[MARKTEN]

I have a pop up that blocks everything happening. I cannot restart in safe mode ( the password says invalid) and when I try safe mode with networking it allows me to complete the log on but then logs straight off.I can log on normally but I just get the screen asking for a UKASH payment.
How can I break in to do something about this?

Mark

[Advertisements]

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I will respond with some instructions soon.

[Buddierdl]

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I will respond with some instructions soon.

[Buddierdl]

Hi Mark,

Could you please tell me what OS your infected computer has?

Do you have a working computer we can use to download some files?

Also, do you have a USB memory stick, or would you prefer burning a CD?

[MARKTEN]

Hi Buddierdi,

Thanks for the reply and of course your time - much appreciated.

I am running XP not sure of the service pack

I have another XP machine which is clean. On this one I tried something from the Malware forum. I downloaded spyhunter-installer.com onto a USB however I do not know how to get to it to run it on the infected machine.
A normal start up displays just a white screen. Previously it did say the Australian Federal police were asfter me and I had to pay $100 via UKASH to release the computer. As it got infected it even took a photo of me with the web cam.I cannot log on in safe mode or safe mode with DOS prompt it tells me my password is incorrect. I can log in with safe mode + networking but after log in it immediately logs off before I can do anything.

Hope this helps for now. What time zone are you in, I wrote this at 12.09 Melbourne time

Best Regards

Mark

[Buddierdl]

Hope this helps for now. What time zone are you in, I wrote this at 12.09 Melbourne time

Thank you for the answers. I am on the east coast of the US in the EST time zone so we are kinda of on opposite ends of the world. I will try to reply to you at least once a day. I should have some instructions for you soon, but need to wait until my instructor approves them, so it will probably be tomorrow morning (for me).

[Buddierdl]

Hi Mark,

Let's get started by looking at your computer from outside the operating system. Please let me know if you have any questions.

Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly



Download the following files to the desktop .. Right click the links and select save as...then select desktop

Iso2disc

OTLPE_standard

Right click OTLPE on your desktop and select Peazip ..Open as archive




Select OTLPE standard



Click Extract, ensure that desktop is selected



Insert the USB stick Then run Iso2Disc



Select the ISO file on the desktop, tick bootable and press burn.

Now insert the prepared USB drive into your infected computer and follow these steps:

• Reboot your system using the USB drive you just created.
  Note : If you do not know how to set your computer to boot from USB follow the steps here
• As the computer needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
• Your system should now display a Reatogo desktop.
  Note : as you are running from USB it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[MARKTEN]

Hi,

i was going OK until "Select the ISO file on the desktop, tick bootable and press burn.

I did burn it but could not find the bootable selection. My other PC is now sat there doing nothing trying to boot up for around 20 mins now. Is it because I did not make the USB bootable?

Mark

[MARKTEN]

I have choices of USB Memory and USB ODD in my boot up list. I am trying USB memory is that correct?

Mark

[Buddierdl]

Yes, please select USB Memory.

[MARKTEN]

Hi,

No joy at all the infected PC is set up to boot onto USB memory but does nothing on start up with the USB inserted.The curser flashes in the top LH corner.
Without the USB inserted it boots up into windows as normal. Attached is the contents of the USB is there anything obvious missing?

Where is the selection to make this bootable?

I tried to burn a CD as an alternative but 5 CDs now got half way and the message did not write appears.

I will try the steps again from square 1 to see if anything got corrupted or I did something wrong

Best Regards

Mark

[Buddierdl]

Hi,

No joy at all the infected PC is set up to boot onto USB memory but does nothing on start up with the USB inserted.The curser flashes in the top LH corner.
Without the USB inserted it boots up into windows as normal. Attached is the contents of the USB is there anything obvious missing?

I think you forgot the attachment.

Where is the selection to make this bootable?

Sorry, with the new program you do not have to select that. Are you sure you burned the "OTLPE_New_Std.iso" file to the USB?

I tried to burn a CD as an alternative but 5 CDs now got half way and the message did not write appears.

I will try the steps again from square 1 to see if anything got corrupted or I did something wrong

Best Regards

Mark

I have some alternative things we can try if this doesn't work. I need to check with my instructor first.

[MARKTEN]

I am also having difficulty adding attachments the PC I am on now is very old. changing the options for attachments just gave me the message I could not attach this kind of file ( a .docx file)

It is a Toshiba and I think the Toshiba CD burn utility is stopping me burn a CD with the ISO2disc. 11 ruined CDs says there's something wrong

However on the USB there are 4 folders

I386
Programs
SFX
and [boot]
and 5 files
Autorun.inf
reatogomenu.ini
win51p
win5ip.sp2
reatogomenu.exe

This will not allow the PC to boot up. I managed to burn 1 CD with the toshiba utility but it was the total folder and this also would not boot up when I set to ODD as the first device.

Best Regards

Mark

[Buddierdl]

Thank you for the info. I will get back to you in the morning in my time (about 13 hours). Don't ruin any more CD's for now.

[Buddierdl]

Hi Mark,

Let's try making a CD this way.

• Download OTLPEStd.exe to your desktop.
• Ensure that you have a blank CD in the drive
• Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created. Make sure the CD drive is set as the first boot device.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[MARKTEN]

Hi Mate,

Not good news, the disc was created and the infected machine started to boot up but got as far as the windows XP display then blue screened saying there is a problem with windows

suggestion run CHKCSK/F

Srop: 0000007B ( 0xF78DA528,0xC0000034,0x00000000,0x00000000)

Best Regards

Mark