Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HitmanPro Not Working to Remove ICE Virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 rdenker28

rdenker28

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 22 September 2013 - 03:42 PM

Hello, 
 
I am running 32bit Windows 7 on my machine and it has been infected with the ICE virus. Here are the steps I have tried so far:
 
1. F8 during start up to get to safe mode.
 
1a) Tried safe mode first, computer loads Windows files, acts like it's starting in safe mode then automatically shuts down and reboots not in safe mode. 
 
1b) Tried safe mode with networking. Same thing happens as step 1. a).
 
1c) Tried safe mode with command prompt. Same thing happens as step 1. a).
 
2. Created USB with HitmanPro from a clean computer and booted infected computer from USB. F9 during startup to have computer boot from USB. 
 
2a) Select Option 1 (default) from HitmanPro USB Boot Options screen. Select Windows 7 from Windows Boot Manager screen (this is the only option on this screen besides choosing F8, which brings me back to the safe mode screen). Hitman came up, I chose to click the Next button, completed Setup screen, clicked Next, Hitman will not run because it can't detect my internet connection, which at this point is still plugged into the computer. Since this didn't work I pressed Cancel then Close. Computer restarts. 
 
2b) Found something online to fix the no internet connection problem and tried it:  Boot same as in step 2.a), until I got to the first Hitman screen that comes up. There instead of clicking Next I clicked Settings, Advanced, and check the checkbox that says "I am an expert, show Early Warning Scoring (EWS) in the drop down for the Next button. I do not click the checkbox below this. Click OK, click the drop down for the Next button and select Early Warning Scoring (EWS), complete Setup screen, click Next, Hitman begins a scan of my computer. Four file names are listed after the scan: C:\ProgramData\2z8clf0do.plz (identified by Hitman as Suspicious), C:\Windows\System32\winsrv.dll (identified by Hitman as Unknown), C:\Windows\System32\shell32.dll (Identified by Hitman as Unknown) and C:\Windows\System32\ieframe.dll (identified by Hitman as Unknown). The Scan Results have identified no threats. Hit Close. 
 
I am not sure what to try next. 
 
Thank you, 
 
Rachel

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:32 AM

Posted 22 September 2013 - 04:30 PM

Welcome aboard p22002758.gif

 

I'll report this topic to appropriate helpers.

1. Please let us know what Windows version you have and if it's 32- or 64-bit.
2. Is the computer bootable in any mode?

Hold on there....


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 technonymous

technonymous

  • Members
  • 2,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 22 September 2013 - 06:30 PM

Try booting from windows cd and then from the command line type rstrui and hit enter. Using the cd method to get to command prompt...
http://www.bleepingcomputer.com/tutorials/windows-7-recovery-environment-command-prompt/
 
Note: There is always a 50/50 chance that the rstrui might or might not work as viruses these days do trash the restore points as well. There is always the ability to continue using the command line and try to delete the virus from the startup file at...C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
 
IE: The commands...
 
1. cd C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2. dir
3. del virusename.exe
 
More methods:
https://www.bleepingcomputer.com/virus-removal/remove-ice-cyber-crime-center-ransomware Some of these may or may not work as there is different varients of the virus some are getting more and more destructive. The last method in that link is typically using a offline bootable cd that is a virus scanner to remove the virus from your system. It all boils down to regaining control of your cli (command line interface) and then using whatever method to change, delete, fix, restore, anti-virus.
 
Goodluck.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,411 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:32 PM

Posted 25 September 2013 - 04:43 AM

Hello rdenker28, lets try the following:
  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
    :spacer:
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
    :spacer:
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 02 October 2013 - 03:50 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users