virus help!!!

newgamer91

newgamer91

newgamer91

Associate
Joined
8 Sep 2011
Posts
108
Location
united kingdom
my 12 yr old brother was on my dads laptop last night and got a virus, when you turn on the laptop it loads to a white screen with internet explorer couldn't display the page then another windows appears and says the laptop has been locked by the metropolitan police and to unlock it you have to pay via ukash, when you click the 'X' to close the page it just reverts back to the white screen.

when I try to start task manager it doesn't appear and when i press the windows key nothing happens and the only way to turn the laptop off is by the power key.

i have tried to start the laptop in safe mode but it just loads back in to the screens i mentioned above but safe mode with networking and command prompt work, i currently have it in safe mode with networking and have run a virus scan with Microsoft essential but it didn't find anything but the real time protection is off and won't turn back on.

any ideas of how to get rid of this virus without wiping the laptop.

sorry about long post but tried to give as much detail as possible.
thanks
 
get malwarebytes installer on flash stick and put it in your machine, run the installer then run the scan, when you've done that boot into normal windows and download spybot s&d and run a full scan of that to pick up anything malwarebytes misses.

if initially you cant get malwarebytes to run, delete the files as labeled in this walkthrough

http://deletemalware.blogspot.com/2011/06/remove-metropolitan-police-ransomware.html

to disable the virus and then run malwarebytes to kill all remaining taces.. make sure your run spybot after aswell, its slow but thorough.
 
Ones like this are nearly always a single exe file in the appdata folder within the user account, although always best to scan are deleting it to be sure.
 
Deception said:
Just meant he ran a scan with MSE and didn't find anything, but MBAM found the virus. I didnt mean MSE fails in general, just this instance :)
Click to expand...

The OP (well, the 12 year old) installed a Virus, more than likely by running an executable. MSE, or any other AV program wouldn't stand a chance.
 
MilanoChris said:
The OP (well, the 12 year old) installed a Virus, more than likely by running an executable. MSE, or any other AV program wouldn't stand a chance.
Click to expand...

if MSE was running in realtime and was updated, then it should have least detected it and asked for actions. No doubt the 12 year old allowed it without actually thinking.. You know these kids these days :p
 
Deception said:
if MSE was running in realtime and was updated, then it should have least detected it and asked for actions. No doubt the 12 year old allowed it without actually thinking.. You know these kids these days :p
Click to expand...

If only things were that simple!

A lot of malware will evade A/V and wreak havoc, especially if allowed to escalate privileges without user intervention (WinXP admin acc/Win7 with UAC disabled).
 
KIA said:
If only things were that simple!

A lot of malware will evade A/V and wreak havoc, especially if allowed to escalate privileges without user intervention (WinXP admin acc/Win7 with UAC disabled).
Click to expand...

Yea, ive came across a few people who have allowed detected viruses through because the AV popup was annoying them, so they clicked allow..:eek:
 
Duke said:
Ones like this are nearly always a single exe file in the appdata folder within the user account, although always best to scan are deleting it to be sure.
Click to expand...

This,

Make sure you get the appropiate .exe fix before doign this, handy to keep all 3 (xp,7,vista) as well as a clean hosts file on yer memory stick.

c:\\Users/<accname>/appData/

Normally in the local folder, it'll be a randomly named .exe, the description can be anything, seen the description say thinkgs like microsoft cryptographic service.

Make a note of the name, delete file, Search reg for anything referring to the file, delete them all and then run the .exe fix.

Thats the quickest way to get rid of it and you can do it simply from another user account :)

May as well run your usual scanning tools after this, I had recently switched to HitmanPro after Malwarebytes was starting to take longer and longer but have recently seen it nuke a couple of windows installs so until I work that bit out back to MWB :)
 
hi guys, well i thought it fixed the problem but now the laptop is running slow and every time the laptop is started up it says 'configuring update 3 of 3' this goes away after about a minute but it happens everytime and when i start windows update and click check for updates it just stays saying checking for updates, also the 'configuring update 3 of 3' appears when the laptop is shut down. is it best to do a reinstall of windows now?

thanks
 
give it a few more reboots, there no issues with my OS install but have had the same thing the last few days, configuring 1 of 1.

It eventually went away without me doing anything.
 
I've got this trojan on one of the computers in my home, but when I go into editing "Shell" the value is already explorer.exe, any ideas why I still get it?
 
You must log in or register to reply here.
Back
Top Bottom