Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Hijacked


  • This topic is locked This topic is locked
52 replies to this topic

#1 Plainsman89

Plainsman89

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 13 April 2013 - 09:04 AM

I have the DOJ Virus and am running Vista.

Current state. Computer has login for "other user". Cannot access.

What I have done

Computer could not access any safemode option or internet.
Tried to run Hitman Pro (kickstart), but program would not run without Internet access.
Ran Norton Boot recovery tool. It found nothing, but did scan whole computer.
Found option to use hitman pro without internet. Scan ran, but only scanned the recovery drive.

I cannot access the c drive at all anymore and the computer now boots to other user, no longer shows DOJ screen

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:29 PM

Posted 13 April 2013 - 03:25 PM

Welcome aboard p22002758.gif

 

How usable the computer is now?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Plainsman89

Plainsman89
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 13 April 2013 - 09:43 PM

Not usable all...can only get to the other user screen

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:29 PM

Posted 13 April 2013 - 09:52 PM

I'll report this topic to appropriate helpers.

Hold on...


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 14 April 2013 - 06:01 AM

Hi Plainsman89,

 

My name is etavares and I'll be helping you with this issue.  First things first, what version of Windows are you running?  XP, Vista, 7 or 8?  That will impact which tools we can run.

 

I've also moved this to the Virus Removal Forum...since you're clearly infected.

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 Plainsman89

Plainsman89
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 14 April 2013 - 09:38 AM

Vista

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 15 April 2013 - 05:32 AM

Hello, Plainsman89.
Please download Farbar Recovery Scan Tool and save it to a flash drive.
 
Plug the flashdrive into the infected PC.
 
If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
 
If you are using Vista or Windows 7 enter System Recovery Options
 
To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  •  
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  •  
    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
     
    Select Command Prompt
     
    Once in the Command Prompt:
    [*]In the command window type in notepad and press Enter.
    [*]The notepad opens. Under File menu select Open.
    [*]Select "Computer" and find your flash drive letter and close the notepad.
    [*]In the command window type e:\frst (for x64 bit version type e:\frst64)  and press Enter 
    Note: Replace letter e with the drive letter of your flash drive.
    [*]The tool will start to run.
    [*]When the tool opens click Yes to disclaimer.
    [*]Press Scan button.
    [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #8 Plainsman89

    Plainsman89
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:01:29 AM

    Posted 16 April 2013 - 09:11 PM

    I can no longer access my computer.  When I tap F8, I do get the Repair Your Computer option, but instead of going to the screen to enter my country, I go directly to a Login screen titled "Other User".  It looks like it is in safe mode font and is obviously not real (I cannot exercies CTRL + ALT + DEL  or log off).  I can type a password.

     

    What should I do now?



    #9 Plainsman89

    Plainsman89
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:01:29 AM

    Posted 16 April 2013 - 10:34 PM

    I checked and do not have the installation disk (I bought my computer from Dell).  I tried to bypass by hitting F10 and received a message "Missing operating System".



    #10 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:02:29 AM

    Posted 17 April 2013 - 07:36 PM

    Hi Plainsman,

    OK, some research shows most people end up reformatting from the installation CD to resolve this. I have unsuccessfully found anyone who has fixed this. We can try a couple of things, but we are quite limited without that CD. Let's try this. If you want to reformat, we can skip ahead to that; or attempt to do something no one has appeared to do before. Up to you.

    Try this please. You will need a USB drive.

    Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
    • Insert your USB drive
    • Press Start > My Computer > right click your USB drive > choose Format > Quick format
    • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
    • Press Run then OK
    • Select the DiskImage option then click the browse button located on the right side of the textbox field.
    • Browse to and select the xpud-0.9.2.iso file you downloaded
    • Verify the correct drive letter is selected for your USB device then click OK
    • It will install a little bootable OS on your USB device
    • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
    • After it has completed do not choose to reboot the clean computer simply close the installer
    • Remove the USB and insert it in the sick computer
    • Boot the Sick computer
    • Press F12 and choose to boot from the USB
    • Follow the prompts
    • A Welcome to xPUD screen will appear
    • Press File
    • Expand mnt
    • sda1,2...usually corresponds to your HDD
    • sdb1 is likely your USB
    • Click on the folder that represents your USB drive (sdb1 ?)
    • Press Tool at the top
    • Choose Open Terminal
    • Copy/paste the following command and press enter:

      dd if=/dev/sda of=mbr.txt bs=512 count=1
    • When done a file, mbr.txt, will be created on your USB drive. Please attach that file to your reply.

    • Please note - all text entries are case sensitive

      etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #11 Plainsman89

    Plainsman89
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:01:29 AM

    Posted 17 April 2013 - 07:57 PM

    A buddy of mine at work told me he had a Windows Vista installation disk.  Would it be better to obtain the disk or should I go ahead with your last directions?



    #12 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:02:29 AM

    Posted 18 April 2013 - 05:51 AM

    Hi Plainsman,

    It's up to you. If you want to reformat entirely, then yes, we'd need the disk. If you want to save your data before reformatting, then we'll need the disk and the xPud flash drive. If you want to see if we can save it, then just run the xPud. Please note that the Vista CD would need to be the same version (e.g. Home Premium, Ultimate, etc.) as what your license is for. It probably says it on a sticker on the back or underside of the computer.

    -etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #13 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:02:29 AM

    Posted 18 April 2013 - 05:51 AM

    PS> We could activate your recovery partition a different way if the disk isn't the same version as what you have installed, but the disk is more straightforward.


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #14 Plainsman89

    Plainsman89
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:01:29 AM

    Posted 18 April 2013 - 11:28 PM

    I was unable to download the ISP file.

    #15 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:02:29 AM

    Posted 19 April 2013 - 05:44 AM

    Hi Plainsman,

    The link is currently working for me. Please try again in case the server was down. What happened when you tried to download it?

    -etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users