Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Department of Justice Virus


  • Please log in to reply
12 replies to this topic

#1 lonogod

lonogod

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 23 April 2013 - 06:41 AM

Hello,

 

So I get to work this morning and one of my employees informs me that one of the work computers has been locked by the Department of Justice.  After doing some research I found out that it is just a virus.  I did what is recommended here, but nothing happens when getting to step 10.  The window for HitmanPro never appears.  All of the previous steps are performed without any issues whatsoever.

 

I created the flashdrive using a Windows 8 64-bit computer, and I used the 64-bit version of HitmanPro to create the flashdrive.  I'm not sure if that is relevant, but I certainly thought I would mention it.

 

Please help me resolve this issue.  Thankfully we have another work computer, so it's not shutting down our business, but it is slowing us down.

 

 

Thank you so much!

 

 

Infected Computer - Windows XP Professional 32-bit

 

 

EDIT 1:  I also just tried creating a flashdrive using a computer that is identicle to the infected computer (this time using the 32-bit version of the download).  I had the same result...the window for HitmanPro still does not appear.

 

 

EDIT 2:  I tried going into Safe Mode to resolve the issue another way, but it gave me the BSOD before it got to Safe Mode.  The following message displayed:

 

A problem has been detected and Windows has been shutdown to prevent damage to your computer.

If this is the first time you've seen this Stop error screen, restart your computer.  If this screen appears again, follow these steps:

Check for viruses on your computer.  Remove any newly installed hard drives or hard drive controllers.  Check your hard drive to make sure it is properly configured and terminated.  Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical Information:

*** STOP:  0x0000007B (0xF7C4E524, 0xC0000034, 0x00000000, 0x00000000)


Edited by lonogod, 23 April 2013 - 10:02 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:21 PM

Posted 23 April 2013 - 09:45 PM

I'll report this topic to appropriate helpers.

Hold on...


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 lonogod

lonogod
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 24 April 2013 - 09:57 AM

Thank you Broni!  I'll sit tight and wait for assistance.



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 AM

Posted 27 April 2013 - 02:23 PM

Hi lonogod,

 

Sorry for the delay.  I'll be helping you.  What version of Windows are you running (EDIT:  on the infected computer)?  We'll make a flash drive to run some diagnostics and we should be able to fix this.  I just need the Windows version to know which tool we can use.

 

-etavares


Edited by etavares, 27 April 2013 - 02:26 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 lonogod

lonogod
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 27 April 2013 - 04:22 PM

Hello etavares,

 

I put the requested info in my original post.

 

Infected Computer - Windows XP Professional 32-bit

 

I will be back at work on Monday, but please advise me what to do and I'll be sure to get it ready so I can do it as soon as I get to work Monday morning.  Thank you so much!


Edited by lonogod, 27 April 2013 - 04:23 PM.


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 AM

Posted 28 April 2013 - 05:29 AM

Hello, lonogod.
 
Sounds good.  First, while the computer is off unplug the network cable (or turn off wireless networking via the hardware switch as soon as you turn it on if it uses wireless). then boot the computer.  Some variants won't load if there is no network connection.  If that works, STOP here and let me know you can access the computer and I'll provide new instructions.
 
If that doesn't work, please try this.  You will need a blank USB drive.
 
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB.  If that doesn't work, let me know.  Booting from USBs is different depending on your BIOS.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Click on File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see driver.sh.
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh -f
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

runctf.*

  • Press Enter
  • If succesful, the script will search this file.
  • After it has finished a report will be located in the USB drive as filefind.txt
 
 
Please note - all text entries are case sensitive
 
Copy and paste the filefind.txt for my review
 
etavares

Edited by etavares, 28 April 2013 - 05:29 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 lonogod

lonogod
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 29 April 2013 - 08:11 AM

Alright, well I was able to expand mnt, but the only things in that folder are sda1 and sda2...there is no sdb1.  There is also no driver.sh in either of those folders.  Any ideas?

 

Thank you!



#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 AM

Posted 29 April 2013 - 02:24 PM

Hi Ionogod,

 

That happens sometimes.  Boot into xPud again, you'll see sda1/sda2 again.  This time, pull out the xPud flash drive, wait 30 seconds or so, then reinsert the flash drive and wait another 20-30 seconds. It should recognize it then and you should see sdb1 pop up in the left side of the file pane.  THen, you can should be able to see drivers.sh on the flash drive.

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 lonogod

lonogod
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 29 April 2013 - 04:22 PM

Will do.  I leave work everyday at 3pm so it looks like I'll have to do this tomorrow.  I'll post back around 8am.  Thank you!



#10 lonogod

lonogod
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 30 April 2013 - 06:18 AM

Good Morning,

 

This is all that was in that text file:

 

 

Search results for runctf.*
 

 

I'm guessing that means that it didn't do what it was supposed to do.  Let me know what else you would like for me to try.  Thanks!



#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 AM

Posted 30 April 2013 - 07:14 PM

OK, might be a newer variant.

Do as before, but instead of searching for runctf.*, search for:

 

MigAutoPlay.*

 

and post the log that is saved.



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 lonogod

lonogod
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 01 May 2013 - 06:50 AM

etavares,

 

Basically the same thing was in the text file:

 

 

Search results for MigAutoPlay.*
 

 

Unfortunately, I have a big event coming up this weekend and I absolutely have to have both of my work computers running.  So I am just going to have to do a reinstall of Windows.  I appreciate your help though.



#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 AM

Posted 01 May 2013 - 07:54 PM

Ok Ionogod, thanks for letting me know.  You can use xPud to copy any important data to a flash drive or external USB hard drive.

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users