PDA

View Full Version : Virus problem



Cicero
10-09-2013, 11:52 AM
I have the virus that says I am being protected by the police and the Governor general, safe mode is no help, it just goes o close down.

What am I to do.?

Speedy Gonzales
10-09-2013, 11:58 AM
You may have to download something like the kaspersky rescue cd (http://support.kaspersky.com/4162), then burn the ISO then boot from it. It's 323 mb

Cicero
10-09-2013, 12:26 PM
You may have to download something like the kaspersky rescue cd (http://support.kaspersky.com/4162), then burn the ISO then boot from it. It's 323 mb

I am downloading as we speak.

How does this get past Nod 32, I thought it was God.!

Lawrence
10-09-2013, 01:20 PM
Yep, Kaspersky's does the trick

Make note of what it finds as it will give you some idea of were it came from

Cicero
10-09-2013, 01:47 PM
Yep, Kaspersky's does the trick

Make note of what it finds as it will give you some idea of were it came from
Will the ISO file do the trick?

I have got it on a USB drive.

Lawrence
10-09-2013, 01:57 PM
The iso you downloaded needs to be burned to DVD and it pays to print off the instructions of how to use the rescue disk

Win 7 has a iso burner but you can use imgburn http://www.imgburn.com/

speedy may have some otherthing to use

Cicero
10-09-2013, 02:23 PM
I have tried both the DVD and USB drive, but win 7 will not pick up when starting.

I might have to get some Ukash.

Lawrence
10-09-2013, 02:31 PM
So you have burned it to DVD and put into DVD drive?,you restart your comp and the Kapersksy desktop should appear
It will get the latest def file(takes 10/15 minutes) then tick all the drive boxes(include boot),the scan will take anywhere from 45 minutes to 90 minutes(depends on how much stuff on your drive)

Lawrence
10-09-2013, 02:35 PM
Just to add,don't under any circumstances buy "ukash",it's a scam,they take your money and your comp's is still disabled

Cicero
10-09-2013, 02:59 PM
So you have burned it to DVD and put into DVD drive?,you restart your comp and the Kapersksy desktop should appear
It will get the latest def file(takes 10/15 minutes) then tick all the drive boxes(include boot),the scan will take anywhere from 45 minutes to 90 minutes(depends on how much stuff on your drive)
I have burned to DVD, but when I run or restart computer, nothing happens

I was joking re Ukash.

I have vista on this computer with a dual boot, otherwise I would be a gone burger.

Lawrence
10-09-2013, 03:08 PM
Your'e comp is obviously not booting from the DVD drive,you need to change the boot order in the bios,most are F8 on startup but depends on make of comp

Just to confirm that the ISO was burned to disk and not just the file was put on to DVD?

speedy may be able to help with the advanced instructions for your setup

wainuitech
10-09-2013, 03:09 PM
This new one is tricky, it actually disables all bootable devices, both CD and usb.:devil


But a simple fix for one I had a few weeks ago was almost to easy. ( after spending most of the day trying to get rid of it)

Try this --- ( assuming its W7) start up, tapping F8 - select safe mode with command prompt - it should boot, log in if required, then you get the command box. It should be at C:\windows\System32>

type in rstrui.exe press enter, after a few moments system restore will open, select a restore point prier to the infection, ( yesterday or what ever is available) run system restore, once done it will need to be rebooted, should start normally.

The one I had, I even took the drive out and scanned it with just about every scanner I had which worked in the past, NOTHING detected it.

Cicero
10-09-2013, 03:49 PM
Blimey Wai, that was a near run thing.

Your instructions saved the day.
If there were better words thank you, I would use them,totally brilliant.
I take it there is no point in running the likes of Spy Bot after the event?

wainuitech
10-09-2013, 04:22 PM
Blimey Wai, that was a near run thing.

Your instructions saved the day.
If there were better words thank you, I would use them,totally brilliant.
I take it there is no point in running the likes of Spy Bot after the event?

Sweet it worked for you to-- One good reason not to disable system restore as so many suggest :)

You can run Spybot if you like, not going to hurt, but this is what happened to me.

Found out the hard way (taking most of the day) damn bootable CD's or USB drives that booted with the previous versions didn't work. I actually thought it was a BIOS setting, but when I put on a clean HDD/OS the bootable CD's worked, infected drive didn't. :confused:

Removed the drive, slaved it, ran Nod32, Norton tool that's designed for this infection, AVG removal tool, Trend Micro( I was trying all) Hitman Pro, Spybot, Super antispyware, Kaspersky's Disk, every thing I had, nothing would detect it.

I was right on the verge of reinstalling the drive when I thought-- what the hell try system restore, cant hurt -- And that worked. When running again, did a scan with various software, didn't come up with anything.

Only thing I did do was disable system restore once running to clear any previous points, then enabled it again, created a fresh/new restore point.

Cicero
10-09-2013, 04:55 PM
Thanks and I hope all have taken note, nasty piece of work that.

Lawrence
10-09-2013, 05:02 PM
Good you have it sorted,the family members one I sorted did not even allow you to get into safe mode but booted from the DVD drive

Did you try the Rescue disk just to see what it looked like? as you may be able to help someone else and will be able to go straight to it

linw
10-09-2013, 05:19 PM
What a b****td that one is now. Sister got it the other day and we couldn't get into safe mode. She lives away from me so she got it fixed by a local tech. Don't know what he did but he seemed to have fixed it promptly.

Good tip re restore. Would never turn this off.

Cicero
10-09-2013, 06:20 PM
Good you have it sorted,the family members one I sorted did not even allow you to get into safe mode but booted from the DVD drive

Did you try the Rescue disk just to see what it looked like? as you may be able to help someone else and will be able to go straight to it
I suspect that the rescue disc is not working at mo, they seem to be covering all avenues.

Billy T
10-09-2013, 06:46 PM
What is the infection vector? Email, file download, accessing infected website? It would be helpful to get some idea, but I guess that it is probably impossible to say.

What OS's are affected?

Cheers

Billy 8-{) :waughh:

wainuitech
10-09-2013, 07:00 PM
From what I've seen its in the temp files, hits XP, Vista and W7.

Usually they disable safe mode, but safe mode with command prompt often works to allow command prompts. Eg: running system restore like I mentioned.

It seems to get in via infected sites, or a random drive by download.