Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Met Police e-crime Ransomeware


  • This topic is locked This topic is locked
7 replies to this topic

#1 Rogmur

Rogmur

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 24 February 2013 - 08:10 AM

Dear Bleeping Computer Members

 

My PC has been infected by what I guess is known a "Ransomeware" (Met Police e-crime).

It has taken over my PC and I am unable to access my desktop, and in an attempt to start my PC

in Safe Mode (either safe mode function), this Virus has thwarted my efforts.

I have disconnected my infected PC from the internet, and now the fake website of Policeman

is now just a permanent "white screen".

 

I have downloaded the latest version of RKill and this has not worked either.

 

Please can anyone help or advise.

 

Many thanks in advance

 

Rogmur

 

Windows XP (SP3)

 

 

*Moderator Edit: Moved topic from XP to the more appropriate forum. ~ Queen-Evie*


Edited by Queen-Evie, 24 February 2013 - 08:19 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:26 AM

Posted 24 February 2013 - 01:20 PM

I'll report this topic to appropriate helpers.

Hold on...


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:26 AM

Posted 24 February 2013 - 07:09 PM

Lets try the AVG Rescue CD:


"AVG rescue CD is basically a portable version of AVG anti-virus, which runs on linux distribution as bootable CD or bootable USB flash drive. This Rescue CD is equipped with AVG Antivirus , AVG Anti Spyware and some administrator recovery tool.


You can scan and remove computer virus without booting operating system first. It is suitable for recovering MS Windows and Linux operating systems (FAT32 and NTFS file systems) from virus and spyware attack. Meanwhile, Administrator toolset on AVG rescue disk are Windows Registry editor, a TestDisk utility for data recovering and lost partitions, a file browser for navigating folders, and a Ping tool for basic network diagnostics."

Please Note: Windows does not have to load for this scanner to work.

AVG Rescue CD Guide-check here

You can download AVG rescue CD HERE.
It's also located on ThisPage, make sure you download the .iso file.

Here's how it goes:

Download and install Active@ ISO Burner
Click HERE for ISOBurner Instructions.
Install the program, and follow the next set of steps.

After you install Active@ ISO Burner, put a blank cd-r in your burner and double click on the AVG Rescue CD.iso you downloaded and Active@ ISO Burner should automatically open up.....now click BURN.

The program is very easy to use, you'll just be pressing Enter most of the time but here's how it goes:

1. After the rescue cd is made, boot-up the sick computer, put the rescue cd in and then restart it.
Note: In order to do so, the computer must be set to boot from the CD first. For information on how to do that....click HERE.
2. At the Boot Menu: Choose AVG Rescue CD (1) and press Enter

3. Let it load, at the "Disclaimer Screen"... just choose I agree or not and press Enter

4. At the "Update Screen", choose Yes and press Enter

Next screen, Choose Update from Internet and press Enter

5. At the "Update Priority Configuration" window, choose Priority 2 Virus Database Update and press Enter

6. Let it update and when finished, Press any key to continue

7. You end up back at the "Update Screen", choose Return and press Enter

8. Your at the "Main Menu" screen, choose Scan, press Enter

9. "Scan Type Menu", choose "Volumes Scan - Selected Volumes" and press Enter

10. "Scan Volumes", choose "OK" and press Enter

11. "Scan Options", choose "OK" and press Enter

12. "Run Scan", choose "Yes" and press Enter

13. When scan is complete, Press any key to continue

14. "Info screen", choose "OK" and press Enter

15. To see the scan report, select "Report File" and press Enter
Please look over the list as some files can be crucial for the Windows system and deleting them can make it inoperative, if in your not sure please Google the file or files.

16. "Scan Results Menu", use the up and down keys and choose "Select - Handle single or groups of infected files", press Enter
Go through the files and choose to Rename the infected file, don't choose Delete!
This is important....Rename<---

17. Read the "Warning Screen", "Yes" and Enter

18. Back to "Scan Results Menu", choose "Back or Return" to get to the "Main Menu" and then choose ---->Reboot System
Don't forget to take out the rescue cd.

19. All the malware files will be renamed to "_INFECTED.arl", to find all of these files....
Go to Start > Search > All Files and Folders > type "_INFECTED.arl" and click search.
Example: malware.exe would be renamed to malware.exe_infected.arl

20. Note: If you find the cd doesn't load, it's most likely do to a bad download or bad burn, download the file again and burn it at a slower speed.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 Rogmur

Rogmur
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 25 February 2013 - 10:13 AM

Hi JSntgRvr.

 

Many thanks for you help I shall give it a try.

 

Kindest regard

 

Rogmurguitar.gif



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:26 AM

Posted 25 February 2013 - 02:35 PM

Let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 Rogmur

Rogmur
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 26 February 2013 - 12:12 PM

Hi JSntgRvr,

 

Thanks once again for your helpand advice.

I downloaded AVG Rescue disk and isoBurner.

I burned AVG Rescue Disk to DVD.

However, I must have done something wrong along the way.

So, I decided to re-format my hard drive (drastic I know).

 

Still, I shall keep the AVG Rescue Disk and regularly update it as a precaution.

 

Once again many thanks for you sterling help

 

Kindest regards

 

Rogmurguitar.gif



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:26 AM

Posted 26 February 2013 - 05:06 PM

Thanks for the feedback.

Be safe. :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:26 AM

Posted 26 February 2013 - 06:16 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users