Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hitman Pro


  • Please log in to reply
23 replies to this topic

#1 tjay2371

tjay2371

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 05 February 2014 - 11:09 AM

Hi,

 

I'm attempting the repair of ransomeware uk police, the computer with the problem doesn't have the ability to boot from USB, would it be possible to boot with Hitman Pro from a cd ?

 

I'm not sure if the use of a USB stick is the only way to accomplish the repair.

 

any help, observations, ideas would be most welcome

 

Tom


Edited by hamluis, 05 February 2014 - 11:14 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:40 PM

Posted 05 February 2014 - 11:49 AM

Hi,

 

No, it's not possible. HitmanPro KickStart can only be made using a USB stick, due to the fact that the program only supports USBs.

 

Is the computer bootable in any mode? I.e. Have you tried all safe modes?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 tjay2371

tjay2371
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 05 February 2014 - 03:03 PM

hello,

 

unfortunately the computer is not able to start in safe mode, and the bios does not support USB, so have a bit of a problem her.

 

perhaps you could advise me, would it be possible to remove the hard drive place in a docking station and connect to my computer to run my virus on there ?

 

Just maybe a way to clear this pesky ransomeware.

 

thanks for your interest

 

Tom 



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:40 PM

Posted 05 February 2014 - 03:49 PM

Hi,

What is the operating system of the computer?

Is there an option to boot from a CD?

It should be possible to do that, but I have no experience with that so I cannot be sure on whether it would work.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 proffa

proffa

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 05 February 2014 - 04:38 PM

if it similar than this site you can use safe mode with command prompt to remove it manually or do rescue cd. http://www.dotfab.com/resources/remove-metropolitan-british-police-virus-pceu-ransomware-removal-guide/

 

can you upload ransomware picture or link from internet that we know what randomware this is

 

Do you have system restore points before this ransomware?

 

you can also burn kaspersky rescue disk, update and scan computer 


Edited by proffa, 05 February 2014 - 04:58 PM.


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:40 PM

Posted 05 February 2014 - 04:57 PM

Hi,

Pictures do not always tell you or are correct about which ransomware family you are dealing with (most ransomwares have similar files and loading points, but only if they are from the same family). It can be helpful, but shouldn't really matter, unless you are manually removing the ransomware.

The computer cannot access any mode, and system restore should not really be used to remove malware anyway
I've never seen that rescue disk been used before, so I wonder about how effective it is. The installing software bit too is a bit strange.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:40 PM

Posted 05 February 2014 - 04:59 PM

Here is a list of various Anti-virus vendors that offer free LiveCD/Rescue CD utilities that are used to boot from in order to repair unbootable or damaged systems, rescue data, and scan the system for malware infections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:40 PM

Posted 05 February 2014 - 05:09 PM

Hi Quietman,

Thanks for the list, I believe I do not see Anvi listed there. Was going to see if tjay could boot from a CD and then recommend Kasparsky since they should be able to deal with the ransomware.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:40 PM

Posted 05 February 2014 - 05:16 PM

I have not reviewed the BC list in a while. If you see something that needs updating or adding send that info to me via PM and I will update it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 proffa

proffa

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 05 February 2014 - 05:57 PM

here is the link and simple way how you can try to fix that with graph mode with windows unlocker:  



#11 tjay2371

tjay2371
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 06 February 2014 - 05:24 AM

Hi Guys,

 

Thanks to you all for your interest in this problem, will try to clarify.  The O/S is windows 7 Home Premium, installed on an HP G56 Notebook, this computer unfortunately doesn't  offer the option to boot from USB. 

 

On cold boot or reboot the computer goes through normal start up procedure culminating in the displaying of this page, as this link

"http://www.bleepingcomputer.com/virus-removal/remove-united-kingdom-police-virus" , the computer from this point will not respond to any command.

 

Safe mode is not available at any stage of the boot, I have managed to access the bios and set the boot order to CD and by-pass the virus using Kaspersky recovery disc but am unable to connect to their server to update prior to scanning.

 

I will of course consider all suggestions, I have in the past, not with this particular virus used the method in message 3, "perhaps you could advise me, would it be possible to remove the hard drive, place it in a docking station and connect to my computer and run my antivirus virus program from there ?"

 

just wondering if that same method would work in this scenario ?

 

Again many thanks for interest.

 

Tom



#12 proffa

proffa

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 06 February 2014 - 05:44 AM

try to fix that virus with kaspersky graph mode with windows unlocker: check that video again  4.00 min->



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:40 PM

Posted 06 February 2014 - 06:46 AM

We have provided links to many LiveCD/Rescue CD alternatives so try another which does not require connecting to the vendor's server.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 zeramato1

zeramato1

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 PM

Posted 06 February 2014 - 06:54 AM

I have not reviewed the BC list in a while. If you see something that needs updating or adding send that info to me via PM and I will update it.

good answer, I remember the original Hitman and some controversy over its use, glad you are still in practice at this!



#15 eengels

eengels

    Authorized Surfright Rep


  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:40 PM

Posted 06 February 2014 - 08:32 AM

Actually, you can use HitmanPro.Kickstart with a machine that cannot boot from a USB flash drive. For that you need to create a CD with the 'Sidekick' image, see http://www.surfright.nl/en/kickstart for the download and instruction manual. After you have created the CD/DVD, you can boot from that. However, you still need the Kickstart USB flash drive (which must be inserted into the infected machine), because the HitmanPro software can only be started from a flash drive by the Kickstart bootloader.

 

Summarizing: you boot from the CD/DVD, but the HitmanPro software will be started from the flash drive  :)

 

If you are running into problems with this, please let me know.

 

Regards,

 

Edwin Engels

HitmanPro
SurfRight
www.surfright.com





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users