Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PCeU Hijacker removal in XP Pro - help please


  • Please log in to reply
3 replies to this topic

#1 Mad768

Mad768

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 29 December 2012 - 07:57 AM

I have managed to contract this PCeU hijacker which has locked me out of my laptop.[XPS M1210] AMD chip. I searched online for fixes but cant find a solution that I can use or that works on the Laptop. Im running an old version of XP Pro 5.1 so cannot use 'Safe Mode with Networking' as the PCEU page loads once that I have logged on to the user account. I have tried 'Safe Mode with Command Prompt' then typing > CD Restore > rstrui.exe to get to system restore to choose a restore point before the infection. However the system cannot find the path specified when I type the initial cd restore command.

I have Malwarebytes on my desktop but cant access it and the machine im typing this on is a Linux OS and wont let me download to a stick. Can anyone provide instruction to remove this properly, I have searched through the topics and cant find a solution and im not very proficient at fixing problems without a guide.
Thanks in advance. :blink:

Edited by hamluis, 29 December 2012 - 08:17 AM.
Moved from XP to Am i infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:09 PM

Posted 29 December 2012 - 08:17 AM

Removal instructions, http://www.bleepingcomputer.com/virus-removal/remove-police-central-e-crime-unit-reveton-ransomware .

One of the most important parts of the removal instructions...suggests initiating a topic in the appropriate forum, beginning with "If you still have problems..." Please follow the instructions and ensure that you post in the correct forum.

Good luck :).

Louis

#3 Mad768

Mad768
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 30 December 2012 - 06:06 AM

Thanks for your direction, I apologise for posting in the wrong place but I am not familiar with the site yet. However, no success using any of the recommendations in the link and to be honest I did try this yesterday. The issue is I can get past the [cmd.exe] prompt. If I start in Safe mode with networking I get the screen asking me to select OS which is XP Pro, I select user, I have a choice of two ADMINISTRATOR and me, This is an old laptop and I cant remember the password for the Admin so I select me (the infected user) and the desktop does load briefly or is visible whilst it thinks for a few seconds then the PCeU screen appears and im locked out. It does this in every mode except safe Mode.


Typing [Misconfig] just or any other command doesn't work and results in a message saying [ - is not recognized as an internal or external command]

If I type [regedit] I do get through to the Registry Editor but need guidance to remove any components of Explorer, IF that's a way to get back to my desktop or other start point so I can remove this. Any assistance would be gratefully received.
Thanks Mark.

#4 Mad768

Mad768
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 31 December 2012 - 09:24 AM

Now resolved the issue: I kept clcking the start button when the desktop was loading and I managed to beat the Lock out and rolled back to a previous saved point - ran MBAM and Hitman Pro twice, both times finding further malware including Trojans and Spyware. Updated MS security checked the registry for any signs of PCeU and its all fine. Reccomend downloading a Free versio of Hitman Pro Kickstart and MBAM onto a stick as this would have saved me 2 days stress.
Thanks for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users