Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mandiant USA got me!!! Help


  • Please log in to reply
31 replies to this topic

#1 badlands23

badlands23

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 20 September 2013 - 12:29 PM

Hi,

 

Noob here.  I've been infected with the Mandiant USA malware virus.  I attempted installing hitman via usb, but the hitman screen never came up after i logged on normally.

 

Instead, I see that ridiculous virus threat.

 

I am running Windows 7.  

 

I would love the help of anyone who can provide it.

 

Thank you very much!!!!



BC AdBot (Login to Remove)

 


#2 hbyton

hbyton

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:38 AM

Posted 20 September 2013 - 03:56 PM

Are you aware of a program called "kaspersky rescue disk"? This will involve using another computer to burn an iso to a blank disk, then booting from the disk to scan and remove the malware

 

Kaspersky rescue disk download link

http://www.majorgeeks.com/mg/get/kaspersky_rescue_disk,1.html

 

How to burn iso (kaspersky rescue disk image) to dvd

http://pcsupport.about.com/od/toolsofthetrade/ht/burnisofile.htm

 

If you have any questions feel free to ask :)



#3 badlands23

badlands23
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 20 September 2013 - 04:00 PM

i will give that a try.  thank you for the advice.  I saw that mentioned in a few sites that spoke about removing this malware.  i'll let you know how it goes.



#4 hbyton

hbyton

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:38 AM

Posted 20 September 2013 - 04:06 PM

Please do, I hope it helps :)



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:38 PM

Posted 20 September 2013 - 09:33 PM

We also have a Guide here if its easier
Mandiant U.S.A Cyber Security Ransomware Removal Guide


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 badlands23

badlands23
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 21 September 2013 - 12:07 PM

thank you./ i will try the disk first and than look at the guide if that doesn't work.  i will report back if i'm successful or unsuccessful.



#7 badlands23

badlands23
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 22 September 2013 - 01:10 PM

I started to run disk rescue, but it said the database files needed to be updated. So I tried going to kaspersky and updating the databases from disk but that only caused another error to read "databases corrupted".

What do I do? Is there anyway to get uncorrupted databases so I can eliminate this malware?

Thanks for help!

#8 hbyton

hbyton

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:38 AM

Posted 22 September 2013 - 01:13 PM

Restart your computer and try to update again, if you are still unable to update then try to run a scan anyway. If that still does not work then scroll back to post 5 and try to run hitmanpro again using the instructions on the link



#9 badlands23

badlands23
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 22 September 2013 - 01:24 PM

i'm going to try hitman and running the scan via the kapersky disc.  i will keep you posted.

 

thanks for responding so fast!



#10 hbyton

hbyton

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:38 AM

Posted 22 September 2013 - 01:53 PM

Thats no problem, however i cannot recommend running a scan with hitman pro via the kaspersky rescue disk because i am not sure if it would work or not. If it does not work please try and update the kaspersky scanner again. :)



#11 hbyton

hbyton

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:38 AM

Posted 22 September 2013 - 01:55 PM

If you are unable to get hitman pro kickstart or kaspersky rescue disk to work, then try booting into safemode with networking and running a scan with hitman pro then malwarebytes


Edited by hbyton, 22 September 2013 - 02:34 PM.


#12 anthonycuk

anthonycuk

  • Banned Spammer
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 23 September 2013 - 02:39 AM

In such case, you may not be able to get into safe mode with networking now.

 

It is more safer to get into safe mode with command prompt:

 

  • As the computer is booting but before Windows launches, keep tapping "F8 key" continuously > "Windows Advanced Options Menu" comes up > highlight "Safe Mode with Networking" option > press Enter key.
  • You will see a little black window with a flashing slash after system 32\, then type 'explorer', hit enter key
  • When in, ignore prompt box, if any, go straight to control panel to create a new user account with administrator right
  • restart your computer and get into that newly created user account
  • go into Drive C and find folders entitled the name of the locked up user account
  • navigate to Roaming and Temp folders to find files with abnormal names (cus names can be different) and delete them.
  • restart back to original locked up user account (normal mode)

 

 

method 2: If you still see the lock up page: restart the infected computer (cold restart)> keep tapping F8 key > select safe mode with command prompt again > see a flashing slash > type 'net user /add' > hit Enter key > restart the computer and get into that newly created user account  named 'net user' > Go into Drive C and find folders entitled the name of the locked up user account > navigate to Roaming and Temp folders to find abnormal files and delete them > restart back to original locked up user account (normal mode).

 

method 3:  if the two above will not show you a usable desktop, you may need to go to places like center for computer virus removal. They will make you a mini system to help enter into the system first so as to delete the virus.

 

Hope the above info can help you out.



#13 hbyton

hbyton

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:38 AM

Posted 23 September 2013 - 01:46 PM

In such case, you may not be able to get into safe mode with networking now.

 

It is more safer to get into safe mode with command prompt:

 

  • As the computer is booting but before Windows launches, keep tapping "F8 key" continuously > "Windows Advanced Options Menu" comes up > highlight "Safe Mode with Networking" option > press Enter key.
  • You will see a little black window with a flashing slash after system 32\, then type 'explorer', hit enter key
  • When in, ignore prompt box, if any, go straight to control panel to create a new user account with administrator right
  • restart your computer and get into that newly created user account
  • go into Drive C and find folders entitled the name of the locked up user account
  • navigate to Roaming and Temp folders to find files with abnormal names (cus names can be different) and delete them.
  • restart back to original locked up user account (normal mode)

 

 

method 2: If you still see the lock up page: restart the infected computer (cold restart)> keep tapping F8 key > select safe mode with command prompt again > see a flashing slash > type 'net user /add' > hit Enter key > restart the computer and get into that newly created user account  named 'net user' > Go into Drive C and find folders entitled the name of the locked up user account > navigate to Roaming and Temp folders to find abnormal files and delete them > restart back to original locked up user account (normal mode).

 

method 3:  if the two above will not show you a usable desktop, you may need to go to places like center for computer virus removal. They will make you a mini system to help enter into the system first so as to delete the virus.

 

Hope the above info can help you out.

Hitman pro requires an internet connection to work (if i remember correctly) and is known to be able to remove this particular virus, so whilst connecting to the internet whilst infected is by no means ideal it would only be for a few minutes whilst it is removing the virus that is stopping everything else from working. (if he can get into safemode with networking)


Edited by hbyton, 23 September 2013 - 01:47 PM.


#14 badlands23

badlands23
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 16 October 2013 - 10:12 AM

It got me again!!! Don't know if I eradicated it completely last time. Doing kaspersky again. Will keep you all posted. Again. Sorry

#15 hbyton

hbyton

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:38 AM

Posted 16 October 2013 - 11:11 AM

No problem, just make sure that you post back as soon as you have finished because there are followup scans that we can do to ensure that it has gone.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users