Police virus ransom

[TFU] Thegoon84

[TFU] Thegoon84

[TFU] Thegoon84

Soldato
Joined
17 Jun 2009
Posts
7,089
Location
Swansea
One of our customers had the below come up:

http://www.telegraph.co.uk/technolo...ard-ransom-virus-holds-computers-hostage.html

I've managed to save all his documents and completed a virus scan on the HDD which picked up the thread and eliminated it.

However on starting windows via repair/restore it appears all the previous restores have been deleted.

I've downloaded Malware bytes and tried running it safe mode, however the virus has literally messed everything up and cant get into anything other than prompt mode...

Any suggestions before i do a fresh install of windows?
 
If you can, Slave the hard drive and use Produkey. Hopefully you will be able to get the product keys back for Windows and Office. If they are on there.

Quite strange its only a £100 fine to be let off for being a peadofile/terrorist. Those prices are really competitive nowadays.
 
I got this off a streaming site the other day, very annoying. Then when trying to fix it I was bored so went to watch something on my laptop and got it on that as well :cool: So ended up with two locked computers.

It also came up in safe mode in both for me. One work around I had was to hold power button in which minimized the virus overlay screen and the force shut down or cancel window popped up and clicked the cancel quickly before the PC shut down. This allowed me to get back to the desktop and use malware bytes. AVG and mal picked up stuff for about a day after when scanning, now it all seems clear. Will prob reformat though soon.
 
HecFam said:
If you can, Slave the hard drive and use Produkey. Hopefully you will be able to get the product keys back for Windows and Office. If they are on there.

Quite strange its only a £100 fine to be let off for being a peadofile/terrorist. Those prices are really competitive nowadays.
Click to expand...

haha indeed, funny thing is i should charge them that for fixing it lol.

I got this off a streaming site the other day, very annoying. Then when trying to fix it I was bored so went to watch something on my laptop and got it on that as well So ended up with two locked computers.

It also came up in safe mode in both for me. One work around I had was to hold power button in which minimized the virus overlay screen and the force shut down or cancel window popped up and clicked the cancel quickly before the PC shut down. This allowed me to get back to the desktop and use malware bytes. AVG and mal picked up stuff for about a day after when scanning, now it all seems clear. Will prob reformat though soon.
Click to expand...

yeah could have tried that. Sod it fresh install for him.

And yes same as you customer was watching the football on it.
 
this and FBI, Chishire police are comon. they take over you hard drive and encyrpt your hard drive. it install it self in the Registry. i have removed this by going into save mode and remove them in the registry, remember they use more then one name.
 
mo9204 said:
this and FBI, Chishire police are comon. they take over you hard drive and encyrpt your hard drive. it install it self in the Registry. i have removed this by going into save mode and remove them in the registry, remember they use more then one name.
Click to expand...

They don't do anything of the sort. Its a simple exe file that runs on start up and can be removed easily. One variety I had in the past hid some folders, but thats it.
 
Duke said:
They don't do anything of the sort. Its a simple exe file that runs on start up and can be removed easily. One variety I had in the past hid some folders, but thats it.
Click to expand...

Some variants of ransomware do encrypt files.
 
My mother had this, as someone stated that power off and cancel can allow you to actual do stuff to remove it because it will start on safe mode and you can remove it with a prev version but if you dont have one.. it's kind of annoying.
 
HecFam said:
If you can, Slave the hard drive and use Produkey. Hopefully you will be able to get the product keys back for Windows and Office. If they are on there.
Click to expand...

To save you opening up the computer you could just use produkey on hirens Live boot cd :)
 
BigBoy said:
Format reinstall, irs the way forward, that virus messes everything about!
Click to expand...
Don't need to format, just reinstall.

The first time this caught me I arsed about for ages trying to clean the system with no joy (the message was gone, but Windows was still borked). - The second time I just reinstalled and it was a lot less painful as a result.
 
Had to fix one of these (again) today. Slaved the drive to another computer ran malwarebytes on it with deep scan. Placed the HDD back into the computer installed malwarebytes in safe mode and ran again. Sorted problem.
 
I recommend keeping a Kaspersky Rescue Disk on hand (live cd). Managed to clear this for me in the past without messing anything up. Especially handy if you cannot get into the desktop or operate your drive as a slave.
 
When you get this or similiar you don't need to format. Just boot in safe mode with command prompt. Run regedit and search for winlogon. There will be a key labeled Shell under Winlogon. It should reference rxplorer.exe or be blank. If there is something else referring an executable in one of users folders, replace it with explorer.exe and exit. Next, run msconfig and disable all unnecessary startup entries and exit. Now reboot your machine.
Download a good antispyware like malwarebytes anti-malware free and scan the machine. It worked for me when i had to clean two colleagues laptops at work.
 
Keep an image on your PC. If you use windows 7 then you can stick a repair disk in, re image and away you go in about 30 mins
 
Which also helps and i tell my customers who get this virus this.....STOP GOING ON DODGY WEBSITES!!!!......if it sounds too good to be true then dont click on it.
 
malachi said:
Which also helps and i tell my customers who get this virus this.....STOP GOING ON DODGY WEBSITES!!!!......if it sounds too good to be true then dont click on it.
Click to expand...

If only it were this simple.

People are usually infected because they have out-of-date vulnerable software on their machines and browse to a legit site which has been altered to serve up malicious code.
 
You must log in or register to reply here.
Back
Top Bottom