Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Removal of reveton-citadel ransomeware??

  • Please log in to reply
2 replies to this topic

#1 xtranaut


  • Members
  • 3 posts
  • Local time:08:46 AM

Posted 03 July 2012 - 10:32 PM

Everyone knows about this but me?? Well not exactly. Would you believe that I spent two sessions with two different tech help people at AVIRA who were scratching their heads? Luckily, I am set up with three different user sign ins because on my personal user sign in the full screen FBI logo page pop up and you have to manually shut down.

Per AVIRA instructions, I downloaded their rescue disc and did a boot up with it. No cigar. Then went into safe mode and did my S&D, Malwarebytes (free version), and another Avira scan. Still no detection.

The more I read, the scarier this gets as I read that the creator of this put it out there for any pinhead to modify to his own level of destructive deviousness. I read horror stories about identity theft to posting stolen photos various placed on the net and defaming people to the point where they were fired and were divorced! Mostly the deal is to see if you are schmuck enough to believe that the FBI would request a hundred bucks for you to regain access to your computer. (that may be coming..but not happening now)

I called the FBI in my city and they said they had hundreds of calls that day. Really sad the FBI isn't as sharp as they are on TV and move in within minutes to catch the perps.

Now maybe here is a new twist. If this has ever downloaded itself on your computer did you ever see a live open shot of you starring at you on that warning page? Upper right hand corner I kept seeing this ceiling fan. I hardly ever use a camera so I felt really dumb when it took me 10 minutes to figure out that it was MY camera that was aimed back at the ceiling. NOW THAT WILL MAKE YOU A LITTLE PARANOID! Disconnected that sucker!

Long story short -- no solution from AVIRA and this has been around for quite some time. So much for them at renewal time. Does anyone have a clue how I get rid of this nasty thing because I am literally frozen in terror from doing any online banking, EBAY or PAYPAL transactions or even going on FACEBOOK until I can kill the demon. I mean I don't even want to do system RECOVERY because I just don't think that anything less than reimaging would be sufficient given the sophistication of different authors of this program. Obviously it hides well and mostly in encrypted files -- which i have yet to find with the specific KAPERSKY program for getting rid of it.

I would sincerely appreciate the help of those who have successfully eliminated it without an further residual effects.

Edited by xtranaut, 03 July 2012 - 10:37 PM.

BC AdBot (Login to Remove)


#2 narenxp


  • BC Advisor
  • 16,371 posts
  • Gender:Male
  • Location:India
  • Local time:08:46 AM

Posted 03 July 2012 - 10:46 PM

Boot the PC into safemode with networking



Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here


ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 madmanbean


  • Members
  • 3 posts
  • Local time:08:46 AM

Posted 25 January 2013 - 02:56 AM

Even more people talking about this virus and so many suggesting fixes. Most of those suggestions work but what many people do not realise until later is that they are left with a My Documents fold full of encrypted files! This includes .doc. .xls .txt .pdf .jpg and many more.

Despite much searching I have yet to find a utility that will decrypt those files.

I my instance even my backed up files were infected as my daily backup routine ran and overwrote the backed up files before I realised the extent of the damage!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users