Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware "Polizei Cybercrime Investigation Department"


  • This topic is locked This topic is locked
49 replies to this topic

#1 KidWrangler

KidWrangler

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 08 November 2012 - 11:36 AM

Good morning, I am a little stumped here. Althought I'm not a whiz at computers I know a thing or 2. After all I put this computer together with some wicked parts all on my own. It appears I have a virus in my computer which as the title suggests it's a cybercrime scam where they say I violated copyright laws and want me to "UKASH" 100.oo within 72 hours or else I'll be investigated and brought to justice, lol. All while I was using youtube, this screen just poped up. I am with Bell Canada and have a security package with them so I'm surprized this virus has come up.

To describe it better, It comes up immediately when starting windows and I can't access my main screen or nothing. I pressed CTRL, ALT, DEL and try to start task manager but it reverts back to the virus page. I was able to "restart" and during that process "cancel force restart" while progams were closing and stay logged on, browse the internet and it was like everything was normal. So I try a restore... But unfortuanetely I never created a restore point so my computer cannot be saved that way I guess. Used the computer all night and shut down only to start it up this morning to the same message "Polizei Cybercrime Investigation Department"

Can anyone help? F8 doesn't seem to work during boot up, I can access my computer's info via DEL or ESC, but can't find the boot in safe mode ( which I thought I can use to restore, but that doesn't work) If there is more information needed I'll gladly post. Thanks again for your time.

*Moderator Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 08 November 2012 - 11:59 AM.


BC AdBot (Login to Remove)

 


#2 KidWrangler

KidWrangler
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 08 November 2012 - 02:38 PM

My question is, is there a program I can use and burn on a disc to be able to boot from cd to fix this malware issue? I can now only access desktop through safe mode with command prompt.

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:31 PM

Posted 08 November 2012 - 02:51 PM

Let me ask a malware response team member to help you

good luck

#4 KidWrangler

KidWrangler
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 08 November 2012 - 03:17 PM

Thank you kindly

#5 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:31 PM

Posted 08 November 2012 - 06:03 PM

Hello KidWrangler :)

  • I will be helping with your computer problems.
  • From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.
  • I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.
  • Remember that you came here for help, so allow us to help you :)
  • If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.
  • Always do the steps they are listed in (left to right, top to bottom).
  • I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.
  • If you have a question about something, do not hesitate to ask.

Let's begin:

Please create the CD and run the WindowsUnlocker program as described here: http://support.kaspersky.com/faq/?qid=208285998

Let me know how you progress.

Edited by thisisu, 08 November 2012 - 06:03 PM.


#6 KidWrangler

KidWrangler
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 08 November 2012 - 06:32 PM

I created a boot disc, running scan with Kaspersky as we speak...

#7 KidWrangler

KidWrangler
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 08 November 2012 - 06:35 PM

Waiting on your next command ;) also a bunch of boxes keep poping up 9 red, green) and go in detailed report....

#8 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:31 PM

Posted 08 November 2012 - 06:48 PM

It sounds like it found a few bad entries.
If you can, try to follow step #5 of the link I gave you so that you can share the report details with me.

Also try rebooting your computer normally.

Let me know how it goes.

#9 KidWrangler

KidWrangler
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 08 November 2012 - 07:01 PM

Should I be scanning c: as well or like in picture only disc boot sectors and hidden start up objects?

#10 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:31 PM

Posted 08 November 2012 - 07:14 PM

Yes you should be scanning C:
Not sure why the picture doesn't show that checked -- It's pretty important! :)

Edited by thisisu, 08 November 2012 - 07:14 PM.


#11 KidWrangler

KidWrangler
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 08 November 2012 - 07:16 PM

With only a scan of the aboved mentioned I got 7 trojan program detected...

Trojan program Exploit.Java.CVE-2012-1723.dm /mnt/MountedDevices/PD-A937 High

Trojan program Exploit.Java.CVE-2012-1723.dg /mnt/MountedDevices/PD-A937 High

Trojan program Exploit.Java.CVE-2012-1723.dg /mnt/MountedDevices/PD-A937 High

Trojan program Trojan.Win32.Buzus.mrei /mnt/MountedDevices/PD-A937 High

Trojan program Trojan-Downloader.Java.Agent.pg /mnt/MountedDevices/PD-A937 High

Trojan program Exploit.Java.CVE-2010-0840.gg /mnt/MountedDevices/PD-A937 High

Trojan program Exploit.Java.CVE-2010-0840.gh /mnt/MountedDevices/PD-A937 High

Scanning c:...


will you up in 2 hours lol?

#12 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:31 PM

Posted 08 November 2012 - 07:38 PM

Does it say what the file paths of those detections were?
Yes I should still be awake.

#13 KidWrangler

KidWrangler
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 08 November 2012 - 08:27 PM

Those were for the disc boot sectors and hidden start up objects, I am unable to find paths? The c: is 55% done and I can see paths of the latest Trojans of c: C:/Windows/Temp hoiu8.exe. But it's not done yet so I'm not sure what it will want me to do with them.

#14 KidWrangler

KidWrangler
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 08 November 2012 - 08:52 PM

75% complete and 8 trojans and exploits found so far.

What information could you use now while were waiting for it to complete? The entire result, type, path name and reason for all or are there specific things I can give you which would be much less time comsuming ;)

Edited by KidWrangler, 08 November 2012 - 08:52 PM.


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:31 PM

Posted 08 November 2012 - 08:54 PM

Hello, Just letting you know I moved this to the Virus, Trojan, Spyware, and Malware Removal Logs forum,where it will stay.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users