Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Police Pro


  • Please log in to reply

#1
anjilinexile

anjilinexile

    New Member

  • Member
  • Pip
  • 9 posts
I'm using Windows XP Home edition. It started with popups from windows police pro. I checked here on how to deal with that. I downloaded Malwarebytes, ran it, but it wouldn't complete the scan, so I tried to manually delete the offending files that had come up on the scan. The popups stopped and I didn't see anymore Windows Police Pro in the task manager, next time I rebooted I didn't have access to the Task Manager and Malwarebytes wouldn't load.
I checked the MSCG and started the process. After step 1.(TFC) it required a reboot. So I did. And I went to safe mode again for the 2nd step, but it just froze on the loading screen before Windows logo. I tried running on normal mode, and it would just freeze after the Windows logo. Nothing but a blank screen. Any suggestions? Any help would be most appreciated.
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello anjilinexile

Welcome to G2Go. :)

Please run these both in Safe Mode.
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
anjilinexile

anjilinexile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for the fast reply Kahdah. I can't even get to the desktop to download anything. I haven't been past the load screen in Safe Mode -OR- the Windows screen in Normal Mode. If there's a way to bypass it, I'd be willing to try it.
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hmm well we can try.

First try to do this restart the system and then just like you were gong to go to Safe Mode by tapping the F8 key continually on the keyboard but instead of choosing Safe Mode choose Last Known Good Configuration.
See if it will allow you to get some functionality back.
  • 0

#5
anjilinexile

anjilinexile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Sorry for the delay. Last Known Good Configuration also leads to the blank screen. Anything I can do from command prompt?
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Can you get to a command prompt?
If so then do the following.
At whatever command prompt type in chkdsk /r then Y at the run at reboot prompt.
Then reboot and see if chkdsk will run hopefully it will let you into Windows.
Let me know how it goes.
  • 0

#7
anjilinexile

anjilinexile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
No dice on that, still just freezes at the load screen. I hadn't thought of this until my brother suggested it. Would it be safe to slave the infected hard drive on another machine and run anti-spyware on it from there? Or at least to save my music files? I'm a musician and all my work is on the infected machine.
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes that will work should help a little make sure to scan it first before trying to go into the drive.
Also to prevent infecting the machine you plug it into make sure to right click on the drive and choose explore instead of double clicking the drive.
As double clicking can lead to infection.

You can come back here when you have done this and we can finish it up.
  • 0

#9
anjilinexile

anjilinexile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Since it blocked my Malwarebytes before, should I try a different type of detection program, or should it work now that it's slaved? I just want to be sure I take the precautions that are necessary.
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
If you slave it to another computer then it will run fine.
I would scan it with Mbam and an up to date antivirus then try to plug it back into the original machine.
  • 0

#11
anjilinexile

anjilinexile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Okay! :) I'll do it this evening after work! I'll let you know how it goes
  • 0

#12
anjilinexile

anjilinexile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Okay. The slave allowed me to run Malwarebytes on the disc, it took over 3 hours, but it did flag 8 files. I saved this log before I removed the offending files, here's what I found:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

10/16/2009 6:58:02 PM
mbam-log-2009-10-16 (18-57-37).txt

Scan type: Quick Scan
Objects scanned: 101184
Time elapsed: 3 hour(s), 24 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
d:\Program Files\Windows Police Pro\windows Police Pro.exe (Antivirus2009) -> No action taken.
d:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> No action taken.
d:\WINDOWS\system32\dddesot.dll (Rogue.ASC-AntiSpyware) -> No action taken.
d:\WINDOWS\system32\eventlog.dll (Trojan.Sirefef) -> No action taken.
d:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> No action taken.
d:\WINDOWS\system32\winupdate.exe (Rogue.AdvancedVirusRemover) -> No action taken.
d:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> No action taken.
d:\WINDOWS\system32\wmdtc.exe (Backdoor.Bot) -> No action taken.

Again, I removed these files with Malwarebytes, What should I do from here?
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
See if you can boot the machine normally and download and run Combofix and post hat log please.
You can download it from one of these 2 locations:
Link 1
Link 2
  • 0

#14
anjilinexile

anjilinexile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I reconnected the drive to the old machine, still freezes at the same point. Could I run Combofix on the other machine while the infected disk is slaved?
  • 0

#15
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No it will only run locally.
Unhook the drive again and run an antivirus scanner on it then see if it will boot.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP