Help needed very little computer skills
Started by
richie_25
, Feb 19 2012 06:31 AM
#1
Posted 19 February 2012 - 06:31 AM
richie_25
-
- Member
-
- 4 posts
New Member
#2
Posted 19 February 2012 - 01:03 PM
RKinner
-
- Expert
-
- 23,715 posts
Malware Expert
Can you run OTL and post the log?
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.
Run OTL (Vista or Win 7 => right click and Run As Administrator)
select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.
Can you run Combofix?
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:
:!: It must be saved to your desktop, do not run it :!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Doubleclick on ComboFix to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Can you post the MBAM log?
IF all else fails I expect this is a variation of the Bundespolizei fraud so you might be able to fix it by following the isntructions here:
http://www.wikihow.c...-Virus-Manually
Ron
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.
Run OTL (Vista or Win 7 => right click and Run As Administrator)
select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.
Can you run Combofix?
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:
:!: It must be saved to your desktop, do not run it :!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Doubleclick on ComboFix to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Can you post the MBAM log?
IF all else fails I expect this is a variation of the Bundespolizei fraud so you might be able to fix it by following the isntructions here:
http://www.wikihow.c...-Virus-Manually
Ron
#3
Posted 20 February 2012 - 09:21 AM
richie_25
- Topic Starter
-
- Member
-
- 4 posts
New Member
Laptop wont run in safe mode?:-(
#4
Posted 20 February 2012 - 11:06 AM
RKinner
-
- Expert
-
- 23,715 posts
Malware Expert
See if you can Start, (All) Programs, Accessories, Command Prompt (Win7 or Vista must right click and Run As Admin)
Type with an Enter after the line:
msconfig
Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. Cancel msconfig when it comes up.
Then see if you can run OTL or combofix. If not then try one of the bootable CD scans:
http://www.geekstogo...ystem-tutorial/
http://www.techmixer...-download-list/
Type with an Enter after the line:
msconfig
Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. Cancel msconfig when it comes up.
Then see if you can run OTL or combofix. If not then try one of the bootable CD scans:
http://www.geekstogo...ystem-tutorial/
http://www.techmixer...-download-list/
#5
Posted 21 February 2012 - 06:59 AM
richie_25
- Topic Starter
-
- Member
-
- 4 posts
New Member
as i said i did manage to stop this once by ending a process, which one i cant remember (i know it was a bit silly ending random processes) but can anyone see a process in the photos which might be associated with this because at the moment the laptop wont run in safe mode and in normal mode i only have between 10-20 secs before the malware takes over.
#6
Posted 21 February 2012 - 10:29 AM
RKinner
-
- Expert
-
- 23,715 posts
Malware Expert
I don't see anything that looks like a randomly named program in your Task Manager.
Not sure what indagoupdater.exe is and datamn~1.exe is probably something you don't need but don't think it's the bug.
Can you get into Safe Mode with Command prompt and follow these instructions?
http://deletemalware...ransomware.html
Not sure what indagoupdater.exe is and datamn~1.exe is probably something you don't need but don't think it's the bug.
Can you get into Safe Mode with Command prompt and follow these instructions?
http://deletemalware...ransomware.html
#7
Posted 21 February 2012 - 04:22 PM
richie_25
- Topic Starter
-
- Member
-
- 4 posts
New Member
wont run in safe mode, safe mode with networking or safe mode with comand prompt and in normal mode i dont have enough time before the malware takes over.I can open command line and type explorer and enter but by then times up and screen goes blank 
#8
Posted 21 February 2012 - 05:57 PM
RKinner
-
- Expert
-
- 23,715 posts
Malware Expert
If you can't figure out which process to stop then you will have to boot from a CD. I like Hiren's boot CD:
If none of the safe mode options will work then you will need to boot from a CD or USB drive (if your PC is new enough that that is also an option). I would try Hiren's boot CD.
http://www.hirensboo...BootCD.15.1.zip
Download, save and then right click on it and Extract All. Click on BurnToCD.cmd and follow the instructions to burn the CD. Then move the CD to the sick PC and boot off the CD. (You may need to change the boot order so the CD drive comes before the hard drive. See: http://www.hirensboo...-order-in-bios/ )
Select the miniXP option.
That will allow you to get in to modify files. We don't want to delete the bad files. Just replace them with renamed copied of explorer.exe.
Also check 'Start Up' in the start menu - these you can delete.
Apparently this thing is mutating rapidly. You may also need the off-line registry editor:
Also get PC Regedit
from the link on the lower half of this page:
http://www.raymond.c...ing-in-windows/
If you boot from it following the instructions then you can check the registry values mentioned here:
http://deletemalware...ransomware.html
Note: They say to look at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ could also be infected.
If none of the safe mode options will work then you will need to boot from a CD or USB drive (if your PC is new enough that that is also an option). I would try Hiren's boot CD.
http://www.hirensboo...BootCD.15.1.zip
Download, save and then right click on it and Extract All. Click on BurnToCD.cmd and follow the instructions to burn the CD. Then move the CD to the sick PC and boot off the CD. (You may need to change the boot order so the CD drive comes before the hard drive. See: http://www.hirensboo...-order-in-bios/ )
Select the miniXP option.
That will allow you to get in to modify files. We don't want to delete the bad files. Just replace them with renamed copied of explorer.exe.
Also check 'Start Up' in the start menu - these you can delete.
Apparently this thing is mutating rapidly. You may also need the off-line registry editor:
Also get PC Regedit
from the link on the lower half of this page:
http://www.raymond.c...ing-in-windows/
If you boot from it following the instructions then you can check the registry values mentioned here:
http://deletemalware...ransomware.html
Note: They say to look at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ could also be infected.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
