Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is held hostage by ransomware?


  • This topic is locked This topic is locked
4 replies to this topic

#1 findmyway

findmyway

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:41 PM

Posted 17 December 2010 - 09:46 PM

:( Everytime I try to connect to the internet it brings up a "security warning" box and says "application cannot be executed. The file wgatray.exe is infected. Do you want to activate your anti-virus software now?" It displays a website of www.jezebel.com in my internet address. This is a windows XP home edition computer. Can you help me? Thanks.

Edit: Moved topic from XP to the more appropriate forum, due to the request for malware a log by staff. ~ Animal

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:41 PM

Posted 17 December 2010 - 10:16 PM

Hello findmyway ,

Posted Image

This isn't ransomware, it's System Tool.....

Let's disable the main file manually so you can run some tools. Do you have access to a flash drive?

What I want you to look for is in Application Data (If using XP, otherwise Program Data). There will be a folder, with a file in it of the same "name". This will appear random, but it has a pattern. Look for letters and numbers in this order: lower case, upper case, lower case, upper case, lower case, then 5 random numbers. For example:

Folder -----> pEeHl02508\pEeHl02508.exe <-----file inside

Delete the folder. Now, download the following tool to a flash drive from a different computer, then put it on the infected one and run it.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to findmyway.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 findmyway

findmyway
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:41 PM

Posted 18 December 2010 - 12:24 PM

Hi Tea,

Thanks for your reply, but I am not sure I can do this since I do not have a flash drive. I am using another computer in our home to communicate with you so I am just not sure how to get around doing this. Is is possible?

Thanks,
findmyway
:(

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:41 PM

Posted 18 December 2010 - 12:31 PM

See if you can download it directly now....if you've located and deleted the bad folder then there's an excellent chance that you can download and run it directly. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:41 PM

Posted 27 December 2010 - 11:59 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users