Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ICE Cyber Crime Removal Guide Did Not Work - HELP!


  • This topic is locked This topic is locked
14 replies to this topic

#1 thewalkers3712

thewalkers3712

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 13 June 2013 - 08:45 PM

Hello.  I tried the self-help removal guide for the ICE Cyber Crime Center Ransomware on my Windows XP 32-bit.  I did all the steps up to the one that says the Hitman Pro should automatically start 15-20 seconds after the lockscreen appears.  I waited for 30 minutes and the Hitman Pro never started.  I booted from the USB where the files were downloaded to and got the Kickstart black and white screen and pressed 1.  Windows loaded, the lock screen appeared and that's where it is stuck.  I can't install anything or even click anything so I can't install the DDS to get the logs for you.  What should I do?  No safe modes work at all.  Note:  This computer has Credent Encryption software on it, in case that matters.


Edited by thewalkers3712, 13 June 2013 - 09:10 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 AM

Posted 15 June 2013 - 03:57 PM


We are going to try System Restore to restore the system prior to the infection.

Depending on your Windows version.

Windows XP
Option 1.

Step 1: Use F8 to Boot to SafeMode With Command Prompt
Step 2: Use ctrl/alt/del (keys) to get task manager opened
Step 3: choose file and create new task
Step 4: Then Navigate to:
C:\windows\system32\restore\rstrui.exe and press Enter and press Enter (double click rstrui.exe) and press Enter (double click rstrui)
Step 5: Restore Computer to a Date you know you were virus free
Step 6: Run Malwarebytes

Option 2.

Step 1: Use F8 to Boot to SafeMode With Command Prompt
At the command prompt type in: rstrui.exe
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 thewalkers3712

thewalkers3712
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 15 June 2013 - 05:45 PM

When I choose safe mode with command prompt, all that ever happens is a black screen with safe mode in four corners.  No command prompt or anything else anywhere.  None of the safe modes work at all. 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 AM

Posted 15 June 2013 - 06:13 PM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive

Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 thewalkers3712

thewalkers3712
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 15 June 2013 - 08:08 PM

I will do as you have instructed.  I also just wanted to double check that none of the steps you direct in these posts will erase the hard drive.  Unfortunately we did not back this computer up, and I have years of pictures on this hard drive.  We could care less about everything else, and we are not worried about the functionality of the computer nearly as much as we are desperate to retrieve our photos.  So, if any steps would compromise that, we would rather try an alternative. Thank you so much for your help thus far.  I will complete the steps as instructed hopefully later tonight.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 AM

Posted 15 June 2013 - 08:45 PM

no at this time it will only scan the harddrive
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 thewalkers3712

thewalkers3712
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 17 June 2013 - 09:29 PM

I got to the step where I booted the sick computer off the USB and the XPUD screen appeared listing different language choices, then before I could click anything it went to a black and white screen that said "XPUD.........................................................................."  with lines of dots filling the screen, then it went to a black screen.  I have nothing.  What should I do next?



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 AM

Posted 17 June 2013 - 09:46 PM

Lets try from a CD and see if we have better luck

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert it back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 thewalkers3712

thewalkers3712
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 17 June 2013 - 09:53 PM

Before I try that, I saw that my boot menu has two usb options... "usb hdd:  general usb flash disk"  or "usb memory:  none"    I chose the usb hdd.  Should I try again and choose usb memory instead?  Also, does it have to be a CD or can it be a DVD that I burn it to?


Edited by thewalkers3712, 17 June 2013 - 10:03 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 AM

Posted 17 June 2013 - 10:04 PM

yes you can

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 thewalkers3712

thewalkers3712
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 17 June 2013 - 10:09 PM

It wouldn't let me choose the usb memory, just the usb hdd option  which did not work.  So I will try burning it, but can I use a DVD disk?  I don't think I have a CD.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 AM

Posted 17 June 2013 - 10:43 PM

dvd should do just fine


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 thewalkers3712

thewalkers3712
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 17 June 2013 - 10:47 PM

Ok.  I burned the cd and followed all the instructions, but the same thing happened.  I click English on the XPUD menu and then it says loading XPUD and then the screen goes blank completely even though the computer is still on.  What should I try next?



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 AM

Posted 17 June 2013 - 11:05 PM

sent you a PM

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 AM

Posted 30 June 2013 - 03:48 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users