Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help needed very little computer skills


  • Please log in to reply

#1
richie_25

richie_25

    New Member

  • Member
  • Pip
  • 4 posts
Hi, something has taken over my laptop, switch on and after start up about 10-20 seconds later screen goes blank except for wallpaper then this appears (see pics).Last night by ending some processes which i can do if i am quick enough i managed to stop this and ran avg and malwarebytes scans, malwarebytes found 11 suspicious items and quarantined them and i thought that would be that but on next startup same thing.I have taken photos of the processes and the problem so just wondering if someone can help, thanks.
Posted Image
Posted Image
Posted Image
Posted Image
Posted Image
Posted Image
Posted Image
Posted Image
Posted Image
Posted Image
Posted Image
Posted Image
Posted Image
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Can you run OTL and post the log?

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Can you run Combofix?

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Can you post the MBAM log?

IF all else fails I expect this is a variation of the Bundespolizei fraud so you might be able to fix it by following the isntructions here:

http://www.wikihow.c...-Virus-Manually

Ron
  • 0

#3
richie_25

richie_25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Laptop wont run in safe mode?:-(
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
See if you can Start, (All) Programs, Accessories, Command Prompt (Win7 or Vista must right click and Run As Admin)

Type with an Enter after the line:

msconfig

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. Cancel msconfig when it comes up.

Then see if you can run OTL or combofix. If not then try one of the bootable CD scans:

http://www.geekstogo...ystem-tutorial/

http://www.techmixer...-download-list/
  • 0

#5
richie_25

richie_25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
as i said i did manage to stop this once by ending a process, which one i cant remember (i know it was a bit silly ending random processes) but can anyone see a process in the photos which might be associated with this because at the moment the laptop wont run in safe mode and in normal mode i only have between 10-20 secs before the malware takes over.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
I don't see anything that looks like a randomly named program in your Task Manager.

Not sure what indagoupdater.exe is and datamn~1.exe is probably something you don't need but don't think it's the bug.

Can you get into Safe Mode with Command prompt and follow these instructions?

http://deletemalware...ransomware.html
  • 0

#7
richie_25

richie_25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
wont run in safe mode, safe mode with networking or safe mode with comand prompt and in normal mode i dont have enough time before the malware takes over.I can open command line and type explorer and enter but by then times up and screen goes blank :help:
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
If you can't figure out which process to stop then you will have to boot from a CD. I like Hiren's boot CD:

If none of the safe mode options will work then you will need to boot from a CD or USB drive (if your PC is new enough that that is also an option). I would try Hiren's boot CD.

http://www.hirensboo...BootCD.15.1.zip

Download, save and then right click on it and Extract All. Click on BurnToCD.cmd and follow the instructions to burn the CD. Then move the CD to the sick PC and boot off the CD. (You may need to change the boot order so the CD drive comes before the hard drive. See: http://www.hirensboo...-order-in-bios/ )
Select the miniXP option.

That will allow you to get in to modify files. We don't want to delete the bad files. Just replace them with renamed copied of explorer.exe.
Also check 'Start Up' in the start menu - these you can delete.

Apparently this thing is mutating rapidly. You may also need the off-line registry editor:

Also get PC Regedit
from the link on the lower half of this page:
http://www.raymond.c...ing-in-windows/

If you boot from it following the instructions then you can check the registry values mentioned here:
http://deletemalware...ransomware.html

Note: They say to look at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ could also be infected.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP