Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pceu virus & system shutting off


  • This topic is locked This topic is locked
16 replies to this topic

#1 jlars

jlars

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 17 December 2012 - 08:04 PM

Hi all,

Daughter arrived home from England with her laptop and the pceu virus (Dell Inspiron 1545 running Windows 7).
I was able to change the boot order to boot from the DVD drive, and I have tried to use the Kaspersky Rescue 10 suite off the boot drive, but I've only gotten as far as running the windowsunlocker and just a little into the virus removal tool before the pc shuts down.

That's the main problem: depending on how long I let it sit, I only have anywhere from 30 seconds to 5 minutes to work before a shut-down. I don't know how to get the pc to stay on.

Any help would be incredibly welcome.

jlars

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:44 PM

Posted 17 December 2012 - 08:50 PM

Hello jlars

If you can boot into Safe Mode with Networking,try this guide.


Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode


Remove the Win32/Reveton or Police Central e-crime Unit Ransomware

Let me know.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jlars

jlars
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 17 December 2012 - 09:52 PM

I was able to boot into Safe Mode with Networking, logged in as the infected user and, using the Firefox browser, typed in the website you referenced. (Firefox initially came up with the error that it couldn't find Google, the default home page.) I got an error relating to the web site or location not being found, but before I could investigate further, the system shut down. I tried a 2nd time and it shut down while I was checking for a network connection.

Even though I chose Safe Mode with Networking, I don't think I'm connecting to the internet. I'm not seeing any available connections and I'm getting shut down before I can get very far.

The path you laid out is promising; I wish I could carry it out . . . it seems like I have about 2 minutes or less to do anything.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:44 PM

Posted 17 December 2012 - 10:32 PM

OK, I am going to ask another that specializes in this to look here,may not be tonite. You will need access to either another PC and a Flash or CD drive.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jlars

jlars
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 17 December 2012 - 11:37 PM

Thank you.
I have access to all of those.

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:44 PM

Posted 18 December 2012 - 12:40 AM

:welcome:

Lets give it a try. You will need a USB Flash drive.

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 jlars

jlars
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 18 December 2012 - 07:28 PM

I am trying to get through this. The machine shut down during the scan and before it had a chance to write a log to the flash drive.
I have to go out for a couple of hours; I will try again when I return.

This will be a continual challenge -- to run any scan before the system shuts off.

Thanks, though, for your help.

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:44 PM

Posted 18 December 2012 - 08:34 PM

It could be due to overheating. Can you feel the CPU fan running?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 jlars

jlars
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 18 December 2012 - 10:37 PM

Got through the scan; frst.txt file attached.
(The fan does run pretty much right from the start, but it doesn't seem like it has enough time to overheat . . .)

Attached File  FRST.txt   25.1KB   3 downloads

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:44 PM

Posted 19 December 2012 - 08:40 AM

I will need to collect more information.

Download MBRFix from here.

Save and extract its contents to the working computer's desktop. There are three files in the MBRFix folder. From these, only copy the MBRFix64.exe to the USB drive.

Also download the enclosed file and save it in the USB drive.

Insert the USB drive into the ailing computer. Use the same USB port used before.

Now please enter System Recovery Options and run FRST64 as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt). It will also create a file labeled MBRDUMP.txt. Copy and Paste the contents of the Fixlog.txt in your next reply, but attach the MBRDUMP.txt as it is a hex file.

It will also produce a minidump folder. Please zip this folder and attach it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 jlars

jlars
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 19 December 2012 - 07:15 PM

Hope I did this right.
By the way: sorry for the delayed replies -- I'm trying to squeeze this in around a million other things. Thank you so much for your time.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-12-2012
Ran by SYSTEM at 2012-12-20 00:07:23 Run:1
Running from H:\

==============================================

C:\Users\Hannah\Start Menu\Programs\Startup\runctf.lnk moved successfully.
C:\Windows\System32\rundll32.exe moved successfully.

========= md H:\minidump =========


========= End of CMD: =========


========= Copy C:\Windows\Minidump\120712-82087-01.dmp H:\minidump =========

1 file(s) copied.

========= End of CMD: =========


========= Copy C:\Windows\Minidump\120612-90948-01.dmp H:\minidump =========

1 file(s) copied.

========= End of CMD: =========

MBRDUMP.txt is made successfully.

==== End of Fixlog ====

Attached Files



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:44 PM

Posted 20 December 2012 - 07:56 AM

The problem appears to be hardware related. Open the RAM Memory window and swap the memory modules, then give it a try.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 jlars

jlars
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 20 December 2012 - 10:03 PM

I didn't know you could swap modules with software. How do you open the RAM Memory window? I've never seen that before.

Also, did you not see any evidence of the pceu virus (or ransomware, if that's more correct) -- I swear it was there . . .

Edited by jlars, 20 December 2012 - 10:12 PM.


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:44 PM

Posted 21 December 2012 - 12:35 AM

I see no sign of malware.

To reach the memory modules (RAM Memory) on a laptop some dis-assembly is required. This video should give you an idea.

I am requesting this topic to be move to the software forum. There someone will help you do some testing on your hardware.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,112 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:44 PM

Posted 21 December 2012 - 12:52 AM

Actually, given all the logs etc. in this topic, it would be best to create a new topic in the appropriate OS forum. Please state that you were referred there from this forum and provide a link to this topic in the new topic.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users