Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Metropoltian police virus removal with SLAX


  • This topic is locked This topic is locked
4 replies to this topic

#1 Jbenny2

Jbenny2

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 06 November 2012 - 03:17 AM

Hello,

I'm having a few problems with my media center PC.

It became infected with a virus that displays a message warning you the Metropolitan police are investigating you for illegal activities, and you should pay to release your desktop. I had removed it using an AVG anti virus scanner which boots from a flash drive, this worked fine rebooted into windows XP, run a couple of windows removal tools Spybot and AVG, all cleaned ok but when i rebooted it it came back.

The basic problem i have is it won't let me boot into safe mode, it just reboots every time i select safe mode, and windows presents me with a white screen then the virus screen.

Next i tried a version of SLAX on a flash drive that i can boot to and i have got several removal tools for Slax on that flash drive but everyone needs an internet connection to register before it will scan. I can't get my USB wireless adapter to be recognized in SLAX, the PC is built into a media center cabinet and will take a long time to disconnect and remove to get a LAN cable to the hub so it's wireless or nothing. The wireless USB adapter is made by Netgear for VirginMedia and i can't find any XP drivers for it that will work using ndiswrapper in SLAX.

Does anyone have any ideas on how to go forward with this. I'm coming up against a brick wall everytime i think i'm making progress, or am i being stupid and missed something obvious.
Any help much appreciated

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 08 November 2012 - 09:47 PM

Greetings Jbenny2 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 09 November 2012 - 11:41 AM

Greetings Jbenny2,

Thank you for allowing me time to review your situation. The first thing we are going to try to do is see if we can get your computer to boot into Normal Mode. Please do the following for me, if you would.


===================================================


Kaspersky WindowsUnlocker

--------------

To complete this process you will need a USB device with at least 256 MB of free space.

  • On a clean computer download Kaspersky WindowsUnlocker and save it to your desktop
  • Now Download rescue2usb.exe and save it to your desktop
  • Double click rescue2usb.exe
  • Select Run, then Install
  • On the Kaspersky USB Rescue Disk Maker window, click Browse, then then click Desktop on the left
  • Double click kav_rescue_10.iso
  • Select the required USB device from the drop-down menu if not already listed
  • Click START


    Posted Image

  • Wait until the process is complete
  • Click OK
  • Remove the USB device from your clean computer and insert it into the infected computer
  • Boot your infected computer
  • As the computer boots up gently tap F12 and choose to boot from Removable or USB Devices (or something similar)
  • When the Kaspersky Rescue Disk screen appears press any key within 10 seconds


    Posted Image

  • Press Enter on English which should be highlighted by default
  • Press 1 to accept the agreement
  • Press Enter on Kaspersky Rescue Disk. Graphic Mode which should be highlighted by default
  • Once the program loads click Exit on the Scan your computer screen, then click Yes on the warning pop up window
  • Click the Posted Image button in the bottom left hand corner of the screen
  • Select Terminal
  • At the command prompt type windowsunlocker and press Enter


    Posted Image

  • On the root: windowsunlocker screen press 1 (Unlock Windows) and press Enter


    Posted Image

  • The program will clean the registry and display the results in the window


    Posted Image

  • Now press 2 (Save boot sector copies) and press Enter


    Posted Image

  • Type 0 then press Enter
  • If the window does not close type Exit and press Enter
  • On the desktop double click File manager
  • Click on Custom Path located just above the C: folder
  • Double click the Var folder
  • Double click the kl folder
  • Make sure the WUnlocker 1.0 file is present


    Posted Image

  • Close the window
  • Click the Posted Image button in the bottom left hand corner of the screen
  • Select Shutdown then click Yes
  • Remove the USB device and attempt to boot your computer into Normal Mode

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Did your computer successfully boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 11 November 2012 - 08:49 PM

Greetings Jbenny2,


===================================================


3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 13 November 2012 - 01:25 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users