Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RKill ??


  • Please log in to reply
16 replies to this topic

#1 Jayjay1982

Jayjay1982

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 07 February 2014 - 07:59 PM

I have been using xp for some years in my music production, and around a year ago, in the administrator profile, when I boot up I get that fake police page come up an freeze everything, then by logging into a guest profile, I managed to continue using programs, but now all I get in the guest profile is a 'w32/blaster worm' infected all programs/ files etc pop up, and cannot run anything. I need this computer working as it has years of unreplacable work on it.
Is this a job for the RKill program I have been looking into, by running this, and then running Malwarebytes, would this manage to delete or deactivate the evil infection my poor PC has?? Please help somebody, as I neeeeeed my PC back.
Many thanks :) JJ


Edited by hamluis, 07 February 2014 - 08:38 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:41 AM

Posted 07 February 2014 - 08:57 PM

Hello -

http://www.bleepingcomputer.com/virus-removal/remove-homeland-security-ransomware

http://www.bleepingcomputer.com/virus-removal/remove-mandiant-usa-cyber-security-ransomware

 

Please look at these 2 links for Police Security type scams, and if these are not yours, then you must tell me what is written on your screen.

 

The specific version may make removal quicker -



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,916 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:41 PM

Posted 08 February 2014 - 08:30 PM

FYI: W32.Blaster.Worm (Win32/Msblast) is an older infection that targeted a security issue related to the Remote Procedure Call (RPC) function. Symptoms of infection included the computer restarting every few minutes without user input or receiving a System Shutdown dialog box with the message: "This system is shutting down. Please save all work...This shutdown was initiated by NT Authority\System...Windows must now restart because because the Remote Procedure Call [RPC] service terminated unexpectedly."

Microsoft addressed this vulnerability with a security update several years ago. Blaster targets computers with out-of-date software, and those computers remain at risk of infection until the update is installed. However, if your machine has been kept updated with all service packs and critical patches and you do not have these symptoms, it is highly unlikely you actually have this infection so earlier fix tools for Blaster will not work.

You are likely receiving a bogus warning message or fake alert from a Rogue security program indicating that your computer is infected. These rogue programs are one of the most common sources of malware infection encountered today.

It would be helpful if you could create a screenshot for noknojon, upload it to an image site such as Photobucket, Glowfoto, TinyPic or ImageShack and provide a link to the url address back here?

To capture a screenshot, refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Jayjay1982

Jayjay1982
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 09 February 2014 - 09:01 AM

Hi, thanks for replying guys, I am not able to screenshot on my PC but have taken photos of the pop ups, the police screen is not one of the links you provided but is very similar. I hope these pics wil b enough for one of you to provide me with a way of defeating this virus, I have some knoledge of creating a live USB to boot from, as it seems I may have to boot up into Linux to run some kind of virus removal.
Again, many thanks guys :) the 3 pics are uploaded to http://s871.photobucket.com/user/jaycouldridge/library/Mobile%20Uploads/2014-02

#5 Jayjay1982

Jayjay1982
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 09 February 2014 - 09:02 AM

Also yes I think my PC is as up to date as it can be for an old Xp system :S

#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:41 AM

Posted 09 February 2014 - 04:07 PM

Hi -

I just get "This album is Private." when I try to open it.

 

The Experts may have better luck with helping you

 

As I am not able to open the pictures, please follow the instructions in THIS PREP GUIDE starting at Step #6.
NOTE - If you cannot complete a step, skip it and continue.

 Once the proper DDS logs are created, then make a NEW TOPIC and post it to =>
Virus, Trojan, Spyware, and Malware Removal Logs. area -

 

Once you post the 2 DDS logs please leave a link here to your new topic.

 

Please Copy and Paste all responses and do not attach them.

 

If HELP BOT replies, follow its Step #1 so the team will be notified.



#7 Jayjay1982

Jayjay1982
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 10 February 2014 - 03:30 PM

Hi I'm sorry my 3G internet had ran out, I have now made the photobucket public, (sorry didn't realise it was set to private :S ) I hope the pics wil help, otherwise I will try to speak to the experts like you suggested .
Again , thanks guys. :)

#8 proffa

proffa

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 10 February 2014 - 04:26 PM

http://www.bleepingcomputer.com/virus-removal/remove-united-kingdom-police-virus

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,916 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:41 PM

Posted 10 February 2014 - 04:33 PM

If performing the steps in the United Kingdom Police Ransomware Removal Guide does not resolve the problem, please follow the instructions provided by noknojon in Post #6.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 proffa

proffa

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 10 February 2014 - 04:41 PM

http://www.bleepingcomputer.com/forums/t/523275/hitman-pro/page-2#entry3281429
try unlocker and then use malmwarebytes and eset online scanner

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,916 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:41 PM

Posted 10 February 2014 - 04:48 PM

As noted in the removal guide, typically with this ransomware infection, you need to create a bootable USB drive that contains the HitmanPro.Kickstart program.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 proffa

proffa

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 10 February 2014 - 04:57 PM

You can use also bootable rescue cd. There are lot if them for free. Avira,anvi,kaspersky ym.. Just try kaspersky and unlocker. And look my previous post tutorial. Good luck.

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,916 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:41 PM

Posted 10 February 2014 - 05:32 PM

Bleeping Computer is a family oriented site where we offer assistance to those who know very little about computing. As such, our forum discussion board is primarily targeted more for the novice user as they comprise most of our membership. We provide help based on that premise since it is impossible for us to know the extent of a member's background, knowledge level and experience until we get to know them. We also keep this in mind when writing replies since we know many novice members read various topics searching for answers without ever posting a reply.

Referrals to our removal guides are fine because they include step by step instructions...but advising someone to try Kaspersky and Unlocker without providing instructions is not how we do things here.

Instructions for posting advice in Am I Infected
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 proffa

proffa

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 10 February 2014 - 05:56 PM

What is providing instructions? My link is step by step instructions and there are many sites what are using same method with this same virus? I think that kaspersky is one of the most reliable company when we are testing any reliability of virus protection, removal, or other acts.

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,916 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:41 PM

Posted 10 February 2014 - 06:24 PM

Let me clarify. First you say try unlocker and then use malmwarebytes and eset online scanner...and then only provide a link to using Kaspersky Rescue Disk. I don't see instructions for either performing a scan with Malwarebytes or Eset's Online Scanner. Further there is a program called Unlocker which is not the same as Kaspersky's WindowsUnlocker and that can lead to confusion since you did not call it by that name in your first reply.

Enough discussion about this here as Jayjay1982 has already been instructed what to do. If you have further comments about how we doing this, feel free to send me a PM.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users