Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Windows Police Pro, but still infected


  • Please log in to reply
8 replies to this topic

#1 spatt79

spatt79

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 26 September 2009 - 12:04 PM

A few days ago my laptop was infected with Windows Police Pro. I ran Spyware Doctor, which seemed to remove it, but my computer is definitely still infected. I can access the internet (finally), but I am getting redirected constantly. I also cannot run Malwarebytes or HijackThis in Normal mode, or Safe mode (even after changing names, etc.). I tried to run RootRepeal, and it ran for a couple of minutes and then shut down. During the run, I could see that a rootkit was detected, but since it didn't finish the scan it didn't generate a log. After I try to run all of these programs, I can no longer access them (says I don't have the correct permissions). I have no idea what to do. Any help would be very appreciated. Thanks!!!!

Sara

BC AdBot (Login to Remove)

 


#2 spatt79

spatt79
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 30 September 2009 - 08:42 PM

I'm not sure if anyone can help me, but I thought I'd update this. My computer is now randomly shutting down in Normal Mode, but seems to be fine in Safe Mode. When it shuts down I get a blue screen and error message. In addition to the "A problem has been detected", etc. it says: Technical Information:
***STOP:0X0000007E (0Xc0000005, 0XAE0B889C, 0XAE0B8598) ***Antivirus.sys -Address BA5F0728 Base at BA5F0000 Date Stamp 4aa09298

I ran Spyware Doctor again, and came up with more infections (Adware.Agent!Sd5, Adware.generic!ct). I am also not able to update my antivirus software (McAfee VirusScan). I was also able to partially run Root Repeal again and have a partial log. Is that something I should post here? I'm getting desperate. I'm afraid this is going to mean a total reformat, but I'm trying to avoid that.

Please help!!!

Sara

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:58 PM

Posted 30 September 2009 - 09:26 PM

Hello,in some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you. I can provide info on doing this.
Or you can run another tool and see if it will remove enough for you to run Malwarebytes and post that log. VIPRE Rescue Program
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 spatt79

spatt79
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 01 October 2009 - 10:13 PM

Thanks so much for your reply. I'm pretty sure this is going to lead to wiping the drive and reformatting. I'm trying the VIPRE tool right now. I'll let you know how it goes. Thanks for your help!

Sara

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:58 PM

Posted 02 October 2009 - 11:54 AM

It may be the easiest.
Your decision as to what action to take should be made by reading and asking yourself the questions presented in the article When Should I Format, How Should I Reinstall ?
. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 spatt79

spatt79
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 03 October 2009 - 08:36 AM

I tried the VIPRE. It ran the whole scan, but at the end didn't clean anything, which I'm sure is related to the overall condition of my computer now. At the end it said: Rootkits: 4051 scanned, 27 found (and assorted other things). That number alone is enough to make me wipe the drive and reformat. How does that even happen?? Thanks for the link to the article. I don't think I will be able to trust my computer again without starting fresh, and I'll definitely avoid all .exe files during the backup. Thanks so much for your help!

Sara

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:58 PM

Posted 03 October 2009 - 07:44 PM

Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.
Use the free version of Active@ KillDisk.
Or Darik's Boot And Nuke

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech

Of course also feel free to ask anything on this in the XP forum. They'd be glad to help.

==============================

2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.

Download Belarc Advisor - builds a detailed profile of your installed software and hardware, including Microsoft Hotfixes, and displays the results in your Web browser.
Run it and then print out the results, they may be handy.

Since we don't know exactly which infections we're dealing with here, we should take some precautions before we attempt to move files from the infected machine. Run the following on your clean computer, and make sure you insert your flash drives at the prompt.
Download and Run FlashDisinfector

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


Reinstall Windows Vista

Edited by boopme, 03 October 2009 - 07:44 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 spatt79

spatt79
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 09 October 2009 - 09:12 PM

This is great info; thanks SO much. My computer was so screwed up from the viruses that the USB wasn't working, but I've now gotten it to the point where it is functional enough to use. I'm going to run through all of this, reformat and reinstall XP. Hopefully, in the end, I'll have a clean computer and this won't happen again. Thank you so much for all of your help.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:58 PM

Posted 09 October 2009 - 09:18 PM

You're most welcome Sara...my pleasure. As new malware is getting stronger and harder to remove, please take a moment to read quietman7's excellent prevention tips in post 17 here
Click>>Tips to protect yourself against malware and reduce the potential for re-infection:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users