[Mapexman]

Hi
My advent 9115 laptop has contracted the Trojan virus which claims it is the metropolatain police asking for money, my anti virus did not pick up on it and can't pick it up even in safe mode, and I can find the system restore as it is not available in the f8 option, f10 and f12 don't work either. What can I do?

[Advertisements]

Hello and welcome to Geeks To Go.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Watch Topic near the top of the page, then select Immediate Notification. Click on Proceed.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

[Jack&Jill]

Hello and welcome to Geeks To Go.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Watch Topic near the top of the page, then select Immediate Notification. Click on Proceed.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

[Jack&Jill]

Hello Mapexman ,

Welcome to Geeks To Go. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

• Please observe and follow these Terms of Use.
• Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
• Please read the instructions carefully and follow them closely, in the order they are presented to you.
• If you have any doubts or problems during the fix, please stop and ask.
• All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
• Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
• Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
• Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
• If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly . We may begin.

--------------------

What OS are you having; XP, Vista, Win 7? Can you run programs or do anything When you are in Normal mode? How about in Safe Mode? Do you have the Windows CD or any type of recovery disks?

[Mapexman]

Thank you for helping

I'm running xp
When in normal mode the virus takes over straight away and I can do anything
Also in safe mode with prompting after about 5 mins the virus still takes over

And yes I understand the terms

[Mapexman]

Also no CD

[Jack&Jill]

Hello Mapexman ,

This is very important. Please read through the steps below first before you attempt the fix. You should note down whatever difficulties or deviation from what I described and report back.

If you did not manage to delete anything AND you could not access the Internet, skip the rest of the steps and let me know.

• In Normal Mode even when the infection is active, press Ctrl + O, a dialog should appear.
• Now, browse to c:\windows\system32 and open cmd.exe. In the command prompt window, type explorer.exe, then press Enter.
• You should be able to use the desktop now. Go to Start > Programs > Startup, then delete any entries you do not recognize and those with .dll.lnk extension.
• You could access the same location using c:\documents and settings\administrator\Start Menu\Programs\StartUp using Windows Explorer. If there is nothing suspicious to delete, just move on the next step.
• Next, see if you could access the Internet. If yes, proceed the RogueKiller step below. If not, just skip it and reboot. Download and run RogueKiller after that.

--------------------

Scan with RogueKiller

• Please download RogueKiller© by Tigzy and save it to your desktop. Click here.
• Allow the download if prompted by your security software and please close all your programs.
• Double click on RogueKiller.exe to run it. If it does not run, please try a few times.
• Wait for PreScan to finish, then click on Scan.
• Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
• Please copy and paste the contents of that log in your next reply.

--------------------

Please post back:
1. if the fix attempt successful with all the details
2. RogueKiller log, if possible

[Mapexman]

Hi
The ctrl + o function did not work and no I can not do anything and was not able to delete or access Internet in this mode

[Jack&Jill]

Hello Mapexman ,

A little different approach. See if pressing the Windows logo + R open up the Run commandline. If yes, type in c:\windows\system32\cmd.exe and Enter. Then, continue with the steps of running explorer.exe, deleting suspicious files from Startup, reboot and running RogueKiller.

Also, check if you could access and complete the steps with the task manager. Ctrl + Alt + Del > Task Manager > Application tab > New Task..., followed by the rest of the steps.

If no go, then continue below.

--------------------

You will need an access to another computer for the next step.

Please get Windows Defender Offline and create a bootable media with it. Follow the steps outlined and the tool will walk you through the process.

http://windows.micro...efender-offline

Start the infected computer with WDO bootable media and proceed accordingly.

Once you are done, please boot normally and report back how did things go.

--------------------

Please post back:
1. if the different fix attempt successful with all the details
2. RogueKiller log, if possible
3. result from usage of Windows Defender Offline

[Mapexman]

Hi
The windows button didn't work so I downloaded the windows defender but when I when to install it in safe mode it said the administrator (which is me) has set policies to prevent this instillation, but I don't think I have. What should I do?

[Jack&Jill]

Hello Mapexman ,

I did say that you need an access to another computer for the WDO. I take you have a little more freedom to do things in Safe Mode? Can you download and run RogueKiller in Safe Mode? Please attempt it.

--------------------

Also in Safe Mode, try this.

Please download DDS and save it to your desktop. Click here.

• Double click on DDS.exe and a settings window will appear.
• Check (tick):
  
  • attach.txt
• Click on Start to commence.
• Shortly after, two logs will appear:
  
  • DDS.txt
  • Attach.txt
• The logs are saved to your desktop.
• Copy the contents of both logs and post them in your next reply.

--------------------

Please post back:
1. RogueKiller log
2. DDS logs

[Jack&Jill]

Hello Mapexman ,

I usually close the topic after 3 days without any reply, and it has already been 2 days since my last post. Do you still need help? Any problems following my instructions? Need more time?

If I do not get any response within the next 24 hours, this topic will be closed.

[Mapexman]

Hi
Sorry I'm really busy with work and won't be able to look untill tomorrow so I just need a but more time to try it thanks

[Jack&Jill]

Hello Mapexman ,

No problem. As long as I am aware that you are tied up for a while but still need help, the topic will not be closed.

[Jack&Jill]

Hello Mapexman ,

It has been a couple of days. Are you able to attempt fixing and stay with this topic regularly? If time is an issue, I suggest the following options:
1. reformat and reinstall, this will need effort in securing the Windows CD if you do not have one plus reformatting the computer which could be a quick and clean fix
2. have this topic closed, then start a new one only when you have the time to do so.

[Jack&Jill]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.