, or UEFI. Whichever one he had at the time.
Erased. Unable to flash it. Fried.

That's what these trojans do. They can destroy a computer.
That's what Frederick picked up. If you don't pay up, zap.
They can embed themselves so deeply, you will have to throw the machine, and backup drives away. You have to start over.
Put a new HD in it, or buy a new machine. Those are the only options.


It is pretty difficult to manipulate a drive at a low enough level to cause the sort of infection you're talking about. Typically the drives have to be put in service mode and this is accomplished differently depending on the family/manufacturer of the drive.

So wiping the drive (I call it a secure erase so people understand we're actually physically erasing the contents of each sector, but a single pass of some secure erasing app is sufficient) pretty much makes any drive safe to use again.

This ^^^ 100 times. A virus must be designed with a specific manufacturer in mind (and in most cases, a specific set of builds) to infect as deep as the BIOS. When things die because of reason 'X', people immediately try to tie it to a virus, even if 'X' was simply a tangential issue to the real problem (like seeing BSODs and thinking "I must have a virus!", when it's merely a SIMM going bad).

Spend some time looking at these guys in IDA Pro and you'd understand why it's not nearly as simple as that.

The point of getting a new drive is:

1) to eliminate the risk of corrupting your backup, because presumably the OP is not tech savvy and one slip up or missed step can trash his backup too

2) to allow leaving the old drive alone so if they're able to retrieve the private keys, as has happened in the past, the data will be recoverable at that time.

Just getting rid of a virus doesn't even require the so-called low level formats, which haven't actually done low level formatting for 20 years. They're not magic, and getting in there with bootable media designed to scan and clean is the most you'd ever have to do...but there are other reasons to leave the old drive alone.

There are rootkits that will hit everything up and including UEFI. So doing a wipe of the drive will prevent any remnants of an infection from causing problems later on.

The OP said the backup drive wasn't connected when the problem occurred. So it would seem pretty safe to assume that backup is a USB or 1394 drive. So in that case, the backup drive stays disconnected until the boot drive is wiped. At that point, if he has been using Win7 backup, he can reconnect the backup and boot his Win7 DVD and tell it to restore a backup.

Frederick, how did you get the infection onto your computer or don't you know?

Email. They were very clever.

This ^^^ 100 times. A virus must be designed with a specific manufacturer in mind (and in most cases, a specific set of builds) to infect as deep as the BIOS. When things die because of reason 'X', people immediately try to tie it to a virus, even if 'X' was simply a tangential issue to the real problem (like seeing BSODs and thinking "I must have a virus!", when it's merely a SIMM going bad).

Spend some time looking at these guys in IDA Pro and you'd understand why it's not nearly as simple as that.


But viruses are what all the TV ads talk about! It's not that simple for someone who buys a PC like they buy any other appliance to discern between software and hardware problems.

But viruses are what all the TV ads talk about! It's not that simple for someone who buys a PC like they buy any other appliance to discern between software and hardware problems.

The quality of EMail-based attacks has improved substantially.

Most ISP's should probably just block all EMail with an executable attached either directly, or as part of a compressed file.

That will be inconvenient for some people like me, but I can work around it. It will save less savvy users a lot of heartache.

I've met people that have lost their entire photo albums. Baby pictures, pictures of lost loved ones, all gone. Yes, they should have had a backup. Some of these people simply do not have the money to pay the ransom, even if they wanted to take the chance. Single mothers with deadbeat x's that have trouble paying rent, much less scraping together $400 to get their photos back.

This industry is very slow to adapt to these sorts of threats. Doesn't bode well for the future.

You will have to get a new drive, with that said, after 40 years in the IT business here is my advice. Once you have restored with your backup get a major virus package like Norton. Second get a 3rd party backup that will allow you a mirror backup of your system off site and on a remote drive. If you ever get a virus again you can recover everything with a copy. I use a 3rd party and crashed twice in the last few months (my fault) and they had me up in 3 hours. If you want more info PM me

You will have to get a new drive

I really wish people would stop suggesting this. It is completely unnecessary, not to mention wasteful.

I really wish people would stop suggesting this. It is completely unnecessary, not to mention wasteful.

He doesn't have a full, recent backup. You get a new drive so that if the keys are ever recovered, he can completely unencrypt his drive and recover all of his data.

The quality of EMail-based attacks has improved substantially.

Most ISP's should probably just block all EMail with an executable attached either directly, or as part of a compressed file.

That will be inconvenient for some people like me, but I can work around it. It will save less savvy users a lot of heartache.

I've met people that have lost their entire photo albums. Baby pictures, pictures of lost loved ones, all gone. Yes, they should have had a backup. Some of these people simply do not have the money to pay the ransom, even if they wanted to take the chance. Single mothers with deadbeat x's that have trouble paying rent, much less scraping together $400 to get their photos back.

This industry is very slow to adapt to these sorts of threats. Doesn't bode well for the future.

Some consumer education would go a long way toward lessening the impact of such attacks. Get people that rely on digital storage to believe that they WILL have a data loss event, it's a question of when and act accordingly. Easier said than done, I know. People don't have to back up their entire machine, just the bits and bytes that are hard or impossible to replace. Doesn't have to be a large $ solution. A high capacity flash drive or two and a freeware file syncing app would go a long way. I had a Windows 7 install that took up about 30 GB. The stuff that mattered was considerably less than 1 GB. (Nope, no pirated movies:p) The rest could be readily rebuilt.

Once you have restored with your backup get a major virus package like Norton.

I receive as many as dozens of E-Mails with malware attached every day. Basically, if an E-Mail has an executable attached either directly or via compressed file, the mail servers I manage forward it to me.

And I take the attachment and upload it to virustotal.com. Virustotal.com scans the sample with 57 (fifty-seven!) different products.

I've been doing this for at least a couple of years now.

And what I've learned is, there is no reliable paid or free product that consistently detects zero day threats.

And this shouldn't be a surprise to anyone involved in IT security. Because the same site (virustotal.com) is likely used by hackers tweaking their latest variations. They make sure they change it enough to make it past virustotal.com, and then they release it via E-Mail.

So more importantly than installing some paid antivirus product is to be aware that nothing will save you from a zero-day threat. And, that they're nearly all zero-day threats (I hope it is obvious that nobody is going to spend time/effort pushing last years threats via spam or whatever).

And I take the attachment and upload it to virustotal.com. Virustotal.com scans the sample with 57 (fifty-seven!) different products.


and then I double check VirusTotal with Jotti
http://virusscan.jotti.org/en

Might be too late, but looks like Kapersky Labs may have a solution. http://www.engadget.com/2015/04/14/kaspersky-releases-decryption-tool-that-unlocks-ransomware/?ncid=rss_truncated&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+weblogsinc%2Fengadget+%28Enga dget%29

Might be too late, but looks like Kapersky Labs may have a solution. http://www.engadget.com/2015/04/14/kaspersky-releases-decryption-tool-that-unlocks-ransomware/?ncid=rss_truncated&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+weblogsinc%2Fengadget+%28Enga dget%29


Thanks very much Eric. I'll go check this out. I aapreciate the help!
Fred

Okay, Brand new to the site. I am a 30 year IT consultant who has recently been fighting Cryptowall 3.0 on several computer networks over the last couple of months. While I have read many of the threads on this subject, no ones story seems to be as severe as mine. I will try to be brief. The first couple of times I ran into this virus a quick system restore to factory defaults solved the problem. However, recently that is not enough. The virus that brings Cryptowall in has moved to the BIOS. You cannot just re-flash the BIOS and low level format the hard drives to get rid of it. You MUST cold flash the BIOS. For those who do not know that requires removing the BIOS chip from the motherboard and flashing it outside the computer. The reason is, once in the BIOS, when you boot the computer it moves into RAM and reinfects the drive. Then before you turn the computer off it re-writes itself to the BIOS. A very nasty yet clever feat indeed. Also, if you are lucky enough to shut everything down before Cryptowall has encrypted all you data, it is still infected with one of several different kinds of viruses. Overall, the time it takes to cold flash all networked computer and server BIOS', (we just buy drives, no time to low level the old ones), and restore all apps and clean the data takes about a week for a 4 -8 users network and costs the customer hundreds of hours of labor. Has anyone else ran into this extreme a variant?

Re Robert's problem, from what I've read, UEFI may not be an improvement on the malware front. I read a proposal on a computer site sorta like Sawmill Creek. A poster suggested some sort of separate flash drive for BIOS rather than the drive partition that UEFI uses. Then have an old fashioned mechanical switch to isolate the write function on that flash UEFI partition. The user must move that switch to enable writes to that device. Then have a placard near the switch saying don't move this unless you have a very good reason to do so. Fake or anonymous emails or texts do not constitute a very good reason. It wouldn't be perfect - some people would still leave write enabled for convenience. But then they'd have nobody to blame but themselves. People or businesses tasked with recovering systems with problems caused by leaving the write switch enabled could charge a "stupid premium" of say, 100%? in addition to the usual charge:cool:

You MUST cold flash the BIOS. For those who do not know that requires removing the BIOS chip from the motherboard and flashing it outside the computer.

Removing the BIOS chip on a modern computer is typically not a DIY job for the home hobbyist. The EEPROMs are almost always soldered directly to the board these days, and with the 10-layer+ boards in production and high-pin-density packages (not even talking about BGAs), this is not an item the DIYer can remove with a Radio Shack soldering gun.

Luckily, the viruses that attack at the BIOS level are few and far between in the wild... the vast majority here will go their entire lives without having encountered one.

Removing the BIOS chip on a modern computer is typically not a DIY job for the home hobbyist. The EEPROMs are almost always soldered directly to the board these days, and with the 10-layer+ boards in production and high-pin-density packages (not even talking about BGAs), this is not an item the DIYer can remove with a Radio Shack soldering gun.

Luckily, the viruses that attack at the BIOS level are few and far between in the wild... the vast majority here will go their entire lives without having encountered one.

correct me if i am wrong but if the board eeprom was reflashed by someone that knows how would this same board then be ok?

correct me if i am wrong but if the board eeprom was reflashed by someone that knows how would this same board then be ok?

If they're able to do a low-level write of the entire Flash, then yes, it would be okay. If you're counting on the OS (or UEFI) to handle the write, however, there's a large chance the malware will retain control afterwards since it retains control of the re-flash process. You really need someone who can attach directly to the programming lines of the chip and do it direct so nothing in the Flash can take control of the process.