Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What is this?


  • This topic is locked This topic is locked
12 replies to this topic

#1 fiend1182

fiend1182

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 06 October 2011 - 10:19 AM

Posted Image

I'm a computer tech for a school system and have never seen this before a few days ago, since then I've had 2 computers infected with it. I know the picture is bad but it basically says in Russian? and broken english that I did something bad and now I have to send them a text message to have my computer unlocked. I haven't been able to get rid of it without re-imaging the computer. I'd like to know what it is and how to stop it. Thanks.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:58 AM

Posted 06 October 2011 - 10:42 AM

I'll report this topic to appropriate malware helpers.
Hold on there...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:58 AM

Posted 06 October 2011 - 12:12 PM

What operating system is in the computer? Is it a 32 bit or a 64 bit system? Do you have the installation CD?

Edited by JSntgRvr, 06 October 2011 - 12:12 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 fiend1182

fiend1182
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 06 October 2011 - 12:14 PM

Windows XP Pro 32-bit, and yes.

Edited by Orange Blossom, 06 October 2011 - 12:18 PM.
Moved to log forum. ~ OB


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:58 AM

Posted 06 October 2011 - 12:41 PM

We will need to create a bootable CD that may allow us to scan the computer from an external source. There are various alternatives.

You will need a blank CD, your Windows XP install disc and a flash drive.

Please follow the steps below and let me know if you were successful. Please tell me what error messages you got and/or what steps you got hung up on.

1. Download the PE Builder to your desktop

http://www.nu2.nu/download.php?sFile=pebuilder3110a.exe
  • Double-Click on the PE Builder that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
  • Double-Click on PE Builder.exe located on your desktop.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
  • Builder
  • Source: (path to Windows installation files)
  • Enter the path to the drive where your XP CD is located.
  • You can click on the "..." button on the right to navigate to the path as well.
[*]Custom: (include files and folders from this directory)
  • No information is necessary, leave blank.
[*]Output:
  • Keep the default
[/list][/list]
  • Media output
    • Choose Create ISO image
    • Do not choose Burn to CD/DVD
    • Download the RunScanner plugin and save it to your desktop
    http://www.paraglidernc.com/Files/RunScanner10025.cab

    Please note: You will be prompted for the folder that it shall be saved. By default it appears as runscanner10025. It should be modified to just runscanner <--- Important!!!


    • Press the Plugin button on the PE Builder interface
    • Press the Add button and navigate to the location of the RunScanner plugin to install
    • Please note: If you are using a Windows XP disc with sp2 then highlight RpcSS needs to launch DComLaunch and then press Enable
  • When your done press Close and the PE Builder interface will re-appear
3. Click on the "Build" button
  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run it's course
  • When the Build is finished you can click close, then exit
4. Burn your ISO file to CD
Boot the computer with the CD you just created and let me know if successful for further instructions.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 fiend1182

fiend1182
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 07 October 2011 - 10:44 AM

There's no hope for this one, it looks like there were other problems other than the virus.

Is this virus something that's been around awhile or is it new because I can't seem to find any information on it.

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:58 AM

Posted 07 October 2011 - 01:01 PM

Seems new. That is the reason we should scan the computer. What type of problem you ran into?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 fiend1182

fiend1182
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 07 October 2011 - 01:53 PM

It looks like to OS is gone. When the computer starts it tries to re-install Windows. This particular computer was having issues before the virus so I'm not thinking it was the virus that caused the OS to go away. I'm pretty sure the HD was failing beforehand. I hate to say I hope another computer gets infected with this but I would like to know how to fix it. If I run across it again I'll follow the steps that were outlined in the earlier post and refer back here.

#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:58 AM

Posted 07 October 2011 - 01:57 PM

Some viruses do just that. Were you able to look at the system from an external source?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 fiend1182

fiend1182
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 10 October 2011 - 08:53 AM

No, I didn't get that far before it crashed.

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:58 AM

Posted 10 October 2011 - 09:15 AM

Were you able to resolve then?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 fiend1182

fiend1182
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 10 October 2011 - 11:14 AM

I wasn't able to get rid of the virus since the computer crashed before I had a chance to try the steps you mentioned earlier.

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:58 AM

Posted 10 October 2011 - 08:03 PM

Sorry to learn that. Let me know if there is anything I can do for you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users