Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows police pro malware infection


  • Please log in to reply
8 replies to this topic

#1 guiggan26

guiggan26

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:05:18 PM

Posted 02 September 2009 - 10:29 AM

Problem first occured when visiting : watch-movies.net

Computer froze completely, restarted computer, and was then confined from searching via yahoo/google for way to correct the problem. Getting instead various Adsites. Eventually after another try at restarting, this "windows police pro" pseudo virus protect prevented all desktop icons from showing up, as well as the start toolbar. (task manager open) This "windows police pro" blocked any attempt to remove it via MalwareBytes & Adaware.
Tried your suggestion here
:http://www.bleepingcomputer.com/virus-removal/remove-windows-police-pro

All went well until MalwareBytes was blocked in task manager again, and we still get an error message. Any suggestions, or help with this Rogue Police Force would be wonderful!
Task manager is the only way we are able to run some applications.
please & thank you
Evan & kerissa

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:18 PM

Posted 02 September 2009 - 03:45 PM

hello guiggan26 and :thumbsup: to BleepingComputer.

Problem first occured when visiting : watch-movies.net

I'm sure you're aware of this now, but I'll reiterate for the benefit of others who may read this thread. Visiting these kinds of sites is asking for an infection. An infection that will cost you lots of time and cause you headaches, and might cost you a good bit of money as well.

***************************************************

First of all. . . you should try running the task "explorer.exe" from the Task manager. This should (hopefully) restore your Start Menu and desktop icons. Let me know whether or not this works.

***************************************************

Now, let's see what we're dealing with here.

Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • Click the "Drivers" tab, and then click the Posted Image button.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade


In your next reply, please include the following:
RootRepeal log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 guiggan26

guiggan26
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:05:18 PM

Posted 02 September 2009 - 07:07 PM

Thank you for the reply!
Alright as per your suggestions I tried the following and this is what happens.

When I tried to open "explorer.exe" in task manager I get a error message that wont let it open.

I also tried to download the Root Repeal and I got the following.

As soon as the dowload is finished a error message pops up and just says " error c:\documents and settings\owner\local settings tempoary internet files\content.IES5\NIKCXA67\root repeal [1]1.exe " I have to click "ok" this message three times for it to go away then the program looks as if its starting to run. a window opens that says "Initializing, please wait..." and dosnt do anything after that.

When I look in task manager it shows the program setup file as "busy - not responding" I can download the program but it will not run, I get this error message when I tried to open and run the file from my c drive " Root Repeal could not load driver (0xc0000061)


Im not realy sure what to do next...any other suggestions?

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:18 PM

Posted 02 September 2009 - 07:51 PM

Do you have access to Safe Mode?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 guiggan26

guiggan26
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:05:18 PM

Posted 02 September 2009 - 09:02 PM

Just tired to run in safe mode, and safe mode with networking, both from what I can tell dont work. It looks as if its starting up then I just get bumped back to the blue start up screen.
I get a message that states there was a recent software or system change thats causing safe mode not to open. Other than the windows police pro, nothing has been changed

Is it safe to manually remove the files that are accociated with windows police pro?.. with out runing in safe mode since im not able to do that.

Edited by guiggan26, 02 September 2009 - 09:14 PM.


#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:18 PM

Posted 02 September 2009 - 10:42 PM

no. . . you shouldn't touch those files. This infection is hooked deep into your system, removing things in the wrong order could cause the computer to no longer boot.

Let's do this next. Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 DonnyMO

DonnyMO

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 03 September 2009 - 10:19 AM

I only joined this community to say THANKS for having an article on how to remove "Microsoft" Police Pro.
I found this article using a Google search -

http://www.bleepingcomputer.com/virus-remo...dows-police-pro

I followed the steps that were generously accompanied with screen shots and got rid of that nasty virus in about 30 minutes.
You guys or gals or whoever wrote that article are AWESOME!!
There were several other articles out there but this was the most comprehensive and correct by far!

P.S.
If anyone is having trouble getting MalwareBytes to run, they first have to stop PolicePro fom executing in Task Manager.
There is an instruction on that too in the link above.

#8 SkyWriting

SkyWriting

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 30 October 2009 - 09:46 AM

Before I follow the link I'll give my amateur opinion on this, the infection seems to be on my external drive boot sector. I got rid of it for a month, but this sucker hides deeeep and waits. Hopefully the above link will cover it, but this thread is less than a month old.....so I have reservations that the problem is solved.

As long as I had my external drive unplugged my system was working again. When I thought everything was clean I tried to run malware bytes and disk doctor on the drive....but they missed it and I'm back to running in safe mode.

Oh ya..."superantispyware" found the "Rogue. WindowsPolicePro" when malwarebytes and spywaredoctor couldn't.

Edited by SkyWriting, 30 October 2009 - 09:52 AM.


#9 SkyWriting

SkyWriting

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 01 November 2009 - 01:21 AM

I was right. This stops police pro but not the installer for it which hides much deeper.
This installer loads windows police pro and 2 or 3 other programs. Those I removed but
police pro came back again. As well as police pro can hide from malware bytes.
I'll get back to you if I get rid of the boot sector infection.

Edited by SkyWriting, 01 November 2009 - 01:22 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users