Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ice Cyber Crime - Read Manual But...


  • This topic is locked This topic is locked
33 replies to this topic

#1 uscsteve

uscsteve

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 19 April 2014 - 10:38 PM

I have a computer that has the Ice Cyber Crime Virus. 

 

I have read this: http://www.bleepingcomputer.com/virus-removal/remove-ice-cyber-crime-center-ransomware

 

I got to the HitmanPro Next Step to remove threats, etc. but it is asking me for the product key.  It says that the license expired 2012-01-09 so I obviously used a free trial previously.  Is there a way to get past this so I can try to clean my computer or should I try something else?

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 19 April 2014 - 11:44 PM

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 uscsteve

uscsteve
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 20 April 2014 - 08:09 AM

Thanks but I'm stuck so I can't do anything on the infected computer as the Ice Cyber Crime window pops up as soon as I login.  The instructions in the link I posted said that HitmanPro should be able to fix the problem and it did flag two suspicious items that I expect are the virus.  However, with me having used HitmanPro previously it tells me that it is expired so I cannot proceed to delete/clean the computer.  I was wondering if there is a way around it or if there's another program I should be loading onto a USB to run at startup.  Thanks.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 20 April 2014 - 02:55 PM

O, I have asked another that can work with this to look here. What is your Operating System?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 uscsteve

uscsteve
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 20 April 2014 - 05:19 PM

Windows Vista, thanks.



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:42 AM

Posted 20 April 2014 - 06:25 PM

Hi and welcome.
 
Please download Farbar Recovery Scan Tool and save it to a flash drive.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Plug the flash drive into the infected PC.
  •  
 
If you are using Vista or Windows 7 enter System Recovery Options.
 
To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
 
 
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
 
Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
 

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 uscsteve

uscsteve
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 20 April 2014 - 07:28 PM

Hi, the infected computer had a problem previously and I can no longer access the repair my computer-system restore options as it takes me to a login screen that none of my current passwords actually work for.

 

Also, this is a post from the last time I was at this stage and tried to create an installation disc (I had a virus in November):

 

"I created the recovery disc and it worked this time.  When I selected "Windows Vista" as the operating system I wanted to use it told me "This version of System Recovery Options is not compatible with the version of Windows you are trying to repair.  Try using a recovery disc that is compatible with this version of Windows."

 

I do have a USB drive that I can use.  Last time I think I had problems at this stage.  I had installed ubuntu onto a USB drive."

 

Sorry.....last time I was asked to look to see if anyone else had a Windows Vista installation disc but I was unsuccessful in locating one.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 20 April 2014 - 10:43 PM

Hello, just letting you know I moved this topic o here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:42 AM

Posted 21 April 2014 - 08:09 PM

Lets try the AVG Rescue CD:
 
 
"AVG rescue CD is basically a portable version of AVG anti-virus, which runs on linux distribution as bootable CD or bootable USB flash drive. This Rescue CD is equipped with AVG Antivirus , AVG Anti Spyware and some administrator recovery tool.
 
 
You can scan and remove computer virus without booting operating system first. It is suitable for recovering MS Windows and Linux operating systems (FAT32 and NTFS file systems) from virus and spyware attack. Meanwhile, Administrator toolset on AVG rescue disk are Windows Registry editor, a TestDisk utility for data recovering and lost partitions, a file browser for navigating folders, and a Ping tool for basic network diagnostics."
 
Please Note: Windows does not have to load for this scanner to work.
 
 
You can download  AVG rescue CD HERE.
It's also located on ThisPage, make sure you download the .iso file.
 
Here's how it goes:
 
Download and install Active@ ISO Burner
Click HERE  for ISOBurner Instructions.
Install the program, and follow the next set of steps.
 
After you install Active@ ISO Burner, put a blank cd-r in your burner and double click on the AVG Rescue CD.iso you downloaded and Active@ ISO Burner should automatically open up.....now click BURN.
 
The program is very easy to use, you'll just be pressing Enter most of the time but here's how it goes:
 
1. After the rescue cd is made, boot-up the sick computer, put the rescue cd in and then restart it.
Note: In order to do so, the computer must be set to boot from the CD first. For information on how to do that....click HERE.
2. At the Boot Menu: Choose AVG Rescue CD (1) and press Enter
 
3. Let it load, at the "Disclaimer Screen"... just choose I agree or not and press Enter
 
4. At the "Update Screen", choose Yes and press Enter
 
Next screen, Choose Update from Internet and press Enter
 
5. At the "Update Priority Configuration" window, choose Priority 2 Virus Database Update and press Enter
 
6. Let it update and when finished, Press any key to continue
 
7. You end up back at the "Update Screen", choose Return and press Enter
 
8. Your at the "Main Menu" screen, choose Scan, press Enter
 
9. "Scan Type Menu", choose "Volumes Scan - Selected Volumes" and press Enter
 
10. "Scan Volumes", choose "OK" and press Enter
 
11. "Scan Options", choose "OK" and press Enter
 
12. "Run Scan", choose "Yes" and press Enter
 
13. When scan is complete, Press any key to continue
 
14. "Info screen", choose "OK" and press Enter
 
15. To see the scan report, select "Report File" and press Enter
Please look over the list as some files can be crucial for the Windows system and deleting them can make it inoperative, if  in your not sure please Google the file or files.
 
16. "Scan Results Menu", use the up and down keys and choose "Select - Handle single or groups of infected files", press Enter
Go through the files and choose to Rename the infected file, don't choose Delete!
This is important....Rename<---
 
17. Read the "Warning Screen", "Yes" and Enter
 
18. Back to "Scan Results Menu", choose "Back or Return" to get to the "Main Menu" and then choose ---->Reboot System
Don't forget to take out the rescue cd.
 
19. All the malware files will be renamed to "_INFECTED.arl", to find all of these files....
Go to Start > Search > All Files and Folders > type "_INFECTED.arl" and click search.
  Example: malware.exe would be renamed to malware.exe_infected.arl
 
20. Note: If you find the cd doesn't load, it's most likely do to a bad download or bad burn, download the file again and burn it at a slower speed.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 uscsteve

uscsteve
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 21 April 2014 - 10:06 PM

4. At the "Update Screen", choose Yes and press Enter
 
Next screen, Choose Update from Internet and press Enter
 
5. At the "Update Priority Configuration" window, choose Priority 2 Virus Database Update and press Enter
 
6. Let it update and when finished, Press any key to continue
 
7. You end up back at the "Update Screen", choose Return and press Enter
 
This part didn't work because my infected computer said it wasn't connected to the internet.  I went to step 9 just to try w/o updating from the internet.  I did not get a scan volumes, then scan options choice.  It just showed 5 different folder to choose from sarting with sda1 I think.
 
Let me know what you suggest.  Thanks!


#11 uscsteve

uscsteve
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 22 April 2014 - 06:03 AM

I may have been able to run the scan because I selected one of the folders to scan and it ran over night.  The results did note a trojan horse which I chose to rename.  Upon starting up the computer the ICE CYBER CRIME page still comes to the forefront.  I did search for the infected.ari file but no results pop up because the ICE CYBER CRIME window seems to supersede any window I try to open.



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:42 AM

Posted 22 April 2014 - 01:12 PM

Not being able to reach the Repair console makes things more difficult to handle.

 

Try the Kaspersky Rescue CD.

 

Let me know the outcome.

 

 

PS. Is it a 32 or 64 bit system?


Edited by JSntgRvr, 22 April 2014 - 01:14 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 uscsteve

uscsteve
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 22 April 2014 - 07:12 PM

It is a 32 bit system.  I will try the Kaspersky Rescue CD and let you know.



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:42 AM

Posted 22 April 2014 - 07:39 PM

Your working computer, is it Vista 32 bit also?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 uscsteve

uscsteve
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 22 April 2014 - 09:41 PM

I've got two working computers.  Work computer is Windows 7 Professional and 64 bit.  Wife's computer is Windows 7 Home Premium and 64 bit.

 

Running Kaspersky right now.   We'll see how it goes.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users