[Kev Pike]

Hi there,

I require help to remove the Metropolitan Police ukash trojan virus from my girlfriends laptop running vista business. It was unfortunately taken on last night (1st March) and when I told her to boot in safe mode over the phone, after logging in as the correct user it simply loaded a white screen saying 'please wait while the connection is beeing established' with what I presumed was a German trsnlation underneath. Obviously this is part of the virus. She has since come home from university today for help.

I originally tried following the online guides of booting up in 'safe mode with command prompt' and install the 'grindinsoft trojan killer' via the usb drive i had plugged in however it would not allow me to access the usb drive. I then tried the manual removal however I couldn't access 'regedit' as was blocked by adminstrator options. Only malware program that was on was microsoft essentials which couldn't detect it in 2 scans. I then searched for it manually by searching for .exe to find it in windows. I saw what I presumed was the virus, a load of random characters then .exe extension. I clicked this to make sure it was. It then brought up the white screen with the 'please wait while the connection is beeing established' again so knew I had found it.

I then hard reset it and tried to boot up in 'safe mode with command prompt' again but when i get past the log in again it continually brings up the white screen, like it did for my girlfriend last night. I have tried all 3 different 'safe modes' and it happens on them all.

How can I remove it when I cannot even get into safe mode?

Thanks in advance for the help.

[Advertisements]

Do you have the ability to create a CD - that we can then use to boot into the system ?

OK next we will work outside of windows then Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Download the attacherd scan.txt to a USB drive
  [attachment=56425:scan.txt]
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
• Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start
• Drag and drop the scan.txt into the Custom scans and fixes box, or double click the scan box
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[Essexboy]

Do you have the ability to create a CD - that we can then use to boot into the system ?

OK next we will work outside of windows then Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Download the attacherd scan.txt to a USB drive
  [attachment=56425:scan.txt]
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
• Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start
• Drag and drop the scan.txt into the Custom scans and fixes box, or double click the scan box
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.