Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ICE/FBI scam malware issue after removal


  • Please log in to reply
5 replies to this topic

#1 shotgnz

shotgnz

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 24 July 2013 - 08:27 AM

Hi All,

 

Im hoping someone can help me out.  Yesterday I was hit with the FBI/ICE malware scam.  This is the first time I had this especially since I have used Nortons internet security for years.   WIth their help I downloaded teh Nortons power scrubber and removed the issue.  Now I have a problem loging in on the first user of the WIndows login ( have 2 sign ons ).  If I click on the main it goes black and displays a DOS like window and states the below:

 

 

'"C:\Users\Glenn\AppData\Local|Temp|alshepogsqloiuhn.exe'" is not recognized as an internal or external command, operable program or batch file.

 

then goes to:

C:\Windows\system32>

 

 

Anyone know how to fix this?

 

Thx, Shotgnz

 



BC AdBot (Login to Remove)

 


#2 HeroicSupport

HeroicSupport

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 24 July 2013 - 08:43 AM

This is an entry in the registry that is attempting to load a file which no longer exists. You should Download autoruns, search for alshepogsqloiuhn.exe, and remove the entry.



#3 L3DMaN

L3DMaN

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 24 July 2013 - 08:48 AM

I fix this issue... this way

 

1 - Install 

 

http://www.iobit.com/iobit-unlocker.php

 

Or

 

http://download.cnet.com/Unlocker/3000-2248_4-10493998.html

 

 

2- Key Windows R (at the same time) is going to open RUN 

3- On the box run %appdata% go to  C:\Users\YOU_USER\AppData\Local 

4- Delete the TEMP folder with any of that tool (step 1) rigt click over folder and Unlock and them delete 

5- Create again that folder

6- RUn as Administrator Ccleaner

7- Delete all the regestry (make a back up)

8- Roboot your computer

9- Test it and let me know



#4 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 AM

Posted 24 July 2013 - 10:06 AM

:welcome:

 

:step1: Start Command Prompt By Advanced Boot Options

 

  • Press during boot repeatedly on F8. You will now see a screen like this:

 

win-7-advanced-boot-options.jpg

 

  • Choose Safe Mode With Command Prompt

 

In the command pompt enter the next command: explorer.exe

 

:step2: Explorer will now start.

 

:step3: Install and update & run MBAM scan:

 

       http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:48 PM

Posted 24 July 2013 - 11:37 AM

I fix this issue... this way

 

1 - Install 

 

http://www.iobit.com/iobit-unlocker.php

 

Or

 

http://download.cnet.com/Unlocker/3000-2248_4-10493998.html

 

 

2- Key Windows R (at the same time) is going to open RUN 

3- On the box run %appdata% go to  C:\Users\YOU_USER\AppData\Local 

4- Delete the TEMP folder with any of that tool (step 1) rigt click over folder and Unlock and them delete 

5- Create again that folder

6- RUn as Administrator Ccleaner

7- Delete all the regestry (make a back up)

8- Roboot your computer

9- Test it and let me know

 

This is defintiely NOT the path to pursue, IMO.

 

Iobit software has little, if any, redeeming value, IMO...taking advantage ot the user lack of knowledge that abounds these days.

 

Any suggestion by a member...to employ a 3d-party application that prowls in the Windows registry...is just not good advice, IMO.  See

Microsoft support policy for the use of registry cleaning utilities - http://support.microsoft.com/kb/2563254 and Registry cleaner - Wikipedia, the free encyclopedia - http://en.wikipedia.org/wiki/Registry_cleaner .

 

Louis



#6 shotgnz

shotgnz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 25 July 2013 - 08:29 AM

Hi All,

I downloaded the autoruns from Microsoft.  I see the program and keep deleting it yet it comes back up.  Also note, at the system 32 bloack box prompt I can access my login if I type in Explorer.exe .  Should I just reinstall windows? I tried recovery yet it still does the same thing ?

 

Thx,

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users