Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Police Cybercrime Investigation ransomware


  • Please log in to reply
25 replies to this topic

#1 BrainyTehBrain

BrainyTehBrain

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Location:Mississauga, Ontario
  • Local time:08:47 AM

Posted 11 March 2013 - 05:36 PM

A computer of mine has been infected with this ransomware. It locks the desktop, and it does the same in safe mode as well. I've tried using the hitman pro kickstart usb boot, it found the ransomware, but it just came back upon a reboot. Safe mode with command prompt works, until you open explorer. Also I do not have another usb as I am afraid the one I used has become infected as well. Have some dvd's though.



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:47 AM

Posted 11 March 2013 - 05:41 PM

Reboot the PC into temp account and let me know.


Edited by narenxp, 11 March 2013 - 06:20 PM.


#3 BrainyTehBrain

BrainyTehBrain
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Location:Mississauga, Ontario
  • Local time:08:47 AM

Posted 11 March 2013 - 05:53 PM

im getting stuck at the welcome screen. windows xp fyi

edit: i think im still on the original account how do i switch
edit2:it is the new account i saw a different background as i turned it off
if it helps, i have a linux distro installed along xp

Edited by BrainyTehBrain, 11 March 2013 - 06:07 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:47 AM

Posted 11 March 2013 - 06:14 PM

Did the commands work?



#5 BrainyTehBrain

BrainyTehBrain
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Location:Mississauga, Ontario
  • Local time:08:47 AM

Posted 11 March 2013 - 06:15 PM

Yes they did. But the desktop is still locked


Edited by BrainyTehBrain, 11 March 2013 - 06:18 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:47 AM

Posted 11 March 2013 - 06:19 PM

I want you to boot into temp account.Shutdown the PC and start again and boot into temp



#7 BrainyTehBrain

BrainyTehBrain
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Location:Mississauga, Ontario
  • Local time:08:47 AM

Posted 11 March 2013 - 06:23 PM

There's no user selection screen when I turn on my computer, I have to set to login to the default account. 



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:47 AM

Posted 11 March 2013 - 06:30 PM

Download

 

http://download.sysinternals.com/files/Autoruns.zip

 

Extract it and copy Autoruns.exe to flash drive.

 

Boot into command prompt and launch Autoruns.exe from the flash drive using these commands

 

X:\Autoruns.exe

 

Press <ENTER>.X- is the flash drive letter.

 

 

Allow the information to populate


[*]Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt). to flash drive
[*]Double click on the text file,copy and paste the contents in your reply[/list]



#9 BrainyTehBrain

BrainyTehBrain
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Location:Mississauga, Ontario
  • Local time:08:47 AM

Posted 11 March 2013 - 06:41 PM

Flash drives don't work on this computer for some odd reason, it's a pre-existing issue. The USB mouse/keyboard work, but flash drives don't get recognized.
Plugged it in, typed diskpart>list volume, wasn't listed there even though it was plugged in.


Edited by BrainyTehBrain, 11 March 2013 - 06:42 PM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:47 AM

Posted 11 March 2013 - 06:44 PM

In the command prompt type

 

rstrui.exe and press ENTER.If you get system restore window,try to restore to a previous date and let me know if that helps


Edited by narenxp, 11 March 2013 - 06:46 PM.


#11 BrainyTehBrain

BrainyTehBrain
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Location:Mississauga, Ontario
  • Local time:08:47 AM

Posted 11 March 2013 - 06:47 PM

Already tried that, no restore points.



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:47 AM

Posted 11 March 2013 - 06:53 PM

Do you any antivirus or security softwares on your PC?



#13 BrainyTehBrain

BrainyTehBrain
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Location:Mississauga, Ontario
  • Local time:08:47 AM

Posted 11 March 2013 - 06:58 PM

I have Avast as an antivirus, Malwarebytes and SAS as on-demand.



#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:47 AM

Posted 11 March 2013 - 07:45 PM

Grt

 

In command prompt run these commands one by one and press <eNTER>

 

This should launch malwarebytes,update and run a scan.Let me know if that helps.


Edited by narenxp, 12 March 2013 - 10:05 PM.


#15 BrainyTehBrain

BrainyTehBrain
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Location:Mississauga, Ontario
  • Local time:08:47 AM

Posted 12 March 2013 - 09:32 AM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.09.08
 
Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
temp :: DANH-PC [administrator]
 
3/11/2013 9:22:20 PM
mbam-log-2013-03-11 (21-22-20).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243203
Time elapsed: 36 minute(s), 41 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\Documents and Settings\Administrator\1957806.dll (Spyware.Zbot.ED) -> Delete on reboot.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\temp\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.
 
(end)

I got my desktop back, is there any way to double check whether or not the virus is still there?

Edited by BrainyTehBrain, 12 March 2013 - 09:44 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users