Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Crime Complaint Virus


  • This topic is locked This topic is locked
34 replies to this topic

#1 kloroformkandi

kloroformkandi

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 22 January 2013 - 03:42 PM

I recently had the fun interaction of receiving this internet crime complaint center virus.
Posted Image

I tried the first of removal steps:

Restarting my computer with no internet connection.. Nothing.
Restarting my computer in safe mode with networking.. Nothing.
Restarting my computer in safe mode with command prompt.. I almost got something here. The command prompt started to come up, only for the virus screen to reappear.

I couldn't get anywhere to actually remove anything.
I really have no idea what to try from this point considering I can't get to my desktop at all. [Does logging into a different user matter at all?]
I am running Windows XP.
I don't have everything on my computer backed up so a complete reinstall is a total last resort for me/ [Also I heard from multiple sources that this did no good].

Please help! I would love my computer back.

Edited by kloroformkandi, 22 January 2013 - 04:15 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:05 PM

Posted 22 January 2013 - 06:35 PM

I'll report this topic to appropriate helpers.
Hold on...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:05 AM

Posted 24 January 2013 - 06:10 AM

Can you please rebot in safe mode with command prompt and type cmd /d and press enter. This will prevent the ransom screen from loading if you do it fast enough. It may take a few tries (type as soon as you see a prompt). If that just doesn't work, we'll try something else. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 kloroformkandi

kloroformkandi
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 24 January 2013 - 10:54 AM

I tried it twice. I was able to type cmd /d and hit enter quick enough in the prompt, but the ransom screen still would show up.

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:05 AM

Posted 24 January 2013 - 11:00 AM

Have you tried to boot in Safe Mode using the Administrator account (it should be an option on the log in screen in safe mode)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 kloroformkandi

kloroformkandi
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 24 January 2013 - 11:25 AM

Yes I have. When I did so I deleted a suspicious process but other than that I wasn't sure where to look.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:05 AM

Posted 24 January 2013 - 11:27 AM

Please do the following: when in safe mode (no matter which version), open the following folders and look for files (not folders) in the following locations:

c:\documents and settings\<your username>\application data
c:\documents and settings\All Users\application data

Look especially for .dat and .exe files. I suspect you'll find a random named .exe file in each of these folders.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 kloroformkandi

kloroformkandi
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 24 January 2013 - 12:04 PM

Should i delete these if I come across them?

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:05 AM

Posted 24 January 2013 - 12:08 PM

Yes, but just to be sure its better to post the exact name first, just to be sure you're not deleting something else. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 kloroformkandi

kloroformkandi
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 24 January 2013 - 12:34 PM

I found no folders titled application data. Is that bad? @.@

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:05 AM

Posted 24 January 2013 - 12:38 PM

Have you made sure you can see hidden files?
Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 kloroformkandi

kloroformkandi
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 24 January 2013 - 12:44 PM

I found this in both folders.

xoijnehdxykf.exe

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:05 AM

Posted 24 January 2013 - 12:51 PM

Please delete the files in both folders (you can also rename them from .exe to .vir files if you want to play it safe). Then restart the computer and let me know if you can get in Windows normally now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 kloroformkandi

kloroformkandi
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 24 January 2013 - 12:55 PM

It seems to be starting normally, but my desktop and taskbar look different o.O Looks so old without windows XP theme settings haha
At least no ransom screen!

Edited by kloroformkandi, 24 January 2013 - 12:58 PM.


#15 kloroformkandi

kloroformkandi
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 24 January 2013 - 01:23 PM

Only problem I see is that I can't open my task manager. It says disabled by administrator.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users