Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DOJ virus on an XP


  • This topic is locked This topic is locked
9 replies to this topic

#1 heytr

heytr

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 15 November 2014 - 08:35 AM

Hello, a few days ago I got the DOJ virus on my XP media pc. Wasn't that worried at first , have AVG and malewarebytes . Didn't stop it , got rid of a moneypak virus before with Hitmanpro Kickstart, tried that didn't get rid of it. Made a Kaspersky rescue disk, ran it , didn't get rid of it.Ran Hitman and Kaspeskry a couple times each over the past days. Cant get in using any safe mode, get into recovery console but doesn't seem to want to get off of C:\windows>. Have the XP installation Disk but it will not boot to it. Also have TDSSkiller but cant get to it. Please help , I don't consider myself computer savy at all, just trying to copy what others say worked for them, but not very successful. please be patient with me , it will be like working with an infant. Look forward to hearing from someone. Thanks.



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:42 AM

Posted 15 November 2014 - 08:48 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi heytr,

We need to try and boot your computer using the Ultimate Boot CD for Windows (UBCD4win)

Please print this guide for future reference!

You will need: a blank CD, a Windows XP CD, a clean computer, and a flash drive.

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

Step 1 - creating the ISO file

1. Please select a mirror and download the Ultimate Boot CD for Windows to your Desktop

  • Double-Click on the UBCD4Win.exe that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up
  • Note: Do not install to a folder with spaces in it's name, it is best to use the default C:\UBCD4Win
  • Note: Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read here for information regarding the files that normally trigger AV software.
  • At the very end, uncheck "Run UBCD4WinBuilder.exe when installation is complete", then click Finish

2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive

  • Open My Computer, navigate to: C:\ubcd4win
  • Double-click on UBCD4WinBuilder.exe
  • Click I Agree to the UBCD4Win PE Builder License
  • Click No when prompted to Search for Windows installation files
  • For Source: click on the ellipsis (...), then click on the drive with your Windows XP CD, then press Ok
  • For Custom: no information is necessary, leave blank
  • For Output: keep the default BartPE
  • For Media output select Create ISO image: (enter filename)
    Note: you can leave the default file name and path as well (C:\UBCD4Win\UBCD4WinBuilder.iso), but if you do change it make sure it is a folder without spaces in the name
  • Note: If your XP install disc is SP1 then please click the Plugins button and modify the following options:

    Click on each option, then click Enable/Disable so the correct value is displayed.

    Disabled - !Critical: DComLaunch Service [Building with XP SP1-DISABLE]
    Enabled - !Critical: LargeIDE Fix (KB331958) [Building with XP SP1-ENABLE]

  • Note: If you have a Dell XP install disc you will need to follow the instructions here: http://www.ubcd4win.com/faq.htm#dell

3. Click on the "Build" button

  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run its course
  • When the Build is finished you can click close, then exit

4. Burn your ISO file to CD

==========

Step 2 - downloading Farbar's Recovery Scan Tool (FRST)

Next, from your clean computer, download Farbar Recovery Scan Tool and save it to your flash drive.

note: you will need the 32-bit version to run with UBCD4Win

Now plug your flash drive back into your sick computer and move on to the next step.

==========

Step 3 - booting to the UBCD4Win CD

Restart Your sick Computer Using the UBCD4Win Disc That You Have Created

  • Insert the UBCD4Win disc in to one of your CD/DVD drives
  • Restart your computer, the computer should choose to boot from the UBCD4Win CD automatically
  • If it doesn't and you are asked if you want to boot from CD, then choose that option
    note: more information on booting from CD can be obtained here
  • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter
  • It may take a little longer for the desktop to appear than it does when you start your computer normally, just let the process run itself until the desktop appears
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?, click Yes
  • You should now have a desktop that looks like this:
    Main.jpg

==========

Step 4 - running the FRST scan

  • Single click My computer from your UBCD4Win desktop to navigate to the Farbar Recovery Scan Tool (FRST.exe) you saved to your flash drive.
  • Double click on FRST.exe to begin running the tool
  • When the tool opens click Yes to disclaimer
    note: if prompted to download the latest version, please do so from the link in Step 2
  • Click on the Scan button
  • It will make a log (FRST.txt) on the flash drive, close it and safely remove the USB drive
  • Insert the USB drive into your clean computer and post the log in your next reply

xXToffeeXx~


Edited by xXToffeeXx, 15 November 2014 - 03:09 PM.
Updated link~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 heytr

heytr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 15 November 2014 - 10:03 AM

Thank you for your quick response Toffee, I am sorry i cant get to the create UBCD4win , it takes me to a "buy this domain page" , pretty bad i cant handle the first instruction.



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:42 AM

Posted 15 November 2014 - 03:09 PM

Hi heytr,

 

Actually that is not your fault, try the link here (make sure not to click on any advertisements).

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 heytr

heytr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 16 November 2014 - 01:52 PM

Thanks Toffee, I will try again , although this may be way over my skill level. Found UBCD4win on a couple of sites but got bombarded with downloads. I appreciate your patience. I will let you know how I do, good or bad.



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:42 AM

Posted 17 November 2014 - 12:44 PM

Hi heytr,

 

Thank you for letting me know, tell me if you have any problems.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:42 AM

Posted 20 November 2014 - 02:12 PM

Hi heytr,

 

How are you getting on with these steps?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 heytr

heytr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 20 November 2014 - 08:50 PM

Too much of a novice I guess, tired of fighting xp, took the easy way out and swapped for a computer with win7. Thanks so much for trying to help me , I hope maybe this has helped someone else.

#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:42 AM

Posted 23 November 2014 - 11:25 AM

Hi heytr,

 

No worries on that, updating to windows 7 is a good idea anyway as XP is now unsupported.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:42 AM

Posted 23 November 2014 - 11:26 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users