Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help !! HitmanPro.Kickstart NOT working against Chiefs of Police hijacker


  • Please log in to reply
16 replies to this topic

#1 Explore100

Explore100

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 20 September 2013 - 10:44 PM

Please help...! Our 2nd computer is now infected by the Canadian Chiefs of Police hijacker ! Our first computer is still infected and damaged by Sirefef since 1 year....

 

I followed the instructions found here to use HitmanPro.Kickstarter on a new USB drive to boot on the computer, it did not work...! I get a black screen no matter what mode (normal or safe mode). This is a small 10 inch computer using Windows 7 Starter (it does not include a Windows disk nor any internal CD reader, so it cannot be reinstalled... It must be 32 bits since it only uses Starter.



BC AdBot (Login to Remove)

 


#2 Explore100

Explore100
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 20 September 2013 - 10:59 PM

Please help...! Our 2nd computer is now infected by the Canadian Chiefs of Police hijacker ! Our first computer is still infected and damaged by Sirefef since 1 year....

 

I followed the instructions found here to use HitmanPro.Kickstarter on a new USB drive to boot on the computer, it did not work...! I get a black screen no matter what mode (normal or safe mode). This is a small 10 inch computer using Windows 7 Starter(it does not include a Windows disk nor any internal CD reader, so it cannot be reinstalled... It must be 32 bits since it only uses Starter.

 

Last night when i got the infection, i tried control alt delete to get free of it, then i logged off. I happened to have a USB key with XPUD installed on it since the time my first computer got infected by Sirefef last year and to be able to go on the web to get help here. So i used it and got into the computer and i manually deleted the Temp files (removed them all except for two Avast files (my Avasteh ran out of time yesterday and i forgot, that,s how the virus got me...).

 

After i deleted the Temp files, all i am getting is a black screen now, no matter on safe mode or normal mode or with the new USB drive equiped with Hitmanpro which i got tonight at an internet cafe.

 

Also each time i am done typing the computer password and the boot process which should normally lead me to desktop is over, i get a small window with a command prompt that says something like Windows 32

with slashes, it appears a few seconds and if i don't close it it last only a few seconds and then disappears and i am left with a black screen, totally frozen...,

 

(note: all my other files on the computer are still here, except for all the dektop, last night i was able to get in a run a scan with Panda Cloud, but it caught every item on the desktop as virus... i mean all software shortcuts and files i had there, everything, and one false hit for PUP). I then ran Malwarebyte but after a few minutes only it got shut down... Now i only get the black screen...).

 

Please, help...!


Edited by Explore100, 20 September 2013 - 11:24 PM.


#3 Explore100

Explore100
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 21 September 2013 - 07:21 PM

 Hi, someone answered my old post about our other (still infected computer, Sirefef), but i am looking for urgent help f or

our 2nd machine which is now totally black screened due to the desktop hijacker virus. I used the HitmanPro.Kickstart method last night in vain. I need another tool or method like what Gringo is proposing another user who's got a similar problem.

 

Thank you in advance for your help.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:03 PM

Posted 21 September 2013 - 09:15 PM

Hello, see if you can do steps 6,7 and 8 here...

Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Explore100

Explore100
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 22 September 2013 - 08:19 PM

Hi boopme,

 

I have saved DDS and Combofix as well for good measure to my desktop (i am still in XPUD mode , hope they will stay there).

I have a lot other problems, i detailled some of them in my old thread about my other computer. Right now i don<t know why

but i am getting disconnected every couple page i go to or while i am typing, ALL the time, it was never doing this before at the Wi-FI spots i use. Started after the hijacker infection while i'm on XPUD.

 

I will have to find a way to back up data, i can<t risk putting anything on external drive as its got all the data of my other computer and we don't have another drive. I can<t set up a firewall, i can't access any program or settings except boot modes which go to black screens.


Edited by Explore100, 22 September 2013 - 08:20 PM.


#6 Explore100

Explore100
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 22 September 2013 - 08:26 PM

Hi again, I have another question, is there a software that i can dowload and use that can work in conjonction with the XPUD USB drive i am using using right now so i can SAVE pages and instructions you guys are sending me ? Because  c seems i itan't save any pages right now with XPUD, which is a huge problem now that both our computers are hestuck with viruses (Sirefef and now the desktop hijacker).

w

I am al so looking for a software that i can use with XPUD so we can type text and save it when we are at home with no connection. Don't know if it is the computer or XPUD but the pointer is so jittery it is also a pain to type a message online because it keeps sending my next typed word or partial word back a few clicks or several lines ups... really hard to type like this.



#7 Explore100

Explore100
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 23 September 2013 - 07:43 PM

Hi Boopme, thank you, i have answers you asked me for yesterday plus more info, I have tried what you said, nothing works: I cannot get access to the desktop no matter in what mode, i also tried in command prompt mode, it cannot even reach the commandd panel, it freezes solid 2 seconds into the ennumeration and goes no-where. I also tried the 3 options to go in with Hitmanpro,Kickstart, they all failed. There is now another BIG PROBLEM, DIRECTLY  LINKED to the forum which i had last year which is now 10 TIMES WORSE: it is now impossible to read the pages i saved with your instructions and read them at home, they are ALL BLACK. I don't know why it is like that with this forum pages and the pages of another unrelated forum but they can only be read by Explorer after being saved. Since XPUD only uses Firefox, NONE of the pages can be read... Meaning more wasted days. They have to do something URGENTLY at the forum and make it readabable by Firefox after they been saved.

 
Another thing, my mistake yesterday: i finally figured how to save pics and pages on XPUD, it's just the download file that was keeping disappearing unless you save the files first in the HDD before shutting down. However like mentionned above all pages saved from the forum cant be read by Firefox on XPUD (since both our machines now run on USB keys with XPUD, we are stuck as we don<t have a 3rd computer to read them at home.
 
I am going to go buy a few large size USB keys and put them all under XPUD so i can save all our data from the computer.
 
 
*** OK, UPDATE from Tuesday Sept. 24: the jittery pointer on the computer infected by the desktop hijacker seems to a problem unique to the Acer computer. I just did a test and i am typing this from my other infected (damaged XP by Sirefef) computer, a Dell, and it does not have the jitteryness of the small computer. I think it's got to do with the fact the small one uses a multi-gesture finger pad and the one i am typing on right now doesn't, it's possible XPUD interferes with the multi-gesture finger pad in some way because it is sending my text everywhere several lines up or several words back when i type on it.
 
One mystery solved.
 
**** UPDATE No.2: I can CONFIRM something however: even on the other computer while using XPUD to post, i am getting DISCONNECTED ALL THE TIME. So now this happens on both of our infected machines when we use the XPUD drive for emails and posts. I think this is either virus related or XPUD related, because i tried 4 different Wi-FI connections and i get that everywhere. I don't remember it being like that last year when i first started using a USB drive with XPUD with on my DELL when we were working to solve the Sirefef problem, though my memory could be fuzzy (with all the things we tried last year).

 


Edited by Explore100, 24 September 2013 - 06:38 PM.


#8 Explore100

Explore100
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 02 October 2013 - 07:05 PM

Hi, anyone's seen my topic please ? It's been over 1 week. I understand that the volunteers are very busy with everyone, but the waiting time said it was going to be 3-4 days. Thank you in advance.

 

Another update: i now can navigate without getting disconnected every page i open or halfway through a response on a forum. My big computer does no longer disconnect me all the time, haven't tested with the small one yet to see if it improved (also being used with XPUD). Must have been either a glitch with XPUD or a temporary problem with all the Wi-Fi connections i tried 1 week ago.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:03 PM

Posted 02 October 2013 - 07:23 PM

Can you post the DDS and ComboFix logs aas asked in post 4 by doing those 3 steps?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Explore100

Explore100
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 02 October 2013 - 08:33 PM

Like i said: NOTHING works. You can't get past the black screen no matter in normal mode or safe mode nor with the specially prepared USB key with Hitmanpro on it.

 

Is there a way we could use the command panel (the one where you can input hand written lines of command and get one of the anti-virus or scan programs to load and work ? I am not expert enough to know how to do that, but it might be the only way.

 

Also there is a command panel with line of code that appears briefly and disappears after 3-4 seconds when i boot. It says sytem 32 or windows 32 or something like that. Otherwise: BSATT (Black Screen All The Time).

 

I already dowloaded softwares required on the desktop over a week ago, bottom line the desktop cannot be accessed, i can't open anything i've put there.


Edited by Explore100, 02 October 2013 - 08:43 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:03 PM

Posted 02 October 2013 - 09:39 PM

I will ask another to look here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:03 PM

Posted 03 October 2013 - 05:14 PM

Lets try the AVG Rescue CD:


"AVG rescue CD is basically a portable version of AVG anti-virus, which runs on linux distribution as bootable CD or bootable USB flash drive. This Rescue CD is equipped with AVG Antivirus , AVG Anti Spyware and some administrator recovery tool.


You can scan and remove computer virus without booting operating system first. It is suitable for recovering MS Windows and Linux operating systems (FAT32 and NTFS file systems) from virus and spyware attack. Meanwhile, Administrator toolset on AVG rescue disk are Windows Registry editor, a TestDisk utility for data recovering and lost partitions, a file browser for navigating folders, and a Ping tool for basic network diagnostics."

Please Note: Windows does not have to load for this scanner to work.

AVG Rescue CD Guide-check here

You can download  AVG rescue CD HERE.
It's also located on ThisPage, make sure you download the .iso file.

Here's how it goes:

Download and install Active@ ISO Burner
Click HERE  for ISOBurner Instructions.
Install the program, and follow the next set of steps.

After you install Active@ ISO Burner, put a blank cd-r in your burner and double click on the AVG Rescue CD.iso you downloaded and Active@ ISO Burner should automatically open up.....now click BURN.

The program is very easy to use, you'll just be pressing Enter most of the time but here's how it goes:

1. After the rescue cd is made, boot-up the sick computer, put the rescue cd in and then restart it.
Note: In order to do so, the computer must be set to boot from the CD first. For information on how to do that....click HERE.
2. At the Boot Menu: Choose AVG Rescue CD (1) and press Enter

3. Let it load, at the "Disclaimer Screen"... just choose I agree or not and press Enter

4. At the "Update Screen", choose Yes and press Enter

Next screen, Choose Update from Internet and press Enter

5. At the "Update Priority Configuration" window, choose Priority 2 Virus Database Update and press Enter

6. Let it update and when finished, Press any key to continue

7. You end up back at the "Update Screen", choose Return and press Enter

8. Your at the "Main Menu" screen, choose Scan, press Enter

9. "Scan Type Menu", choose "Volumes Scan - Selected Volumes" and press Enter

10. "Scan Volumes", choose "OK" and press Enter

11. "Scan Options", choose "OK" and press Enter

12. "Run Scan", choose "Yes" and press Enter

13. When scan is complete, Press any key to continue

14. "Info screen", choose "OK" and press Enter

15. To see the scan report, select "Report File" and press Enter
Please look over the list as some files can be crucial for the Windows system and deleting them can make it inoperative, if  in your not sure please Google the file or files.

16. "Scan Results Menu", use the up and down keys and choose "Select - Handle single or groups of infected files", press Enter
Go through the files and choose to Rename the infected file, don't choose Delete!
This is important....Rename<---

17. Read the "Warning Screen", "Yes" and Enter

18. Back to "Scan Results Menu", choose "Back or Return" to get to the "Main Menu" and then choose ---->Reboot System
Don't forget to take out the rescue cd.

19. All the malware files will be renamed to "_INFECTED.arl", to find all of these files....
Go to Start > Search > All Files and Folders > type "_INFECTED.arl" and click search.
  Example: malware.exe would be renamed to malware.exe_infected.arl

20. Note: If you find the cd doesn't load, it's most likely do to a bad download or bad burn, download the file again and burn it at a slower speed.

 

Moved topic to the Logs forum. ~bloopie


Edited by bloopie, 03 October 2013 - 07:13 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Explore100

Explore100
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 05 October 2013 - 10:45 PM

Hi Boopme, sorry aboiut the delay, i ran out of battery just after i read this and started downloading DDS, i was not able to save the instruction page on using DDS though. Got out with the smaller computer at another location but no luck, did not get any stable Wi-Fi connections that night. I can confirm that the small computer does still have that issue where it gets disconnected all the time from the web while on XPUD.

 

The problem is fixed. I destroyed the virus.

 

Here`s how i did this, my little idea, so others can profit from it:

 

I tried the USB key with HitmanPro.Kickstart on it again. Did not work. After i got the black screen, i tried to get out of it by pressing Control-Alt-Delete. I got into the panel for Control-Alt-Delete. Instead of stopping a process, i decided to try: New Task. I clicked browse and i was able to go into the hard disk, and then into the desktop (First Victory !). I was able to see all the anti-virus softwares i had loaded a week earlier on the desktop with XPUD.

 

I started with one that`s called Adwcleaner (with a bug as a logo) which i believe i took here. It caught a LOT of things but nothing that seemed suspicious, at least to my eyes. Lots of Bing and Babylon stuff, i deleted all that garbage.

 

Then i ran Rogue Killer. It caught 4 things plus something else in another category which i don't remember, i am not too sure if any were viruses, i suspect one of the things it caught was possibly HitmanPro.Kickstart (!) (name was a bunch of letters plus numbers). I kind of got a slow reaction when i tried to select something to delete. Not sure if it worked but when i ran the same scan again i did not get the 4 things it had caught earlier anymore.

 

After this i ran the D7 tool to delete Temp files, history, zero byte files, etc. Ran it a few times for each.

 

Then i ran Combofix. That`s the one that fixed the problem. It caught 2 critters. They are now in the quarantine. After restart i was able to access the full desktop and all functions of the computer were re-established. I re-subscribed to our antivirus the next day.

 

I am no anti-virus expert, i am more of the explorer type (thus my nickname: i go in every corner of the system to learn how it works and find options), so if anyone reads this and wants to apply this method, follow the instructions of the specialists here first, but is you get stuck out of option and nothing works you can still use my method, it worked for me. I'm glad i found this one, accidentally (i should have thought about it earlier, but i got distracted by multiple problems).
 


Edited by Explore100, 05 October 2013 - 10:53 PM.


#14 Explore100

Explore100
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 05 October 2013 - 10:49 PM

Hi, thank you JSntgRvr ! I am saving your answer for future reference. Thank you again everyone !

 

Explore100.


Edited by Explore100, 05 October 2013 - 10:50 PM.


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:03 PM

Posted 06 October 2013 - 06:30 PM

Thanks for the feedback.

 

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


Edited by JSntgRvr, 06 October 2013 - 06:31 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users