Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Police Pro

Started by anjilinexile , Oct 01 2009 10:17 PM

  • Please log in to reply

#1
anjilinexile
Posted 01 October 2009 - 10:17 PM

anjilinexile

    New Member

  • Member
  • Pip
  • 9 posts
I'm using Windows XP Home edition. It started with popups from windows police pro. I checked here on how to deal with that. I downloaded Malwarebytes, ran it, but it wouldn't complete the scan, so I tried to manually delete the offending files that had come up on the scan. The popups stopped and I didn't see anymore Windows Police Pro in the task manager, next time I rebooted I didn't have access to the Task Manager and Malwarebytes wouldn't load.
I checked the MSCG and started the process. After step 1.(TFC) it required a reboot. So I did. And I went to safe mode again for the 2nd step, but it just froze on the loading screen before Windows logo. I tried running on normal mode, and it would just freeze after the Windows logo. Nothing but a blank screen. Any suggestions? Any help would be most appreciated.
  • 0

Advertisements

#2
kahdah
Posted 02 October 2009 - 07:11 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello anjilinexile

Welcome to G2Go. :)

Please run these both in Safe Mode.
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
anjilinexile
Posted 02 October 2009 - 10:54 PM

anjilinexile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for the fast reply Kahdah. I can't even get to the desktop to download anything. I haven't been past the load screen in Safe Mode -OR- the Windows screen in Normal Mode. If there's a way to bypass it, I'd be willing to try it.
  • 0

#4
kahdah
Posted 03 October 2009 - 05:54 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hmm well we can try.

First try to do this restart the system and then just like you were gong to go to Safe Mode by tapping the F8 key continually on the keyboard but instead of choosing Safe Mode choose Last Known Good Configuration.
See if it will allow you to get some functionality back.
  • 0

#5
anjilinexile
Posted 08 October 2009 - 04:45 PM

anjilinexile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Sorry for the delay. Last Known Good Configuration also leads to the blank screen. Anything I can do from command prompt?
  • 0

#6
kahdah
Posted 09 October 2009 - 06:29 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Can you get to a command prompt?
If so then do the following.
At whatever command prompt type in chkdsk /r then Y at the run at reboot prompt.
Then reboot and see if chkdsk will run hopefully it will let you into Windows.
Let me know how it goes.
  • 0

#7
anjilinexile
Posted 12 October 2009 - 05:11 PM

anjilinexile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
No dice on that, still just freezes at the load screen. I hadn't thought of this until my brother suggested it. Would it be safe to slave the infected hard drive on another machine and run anti-spyware on it from there? Or at least to save my music files? I'm a musician and all my work is on the infected machine.
  • 0

#8
kahdah
Posted 12 October 2009 - 06:21 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes that will work should help a little make sure to scan it first before trying to go into the drive.
Also to prevent infecting the machine you plug it into make sure to right click on the drive and choose explore instead of double clicking the drive.
As double clicking can lead to infection.

You can come back here when you have done this and we can finish it up.
  • 0

#9
anjilinexile
Posted 13 October 2009 - 04:20 PM

anjilinexile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Since it blocked my Malwarebytes before, should I try a different type of detection program, or should it work now that it's slaved? I just want to be sure I take the precautions that are necessary.
  • 0

#10
kahdah
Posted 14 October 2009 - 05:42 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
If you slave it to another computer then it will run fine.
I would scan it with Mbam and an up to date antivirus then try to plug it back into the original machine.
  • 0

#11
anjilinexile
Posted 14 October 2009 - 11:49 AM

anjilinexile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Okay! :) I'll do it this evening after work! I'll let you know how it goes
  • 0

#12
anjilinexile
Posted 16 October 2009 - 05:18 PM

anjilinexile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Okay. The slave allowed me to run Malwarebytes on the disc, it took over 3 hours, but it did flag 8 files. I saved this log before I removed the offending files, here's what I found:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

10/16/2009 6:58:02 PM
mbam-log-2009-10-16 (18-57-37).txt

Scan type: Quick Scan
Objects scanned: 101184
Time elapsed: 3 hour(s), 24 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
d:\Program Files\Windows Police Pro\windows Police Pro.exe (Antivirus2009) -> No action taken.
d:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> No action taken.
d:\WINDOWS\system32\dddesot.dll (Rogue.ASC-AntiSpyware) -> No action taken.
d:\WINDOWS\system32\eventlog.dll (Trojan.Sirefef) -> No action taken.
d:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> No action taken.
d:\WINDOWS\system32\winupdate.exe (Rogue.AdvancedVirusRemover) -> No action taken.
d:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> No action taken.
d:\WINDOWS\system32\wmdtc.exe (Backdoor.Bot) -> No action taken.

Again, I removed these files with Malwarebytes, What should I do from here?
  • 0

#13
kahdah
Posted 17 October 2009 - 08:25 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
See if you can boot the machine normally and download and run Combofix and post hat log please.
You can download it from one of these 2 locations:
Link 1
Link 2
  • 0

#14
anjilinexile
Posted 18 October 2009 - 11:06 PM

anjilinexile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I reconnected the drive to the old machine, still freezes at the same point. Could I run Combofix on the other machine while the infected disk is slaved?
  • 0

#15
kahdah
Posted 19 October 2009 - 04:44 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No it will only run locally.
Unhook the drive again and run an antivirus scanner on it then see if it will boot.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP