Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Xp Virus 20 euro paysafe card code?


  • This topic is locked This topic is locked
91 replies to this topic

#1 tom211

tom211

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 28 May 2012 - 10:53 AM

Hi a member from yahoo answers told me to post my problem here for great help, so here go's...

I've got a virus that when i turn my pc on the desktop loads for about 5 seconds, then straght away a page loads with a lot of text (in another language) & two boxes to in put a code. I've got no start menu/icons & it wont let me do anything.

i cant get into safemode, when I try safe mode i get a bunch of multi(0)disk(0)partition(1)\Windows\Systů

Then I get the following message: "We apologize for the inconvenience, but Windows did not start successfully. A recent hardware or software change might have caused this."

Then im back to square one.

Does anyone know how to fix this? or how to get at the files on my hardrive & move them to a external hardrive then reinstall windows?

Edited by hamluis, 28 May 2012 - 12:01 PM.
Moved from XP to Am I infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,900 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:51 AM

Posted 28 May 2012 - 12:03 PM

I've asked one of our malware personnel to try to assist you. I've placed post on Unbootable (due to malware) List...please be patient.

Louis

#3 tom211

tom211
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 29 May 2012 - 05:02 PM

I've found out its called ransomware, because it holds your pc for ransom untill you pay them.

I tried to restore from a xp install disc with the restore center using the command chkds /r.

i run it run twice, after the first time it said it replaced/restored some files. The second time it didnt say that.

But its still there, hope to here back soon...

Thanks

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:51 PM

Posted 30 May 2012 - 02:34 AM

Hello, and sorry for the delay.

Can you tell me how the ransomware is called?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 tom211

tom211
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 30 May 2012 - 08:25 AM

Sorry but what do you mean?

It's like this, but the box covers all of my screen. I couldn't get the uwbcd to work when i put the disc in it wouldn't load. I've changed the order of the Boot Sequence in the BIOS



But i didnt get it from a porn site lol

Edited by tom211, 30 May 2012 - 08:38 AM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:51 PM

Posted 30 May 2012 - 08:52 AM

Does the ransom screen give you any information (a name, a company or something like that)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 tom211

tom211
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 30 May 2012 - 09:14 AM

No its all in another language, i think it's german.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:51 PM

Posted 30 May 2012 - 09:28 AM

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download rst.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named enum.log
  • Remove the USB drive and insert it back in your working computer and navigate to enum.log

    Please note - all text entries are case sensitive
Copy and paste the enum.log for my review

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 tom211

tom211
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 30 May 2012 - 09:56 AM

I can see the rst.sh file, it's in sdc1.

When i:
# Click on the folder that represents your USB drive
# Press Tool at the top
# Choose Open Terminal
# Type bash rst.sh
# Press Enter

It says no file found.


Forget that, i entered the command in wrong.

Now it says:
Searching for restore points.

Edited by tom211, 30 May 2012 - 10:05 AM.


#10 tom211

tom211
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 30 May 2012 - 10:08 AM

This is the log:

26.3M May 16 17:26 /mnt/sda1/WINDOWS/system32/config/software
11.5M May 30 13:42 /mnt/sda1/WINDOWS/system32/config/system

25.9M May 17 14:45 /sda1/~/RP1/~SOFTWARE
8.7M May 17 14:45 /sda1/~/RP1/~SYSTEM

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:51 PM

Posted 30 May 2012 - 10:12 AM

Can you give me an indication of when this problem started (the approx. date)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 tom211

tom211
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 30 May 2012 - 10:16 AM

about 1 week ago.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:51 PM

Posted 30 May 2012 - 11:35 AM

Please reboot in xPUD and navigate to your USB drive. Click Tool > Open Terminal.
Type bash rst.sh -r and press enter.

Type 1 and press enter.

When done, restart the computer twice and let me know if you still get the ransomware screen.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 tom211

tom211
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 30 May 2012 - 12:55 PM

I done that, but unfortunately it's still there.

After the second restart, a blue windows screen came up and it was checking the files & scanning them.

I thort it was going to work, because it said somthing about removing .loc files & the virus has locked some of my files. Like mp3, txt, avi ect...

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:51 PM

Posted 30 May 2012 - 01:23 PM

After the file scan, do you now still see the message?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users