Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cheshire Police Hijack unable to start in Safe mode


  • Please log in to reply
19 replies to this topic

#1 peniafeatures

peniafeatures

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 05 June 2014 - 01:53 PM

Windows XP [32 or 64 no idea] with Zonealarm and Avast.

 

Whilst surfing I managed to get my computer locked after it shut down and restarted of its own accord.

 

Within minutes of restarting a full page "Cheshire Police are on to you but if you pay pay us £100 by UKASH we will unfreeze your computer" type of message appears [as if the police would take money like this!!!]

 

Tried to start in Safe Mode but it just by passes it and goes to my password input page and then starts normally but quickly locks down to Cheshire Police again.

 

I can press ctrl alt delete but cannot close the page using the box that appears.

 

I do have access to a laptop.

 

Thanks in anticipation


Edited by hamluis, 05 June 2014 - 01:56 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 kaz20

kaz20

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 05 June 2014 - 01:58 PM

what is the make and model of the computer? are you pressing f8 to get to safemode?



#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:30 PM

Posted 05 June 2014 - 02:10 PM

Hi,

 

Try the steps here and see if you can get into windows again.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 peniafeatures

peniafeatures
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 05 June 2014 - 03:38 PM

its a Dell 3000 poss 3010.

 

difficulty with downloading hitman is I dont know if I'm 32 or 64 and can't get in to find out,

 

THX



#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:30 PM

Posted 05 June 2014 - 03:41 PM

Hi,

Download both version into your clean computer and only one will work, or if you know the bit type of the clean computer then download that one. It doesn't matter which bit type the infected computer is.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 peniafeatures

peniafeatures
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 05 June 2014 - 04:24 PM

thanks toffee now running hitman scan but it seems to have stuck at scanning your computer initializing, has been there for a few minutes. Progress bar blank and showing 0s in top right.



#7 peniafeatures

peniafeatures
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 05 June 2014 - 05:08 PM

still stuck at initializing.

got to go now.



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:30 PM

Posted 06 June 2014 - 11:08 AM

Hi peniafeatures,

 

Restart the computer and then try running HitmanPro again, if this does not work then I will give you other instructions to try.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 peniafeatures

peniafeatures
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 06 June 2014 - 12:18 PM

thanks toffee still stuck at initialising

 

hitmanPro 3.7.9-Build 216 Bleeping*

Scanning your computer

 

Initializing 0s



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:30 PM

Posted 06 June 2014 - 12:42 PM

Hi peniafeatures,
 
Do you have your windows CD?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 peniafeatures

peniafeatures
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 06 June 2014 - 12:59 PM

no it came pre loaded



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:30 PM

Posted 08 June 2014 - 02:11 PM

Hi peniafeatures,

 

Sorry about the delay, I missed the notification.

 

Try Kaspersky Rescue Disk using the command WindowsUnlocker.

Please read and then follow the steps here, or watch the YouTube video.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 peniafeatures

peniafeatures
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 08 June 2014 - 04:40 PM

Hi toffee, thanks for your help with this frustrating thing.

 

Having trouble creating theKaspersky rescue usb disc

it seems there are two downloads for the usb disc

 

can download kav rescue 10 iso as in 1. below.

but cannot download 

  1. Download the utility to record the image to USB devices from the Kaspersky Lab server (~378 KB). the link just goes to google homepage.
  2. So when I press start it tells me that "please specify an iso file" and that's where I'm stuck.
  3. The video on you tube doesn't cover it.

 .

 

1. Download the disk with Kaspersky WindowsUnlocker

Download kav_rescue_10.iso (~236 MB) from the Kaspersky Lab server. 

2. Record the image to a CD/DVD or removable device

2.1 How to record the image to a CD/DVD

You can record the iso image to a CD/DVD using any record program (for example, Nero Burning ROMISO RecorderDeepBurnerRoxio Creator etc.).

2.2 How to record the image to a removable USB device

In order to record the image to a removable USB device, perform the following actions:

  1. Connect your removable USB device to the computer.

In order to successfully record the image to a removable USB device, space capacity of it must be not less than 256 MB. The connected USBdevice must have FAT16 or FAT32 file system. If NTFS file system is installed on the device, you are required to format it in FAT16or FAT32. Do not use an USB device with other operating systems installed on it. It may cause incorrect booting your computer.

  1. Download the utility to record the image to USB devices from the Kaspersky Lab server (~378 KB).
  2. Run the downloaded file rescue2usb.exe.
  3. On the Kaspersky USB Rescue Disk Maker window, click Browse... and select the is

I ac



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:30 PM

Posted 09 June 2014 - 02:16 PM

Hi peniafeatures,

 

It's a two step instructions. First download the iso (the file linked) in step 1, and then carry on with the second step using the iso you just downloaded in the first part. If you cannot download the file, the second step download is here.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 peniafeatures

peniafeatures
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 09 June 2014 - 03:34 PM

Hi toffee

 

managed to get the rescue disc onto a USB stick

struggling with the next bit now as it says to put the usb in a bit later on. :

 

on start up have two options:

F2 Set Up

F12 boot device menu

 

F12 will give options:

1 Normal

2. Primary Master Drive

3.Hard Disc Drive C

4. IDE C D ROM device

5. System Set Up

6. IDE Drive diagnostics

7. Boot to utility partition.

 

No no option for USB device unless I put it in before I start.

 

Tried again with USB in before sart up this gave a USB option which I chose

 

then get a message "error loading operating system".

 

Tried all of it again after formatting the USB, just in case anything else on there was confusing it.

 

Same result: "error loading operating system".






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users