Ransomware able to apply laptop HDD password?
Am cleaning up a nephew's laptop (a regular task) after he has managed (yet again) to get it full of malware despite my efforts to lock it down last time.
On this occasion there appear to be at least 2 issues - perhaps related, perhaps not.
First of all, he reports an infection with something very similar to PCEU Ransomware described here (http://trojan-killer.net/police-central-e-crime-unit-pceu-ransomware-removal/)
However, in trying to access his machine, it prompts for a HDD/SSD password, which he assures me has never been set.
On entering the BIOS (which is not password protected), I can see the setting for the HDD password, but am unable to change it without knowing the one that has already been set. I have tried changing the order of boot devices to boot from CD, which I was able to set, but which will not work, as the machine still demands a password before attempting to spin up the CD-ROM.
Given that this is a Toshiba laptop (Satellite L450), I have discovered that there have been numerous issues with failed drives / corrupt MBRs that have required HDD replacements. However, it seems a little too coincidental that this has happened whilst malware is in place.
Several hours of searching have turned up very little that is of any use as every solution so far requires either booting into safe mode or booting from CD, neither of which are possible. I have seen some suggestions of running malwarebytes on the drive after removing it and attaching to an uninfected machine, which is not an option as I dont have the relevant hardware with me.
My question is, therefore, is this a known malware issue and, if so, is there a known solution?
Many thanks in advance for any assistance.