Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Script (?) virus


  • Please log in to reply
5 replies to this topic

#1 Arson

Arson

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 30 March 2016 - 04:13 AM

Excuse me, i want to ask. Suddenly my pc turned black like below screen after i turn it on. Im downloading a free quran 5 days ago, but the virus already cleaned (maybe if there is a connection, the virus is suddenly animated cartoon show up and moving around). For the detail, here is the picture of my pc..

Attached File  20160330_155832 (1).jpg   30.36KB   0 downloads

Sorry for the bad edit, im trying safe mode there but it doesnt help at all. Thank you



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 30 March 2016 - 03:01 PM

Hello Arson and Welcome to the BleepingComputer. :welcome: 
My name is Yılmaz

 

===================================

This topic is in the wrong section. This section  is  related ''virus, Trojan, Spyware, and Malware Removal Logs' .

But still I want to ask.

Do not turn on the PC Normal mode ?

Can you entering the command environment ?

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Arson

Arson
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 01 April 2016 - 01:19 AM

Sorry for the late comment, when i search at google. It says, the virus is kinda trojan or something. Even if i try it with normal mode, it is still like that. The only way to turn it off is just by force shutdown. Cant even move the mouse or alt tab or ctrl+shift+esc.

 

Im sorry but i dont have any kind of experience except hardware.. so.. its a no i guess for entering command environment


Edited by Arson, 01 April 2016 - 01:20 AM.


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 01 April 2016 - 09:51 PM

Hi again,

 

Please do the following;

 

Kaspersky Rescue CD
 
:step1:
 Go to a clean PC.

  • Download the .iso image file.
  •  Create a CD (or flash drive if you prefer).
  • At the infected PC: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.
 
Download and create a bootable Kaspersky Rescue Disk CD
 
1. Download the Kaspersky Rescue Disk ISOimage from below.
 
 Karspesky Rescue Disk Download Link (This link will open a new page from where you can download Kaspersky Rescue Disk ISO)
 
2. Download ImgBurn, a software that will help us create this bootable disk. (If you already have necessary software, use that)
 
 IMGBURN Download Link (This link will open a new page from where you can download ImgBurn)
3. You can now insert your blank DVD/CD in your burner.
 
4. Install ImgBurn by following the prompts and then start this program.
 
5. Click on the Write image file to disc button.
 
6. Under 'Source' click on the Browse for file button, then browse to the location where you previously saved the Kaspersky Rescue Disk ISO file.(kav_rescue_10.iso)
 
7. Click on the big Write button.
 
8. The disc creation process will now start and it will take around 5-10 minutes to complete.
 
:step2:
Configure the computer to boot from CD-ROM
 
On some machines,if you restart the computer and repeatedly tap the F11 key it should bring up the Boot Menu, from there you can select to boot from the CD.
IF this doesn't happen then you'll need to configure your computer to boot for a CD like you'll see below.
 
 Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:
 
1. Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:
 
2. In your PC BIOS settings select the Boot menu and set CD/DVD-ROM as a primary boot device.
 
3. Insert your Kaspersky Rescue Disk and restart your computer.
 
:step3:
Boot your computer from Kaspersky Rescue Disk
 
1. Your computer will now boot from the Kaspersky Rescue Disk,and you'll be asked to press any key to proceed with this process
 
Kasp1-1.png
 
2. In the start up wizard window that will open, select your language using the cursor moving keys. Press the ENTER key on the keyboard.
 
Kasp2-1.png
 
3. On the next screen, select Kaspersky Rescue Disk. Graphic Mode then press ENTER.
 
Kasp3-1.png
 
4. The End User License Agreement of Kaspersky Rescue Disk will be displayed on the screen. Read carefully the agreement then press the C button on your keyboard.
 
5. Once the actions described above have been performed, the Kasprsky operating system will start.
 
:step4:
Launch Kaspersky WindowsUnlocker to remove the malicious registry changes
 
This ransomware trojan has modified your Windows system registry so that when you're trying to boot your computer it will instead launch his lock screen.To remove this malicious registry changes we need to use the Kasersky WindowsUnlocker from Kaspersky Rescue Disk.
 
1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky WindowsUnlocker.
 
Kasp5-1.png
 
IF you can't find the WindowsUnlocker button, you can select Terminal and in the command prompt type windowsunlocker and then press Enter on the keyboard.
 
2. A white colored console window will appear and will automatically start loading the registry files for scanning and disinfection. The whole process will take only a couple of seconds and after this process you should be able to boot your computer in normal mode.
 
Kasp6-1.png
 
:step5:
Scan your system with Kaspersky Rescue Disk
 
1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky Rescue Disk then click on My Update Center and press Start update.
 
Kasp7-1.png
 
2. When the update process has completed, the light at the top of the window will turn green, and the databases release date will be updated.
 
Kasp8-1.png
 
3. Click on the Objects Scan tab, then click Start Objects Scanto begin the scan.
 
Kasp9-1.png
 
4. If any malicious items are found, the default settings are to prompt you for action with a red popup window on the bottom right. Delete is the recommended action in most cases but we strongly recommend that you try first to disinfect , and if it doesn't work chose to quarantine the infected files just to be on the safe side.
 
Kasp10-1.png
 
5. When all detected items have been processed and removed, the light in the window will turn green and the scan will show as completed.
 
Kasp11-1.png
 
6. When done you can close the Kaspersky Rescue Disk window and use the Start Menu to Restart the computer.
 
7. When booted back into Windows Navigate > Start > Computer > C:\Kaspersky Rescue Disck 10.0 Open the folder, inside is log from KRD run named "ScanObject" copy/paste that file to your reply.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Arson

Arson
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 02 April 2016 - 12:05 AM

Thanks for the help, it works!! Kinda hard to do and need to do it over and over again. But it works, thanks!!



#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 02 April 2016 - 01:10 PM

Thanks for the help, it works!! Kinda hard to do and need to do it over and over again. But it works, thanks!!

Nice :thumbup2:

 

 

For i do check system  If you wish to continue, please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users