Screen locked; Bogus Police want £100 !
Started by
DragonFromWales
, May 23 2012 04:01 PM
#16
Posted 24 May 2012 - 08:43 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
#17
Posted 24 May 2012 - 11:23 PM
DragonFromWales
- Topic Starter
-
- Member
-
- 97 posts
Member
Hi. The Documents and Settings folder is locked.
There is a second Programs Files on Drive C called Program Files (x86). And a third called Program Data.
But all programs seem to open nicely.
There is a second Programs Files on Drive C called Program Files (x86). And a third called Program Data.
But all programs seem to open nicely.
#18
Posted 25 May 2012 - 12:14 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Not sure what you mean by "The Documents and Settings folder is locked."
You should have a Libraries Folder under Desktop and under that should be folders for Documents, music, video and Pictures. Click on Documents and you should see My Documents and Public Documents. (You will sometimes see shortcuts which when you click on them say access denied. This is normal in Win 7
Are you able to open old documents,and pictures?
You should have a Libraries Folder under Desktop and under that should be folders for Documents, music, video and Pictures. Click on Documents and you should see My Documents and Public Documents. (You will sometimes see shortcuts which when you click on them say access denied. This is normal in Win 7
Are you able to open old documents,and pictures?
#19
Posted 26 May 2012 - 10:12 PM
DragonFromWales
- Topic Starter
-
- Member
-
- 97 posts
Member
Hi. Yes I can open / see photos etc. The Documemts file has an icon of a lock on it, and I'm unable to double click on it.
Secondly, I have opened my Security Essentials window and I can see that it spotted three trojan horses a few days ago (23/05/2012). I thought maybe these may be relevant, maybe not. They are: Win64/Sirfef.Y Medfos.A and Sirfef.P
My Malwarebytes is still stopping something from happening. "Successfully blocked access to a potentally harmful website: 66.150.14.111 Type:Outgoing.
Thanks for your help, so far.
Secondly, I have opened my Security Essentials window and I can see that it spotted three trojan horses a few days ago (23/05/2012). I thought maybe these may be relevant, maybe not. They are: Win64/Sirfef.Y Medfos.A and Sirfef.P
My Malwarebytes is still stopping something from happening. "Successfully blocked access to a potentally harmful website: 66.150.14.111 Type:Outgoing.
Thanks for your help, so far.
#20
Posted 26 May 2012 - 11:23 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
Let's also try the bitdefender quickscan.
http://quickscan.bitdefender.com/
When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
Let's also try the bitdefender quickscan.
http://quickscan.bitdefender.com/
When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).
#21
Posted 27 May 2012 - 04:32 AM
DragonFromWales
- Topic Starter
-
- Member
-
- 97 posts
Member
eset log:
C:\Program Files (x86)\Windows iLivid Toolbar\del_DM_DLL_73.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\del_DM_EXE_47.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\del_IEBHO_65.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\BrowserConnection.dll.vir Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll.vir Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\datamngrUI.exe.vir a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\DnsBHO.dll.vir Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll.vir Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Erin\AppData\Roaming\xkpoe\start.exe.vir
C:\Program Files (x86)\Windows iLivid Toolbar\del_DM_DLL_73.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\del_DM_EXE_47.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\del_IEBHO_65.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\BrowserConnection.dll.vir Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll.vir Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\datamngrUI.exe.vir a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\DnsBHO.dll.vir Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll.vir Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Erin\AppData\Roaming\xkpoe\start.exe.vir
#22
Posted 27 May 2012 - 09:18 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Were you able to run the BitDefender scan? It usually only takes a minute.
Is MBAM still complaining about the 66.150.14.111 connection? If so run OTL again, Quickscan and post the log.
Download SubInACL.exe
http://www.microsoft...&displaylang=en
By default it installs the tool in C:\Program Files\Windows Resource Kits\Tools\
Please allow it to do so.
Download and Save the attached file, reset.zip, right click on it and Extract all and copy the reset.cmd file to C:\Program Files\Windows Resource Kits\Tools\.
Start, Run, cmd, OK Type with an ENter after each line:
Copy the next line:
dir /a /s %USERPROFILE%\Documents > \junk.txt
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
then type:
Copy and Paste the text from notepad to your next reply. If the file is to big then attach it.
Is MBAM still complaining about the 66.150.14.111 connection? If so run OTL again, Quickscan and post the log.
Download SubInACL.exe
http://www.microsoft...&displaylang=en
By default it installs the tool in C:\Program Files\Windows Resource Kits\Tools\
Please allow it to do so.
Download and Save the attached file, reset.zip, right click on it and Extract all and copy the reset.cmd file to C:\Program Files\Windows Resource Kits\Tools\.
Start, Run, cmd, OK Type with an ENter after each line:
cd "\Program Files\Windows Resource Kits\Tools" reset.cmd
Copy the next line:
dir /a /s %USERPROFILE%\Documents > \junk.txt
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
then type:
notepad \junk.txt
Copy and Paste the text from notepad to your next reply. If the file is to big then attach it.
#23
Posted 27 May 2012 - 10:37 PM
DragonFromWales
- Topic Starter
-
- Member
-
- 97 posts
Member
bitdefender logs:
Scan time:00:04:56 Files per second:4 Skipped items:0 Password-protected items:0 Over-compressed items:0 Scanned archives:0 Input-output errors:0 Scanned boot sectors:0 Scanned processes:0 Infected processes:0 Scanned registry keys:0 Infected registry keys:0 Scanned cookies:0 Infected cookies:0
Is MBAM still complaining about the 66.150.14.111 connection? No. Well done and thanks!
Re:
cd "\Program Files\Windows Resource Kits\Tools"
reset.cmd
The default went to Program files (x64), so I copied them to Program Files.
On reset.cmd a message came up: reset.cmd is not recognised as an internal or external command.
Await further instructions.
Scan time:00:04:56 Files per second:4 Skipped items:0 Password-protected items:0 Over-compressed items:0 Scanned archives:0 Input-output errors:0 Scanned boot sectors:0 Scanned processes:0 Infected processes:0 Scanned registry keys:0 Infected registry keys:0 Scanned cookies:0 Infected cookies:0
Is MBAM still complaining about the 66.150.14.111 connection? No. Well done and thanks!
Re:
cd "\Program Files\Windows Resource Kits\Tools"
reset.cmd
The default went to Program files (x64), so I copied them to Program Files.
On reset.cmd a message came up: reset.cmd is not recognised as an internal or external command.
Await further instructions.
#24
Posted 27 May 2012 - 11:10 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Most of my scripts are for 32 bit since that's all I have. I expect if it went to Program files (x64) then that's where you should put the reset.cmd => \Program files (x64)\Windows Resource Kits\Tools and then you should use this command instead of the other one:
cd "\Program files (x64)\Windows Resource Kits\Tools"
reset.cmd
cd "\Program files (x64)\Windows Resource Kits\Tools"
reset.cmd
#25
Posted 31 May 2012 - 10:19 PM
DragonFromWales
- Topic Starter
-
- Member
-
- 97 posts
Member
I can't locate it! Sorry.
#26
Posted 31 May 2012 - 11:26 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Let's see if we can see what is going on with the Documents folder.
Can you right click on it and select Properties?
If so click on Restore Defaults if the option is available. If the option for Security is available then click on it and then on Advanced then on Owner. You should be the current owner. If not then Change Owner to: yourself. Then OK. Make sure that you have full control checked in the bottom panel.
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:
(this will take a few minutes to finish)
Copy and paste the text from notepad into a reply.
Can you right click on it and select Properties?
If so click on Restore Defaults if the option is available. If the option for Security is available then click on it and then on Advanced then on Owner. You should be the current owner. If not then Change Owner to: yourself. Then OK. Make sure that you have full control checked in the bottom panel.
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:
cd \
dir /a /s *documents* > \junk.txt
(this will take a few minutes to finish)
notepad \junk.txt
Copy and paste the text from notepad into a reply.
#27
Posted 01 June 2012 - 03:14 PM
DragonFromWales
- Topic Starter
-
- Member
-
- 97 posts
Member
Eureka!
Volume in drive C is Local Disk
Volume Serial Number is C4E5-30AA
Directory of C:\
14/07/2009 06:08 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Bitdefender\Bitdefender 2012\Skin\images\common
14/10/2011 23:59 874 is_icon_documents.png
1 File(s) 874 bytes
Directory of C:\ProgramData
14/07/2009 06:08 <JUNCTION> Documents [C:\Users\Public\Documents]
0 File(s) 0 bytes
Directory of C:\Qoobox\Quarantine\C\Users\Erin
24/05/2012 10:05 <DIR> Documents
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 06:08 <JUNCTION> Documents [C:\Users\Public\Documents]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 06:08 <DIR> Documents
14/07/2009 06:08 <JUNCTION> My Documents [C:\Users\Default\Documents]
0 File(s) 0 bytes
Directory of C:\Users\Erin
24/05/2012 10:05 <DIR> Documents
09/10/2011 14:05 <JUNCTION> My Documents [C:\Users\Erin\Documents]
0 File(s) 0 bytes
Directory of C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Libraries
21/02/2012 17:58 8,097 Documents.library-ms
1 File(s) 8,097 bytes
Directory of C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Recent
11/05/2012 21:11 586 Documents.lnk
1 File(s) 586 bytes
Directory of C:\Users\Erin\AppData\Roaming\Microsoft\Windows\SendTo
09/10/2011 14:12 0 Documents.mydocs
1 File(s) 0 bytes
Directory of C:\Users\Public
06/07/2011 09:14 <DIR> Documents
0 File(s) 0 bytes
Directory of C:\Windows\ServiceProfiles\LocalService
14/07/2009 05:45 <DIR> Documents
0 File(s) 0 bytes
Directory of C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host
11/11/2011 16:29 <DIR> Description Documents
0 File(s) 0 bytes
Directory of C:\Windows\ServiceProfiles\NetworkService
14/07/2009 05:45 <DIR> Documents
0 File(s) 0 bytes
Directory of C:\Windows\System32\migwiz\PostMigRes\Web\base_images
10/06/2009 22:05 1,154 Documents.gif
1 File(s) 1,154 bytes
Directory of C:\Windows\System32\wdi\perftrack
13/07/2009 21:53 13,013 Microsoft-Windows-Documents-Events.ptxml
1 File(s) 13,013 bytes
Directory of C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images
10/06/2009 22:43 1,154 Documents.gif
1 File(s) 1,154 bytes
Directory of C:\Windows\winsxs
14/07/2009 04:20 <DIR> amd64_microsoft-windows-documents-performance_31bf3856ad364e35_6.1.7600.16385_none_3cdadc249cb267a4
0 File(s) 0 bytes
Directory of C:\Windows\winsxs\amd64_microsoft-windows-documents-performance_31bf3856ad364e35_6.1.7600.16385_none_3cdadc249cb267a4
13/07/2009 21:53 13,013 Microsoft-Windows-Documents-Events.ptxml
1 File(s) 13,013 bytes
Directory of C:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c
10/06/2009 22:05 1,154 Documents.gif
1 File(s) 1,154 bytes
Directory of C:\Windows\winsxs\Manifests
14/07/2009 03:27 108,322 amd64_microsoft-windows-documents-performance_31bf3856ad364e35_6.1.7600.16385_none_3cdadc249cb267a4.manifest
1 File(s) 108,322 bytes
Directory of C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287
10/06/2009 22:43 1,154 Documents.gif
1 File(s) 1,154 bytes
Total Files Listed:
11 File(s) 148,521 bytes
13 Dir(s) 405,433,692,160 bytes free
Volume in drive C is Local Disk
Volume Serial Number is C4E5-30AA
Directory of C:\
14/07/2009 06:08 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Bitdefender\Bitdefender 2012\Skin\images\common
14/10/2011 23:59 874 is_icon_documents.png
1 File(s) 874 bytes
Directory of C:\ProgramData
14/07/2009 06:08 <JUNCTION> Documents [C:\Users\Public\Documents]
0 File(s) 0 bytes
Directory of C:\Qoobox\Quarantine\C\Users\Erin
24/05/2012 10:05 <DIR> Documents
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 06:08 <JUNCTION> Documents [C:\Users\Public\Documents]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 06:08 <DIR> Documents
14/07/2009 06:08 <JUNCTION> My Documents [C:\Users\Default\Documents]
0 File(s) 0 bytes
Directory of C:\Users\Erin
24/05/2012 10:05 <DIR> Documents
09/10/2011 14:05 <JUNCTION> My Documents [C:\Users\Erin\Documents]
0 File(s) 0 bytes
Directory of C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Libraries
21/02/2012 17:58 8,097 Documents.library-ms
1 File(s) 8,097 bytes
Directory of C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Recent
11/05/2012 21:11 586 Documents.lnk
1 File(s) 586 bytes
Directory of C:\Users\Erin\AppData\Roaming\Microsoft\Windows\SendTo
09/10/2011 14:12 0 Documents.mydocs
1 File(s) 0 bytes
Directory of C:\Users\Public
06/07/2011 09:14 <DIR> Documents
0 File(s) 0 bytes
Directory of C:\Windows\ServiceProfiles\LocalService
14/07/2009 05:45 <DIR> Documents
0 File(s) 0 bytes
Directory of C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host
11/11/2011 16:29 <DIR> Description Documents
0 File(s) 0 bytes
Directory of C:\Windows\ServiceProfiles\NetworkService
14/07/2009 05:45 <DIR> Documents
0 File(s) 0 bytes
Directory of C:\Windows\System32\migwiz\PostMigRes\Web\base_images
10/06/2009 22:05 1,154 Documents.gif
1 File(s) 1,154 bytes
Directory of C:\Windows\System32\wdi\perftrack
13/07/2009 21:53 13,013 Microsoft-Windows-Documents-Events.ptxml
1 File(s) 13,013 bytes
Directory of C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images
10/06/2009 22:43 1,154 Documents.gif
1 File(s) 1,154 bytes
Directory of C:\Windows\winsxs
14/07/2009 04:20 <DIR> amd64_microsoft-windows-documents-performance_31bf3856ad364e35_6.1.7600.16385_none_3cdadc249cb267a4
0 File(s) 0 bytes
Directory of C:\Windows\winsxs\amd64_microsoft-windows-documents-performance_31bf3856ad364e35_6.1.7600.16385_none_3cdadc249cb267a4
13/07/2009 21:53 13,013 Microsoft-Windows-Documents-Events.ptxml
1 File(s) 13,013 bytes
Directory of C:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c
10/06/2009 22:05 1,154 Documents.gif
1 File(s) 1,154 bytes
Directory of C:\Windows\winsxs\Manifests
14/07/2009 03:27 108,322 amd64_microsoft-windows-documents-performance_31bf3856ad364e35_6.1.7600.16385_none_3cdadc249cb267a4.manifest
1 File(s) 108,322 bytes
Directory of C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287
10/06/2009 22:43 1,154 Documents.gif
1 File(s) 1,154 bytes
Total Files Listed:
11 File(s) 148,521 bytes
13 Dir(s) 405,433,692,160 bytes free
#28
Posted 05 June 2012 - 11:09 PM
DragonFromWales
- Topic Starter
-
- Member
-
- 97 posts
Member
Are you waiting for me?
#29
Posted 15 June 2012 - 12:01 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Sorry, lost your reply and then was on a trip to a place without Internet.
Did you do this:
What happens?
Did you do this:
Can you right click on it and select Properties?
If so click on Restore Defaults if the option is available. If the option for Security is available then click on it and then on Advanced then on Owner. You should be the current owner. If not then Change Owner to: yourself. Then OK. Make sure that you have full control checked in the bottom panel.
What happens?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
