Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AFP Virus/Malware infection


  • Please log in to reply
8 replies to this topic

#1 mezari

mezari

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 21 March 2014 - 05:56 AM

Hi,

 

I was recently infected with the AFP (austrailan federal police) malware or virus on my laptop. I'm posting this from my desktop.

 

I was browsing the internet when my screen went white with the AFP information on it demanding payment of $100 or so to an account, my webcam came on (i never use my webcam) so I immediately shutdown the computer.

 

I run windows xp and not sure on the version of IE maybe 8.

 

On rebooting my computer the same white screen came up, so I attempted to run in safe mode, but I was unable to, it would just keep reboot. The screen where I chose my method of login in safe mode had changed slightly and I could not log in to safe mode with command prompt.

 

So in a nutshell:

 

infected with AFP malware/virus

cant log into safe mode, safemode with networking, or safemode with command prompt

I don't have a windows CD to boot up with, but I have a USB stick I can download something onto and stick in the laptop if that helps.

 

Please help.

 

Mike



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:20 AM

Posted 21 March 2014 - 06:29 AM

Grinler (aka Lawrence Abrams), the site owner of Bleeping Computer created this guide for dealing with some types of the infection using HitmanPro to create a HitmanPro kickstart USB drive: Your computer has been locked Ransomware Removal Guide
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mezari

mezari
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 21 March 2014 - 06:49 AM

OK thanks quietman7 I'll have a read and see what I can do



#4 mezari

mezari
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 21 March 2014 - 07:19 AM

Hi,

 

Looks like I can't boot from a USB either... When I go to the operating system choices on reboot I have the following options only:

 

Microsoft Windows Recovery Console

do not select this [debugger enabled]

Microsoft Windows XP Home Edition

 

Any suggestions?

 

Thanks,

 

Mike



#5 mezari

mezari
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 21 March 2014 - 07:59 AM

Ok I managed to start from the USB, and it automatically selected option 1 Bypass Master Boot Record [default] and then the screen went blank, HDD made a few sounds, and now it's stuck at the blank black screen.



#6 mezari

mezari
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 21 March 2014 - 08:03 AM

I have now attempted option 2 Regular boot (when bypass failed) with the same result :(

One option left, 3 Legacy boot (last chance)..

 

:(



#7 mezari

mezari
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 21 March 2014 - 08:20 AM

Option 3 has worked and my computer is currently scanning... It has found 2x ransomeware entries and a couple of other exe's and the laptop is not connected to the internet (wifi is switch off), but it says in some of the files it's picked up that it is "uploading to scan cloud" or "in queue for scan cloud"...

What exactly is it doing there?

 

Thanks for pointing me in the right direction, hopefully I can clean this off soon once it has finished the scan



#8 mezari

mezari
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 21 March 2014 - 08:39 AM

Hi quietman7, I've successfully rid the laptop of the ransomware, thanks very much for your input.

Regarding the wifi, it was switch on *oops* I had it off earlier, but I can't remember switching it back on.

Thanks again!

FYI, I had AVG2014, and it didn't manage to stop this ransomware.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:20 AM

Posted 21 March 2014 - 08:39 AM

Glad to hear things worked.

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users