Malware -ransom-admin permissions no good

lostindc · Aug 29, 2013

hi all,

I've got 2 trojan viruses, aarsjh.exe and lswxx.exe. What I've done so far.

Symptom - Interpol threat screen. Restarted - desktop flashes and goes away to a blank screen. This is my Admin logon. I can't install/run any software because you need to be logged on as "Admin". Tried to change this in registry - no go.

Fix attempts

System restore fix - doesnt work

Boot from USB with Norton Power Erase and Norton Rescue Tools - no detection

Boot from USB - Windows Defender Offline - no detection

Tried Malwarebytes - cant open - no admin privleges on user account

Tried Major Geeks download - no go, admin priv.

Ran some software that told what it was right away - darn it cant find the name - but just said "quarentined" and did nothing. I tried to log on to "admin" but the same thing happened. The desktop flashed and when to a white screen.

Heeeeeeeeeeeeeelp!

chaslang · Aug 29, 2013

Welcome to Major Geeks!

Since you did not even tell us what version of Windows, I'm going to guess that it is hopefully either Win 7 or Vista and give you the below instructions.

Please do the below so that we can boot to System Recovery Options to run a scan.

For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options from the Advanced Boot Options:

Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

Use the arrow keys to select the Repair your computer menu item.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Click to expand...

Select Command Prompt

In the command window type in notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)

lostindc · Aug 30, 2013

Thanks for the help!!!

It's fixed - Norton got it.

I Live Chatted with a guy from Norton explaining the same things I said here. He said - call the Norton phone number - waist of time.

Anyway, like magic the Norton website posted something like "FBI Malware fix - click here " What do you know it's the Power Erase and it removes the problem virus. I'm happy and a little angry at the same time.

It ended up catching the dcl.xmm from the Power Erase. That allowed an Admin logon. Then I ran a full scan from Norton Internet Security and that caught Trojan Zbot.

By the way, I have Win7 pro OS and on a Gateway. No pirated software or hacked anything.

Thanks guys, I'm sure I'll be back for something else.

chaslang · Aug 30, 2013

You're welcome. Glad to hear you have it working.

Log in or Sign up

Malware -ransom-admin permissions no good

lostindc Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

lostindc Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member