Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Met Police UKAsh Virus on Dell Inspiron... help


  • This topic is locked This topic is locked

#1
corygal

corygal

    New Member

  • Member
  • Pip
  • 2 posts
So the ransom screen blocks everything. I have tried various cures offered by the 'electric interweb' (can you see how techy I am) but nothing works... except an antivirus program that ran, identified the little brute, but the screens on the antivirus were too big for the netbook, and I couldnt get to delete it.

I can start in safe mode, which is a plus, but system restore doesn't want to work.
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello corygal,

Welcome to Geekstogo.

I can start in safe mode, which is a plus, but system restore doesn't want to work.


See if you can follow these instructions and run RogueKiller in Safe Mode. If you can't come back and tell me.

Download RogueKiller to your desktop

Note: This is a French tool so don't be surprised when you find the page displays with some French.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • Click on Scan

    Posted Image
  • Wait for the scan to finish.
  • The report is created on your desktop.
  • Click on the Delete button

    Posted Image
  • The report is created on your desktop.
  • Next click on the ShortcutsFix button.

    Posted Image
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of all the RKreport.txt files from your desktop in your next Reply.
  • 0

#3
corygal

corygal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Didn't work. I can't get the reports off the machine on disc, it wont let me. No internet connection on machine either.
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello corygal,

Let's see if you can do this one. Tell me if you run into difficulty.


In order for this to work, you could need a second PC which is not infected and a USB flash drive or blank CD and CD burner or some other means to transfer files from one computer to the other.
  • Download Chameleon from the Malwarebytes site.
  • Unzip the contents of the zip-file to a folder in a convenient location on the infected computer.
  • If you were unable to do this directly on the infected PC, then copy the folder from the clean computer to the infected one.
  • Make certain that your infected PC is connected to the internet and then open the folder you created or copied, on your infected computer and double-click on svchost.exe.
  • Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you.
  • Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successfully
  • Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
  • Upon completion of the scan, if anything has been detected, click on Show Results
  • Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
  • After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats
  • The logs are automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire reports in your next reply.

  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
A slow computer does not mean there is malware present. I don't see anything in your Hijack This log to indicate that your problem is malware related. I will post the following info to get you started in the right direction, but if you need further help with this you will have to post a new topic in the proper Operating System Forum. I'm closing this topic.

Here are some routine maintenance practices that you should do on a regular basis to keep your machine running efficiently:

Disk Cleanup:

http://www.theelderg...nup_utility.htm

Defrag your HD:

http://artsweb.bham....rag-win2kxp.htm

Run chkdsk:

To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

Remove unnecessary startups

This should be done through the System Configuration Utility. Go to Start > Run and type in msconfig.
Click OK or hit the Enter key.

Click on the "Startup" tab and remove the check by the items that you have determined are unnecessary. Click "Apply" then "Close"

You will be prompted to restart. Go ahead and restart.

Upon restart you will be confronted with a dialogue box warning about running in selective startup. Just ignore that message and put a check in the box by "Don't show me this message or launch the System Configuration Utility when Windows starts" and click "OK". You will not be bothered by the message again.

Keep in mind that some entries will be re-enabled in the startups each time you use that particular program. Therefore, you will have to find the option in that programs preferences that says something like "Load with Windows" or "Run when Windows Starts" and disable that option.

Go here for info on msconfig:

http://www.pacs-port...artup_index.htm

You can look up the startups at the following links to help determine what is needed and what is not:

http://computercops....tartupList.html

http://www.bleepingc...r.com/startups/

http://www.answersth...es/tasklist.htm

http://www.windowsst...start=50&end=75

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, have followed the steps above, and still suspect you may be infected, please contact a staff member with the address of the thread to have it reopened.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP