please wait while a connection is beeing established 2

I see several other "please wait while a connection is beeing established" threads but it appears that Major Geeks has each user on a separate thread to avoid problems. I apologise if my starting a new thread is incorrect.

I have the white screen showing "please wait while a connection is beeing established" in English and German. If I connect to the network this takes me to a fake Metropolitan Police screen demanding £100 to unlock my PC.

It is impossible to boot in any mode except command prompt. ie Safe mode fails.

I have followed the instructions on the other threads and obtained the attached file FRST.txt resulting from executing FRST64.exe

Please can you assist?

The rest of this post shows the steps I followed:
---------------
To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.
...snip
On the System Recovery Options menu you will get the following options:
Quote:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply.
------------

I attach FRST.txt

 

Welcome to MajorGeeks, melbourne1959

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

• Save fixlist.txt to your flash drive.
• You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

Now attempt to boot normally.

 

Thank you

I have transferred the file to the zipdrive and run Fix. I then restarted normally.

The Log is attached

At present everything appears to be back to normal, except that all the desktop icons were missing. I fixed that easily by re-enabling "show desktop icons".

However I have a couple of questions

1. I use Firefox and am sure this was the route of the infection. I see nothing in the LOG or FIX specifically dealing with Firefox. I wonder if I am safe running Firefox under these circumstances. What do you recommend?

2. I normally have an SSD drive in the CD bay. When the virus hit I removed the drive (to protect the contents). Given that McAfee failed to protect me from this Trojan I wonder about reinserting the SSD. Again can you make a recommendation?

Thanks again

 

You're welcome.

Delete this folder: C:\Users\All Users\B7E858A701AF04F3038F4765B4EB2331
You can also delete the C:\FRST folder at this time.

I use FireFox as my primary browser. This type of infection typically exploits old versions of Java, Adobe Flash Player, and Adobe Reader. I would check these 3 applications first and foremost.

The SSD drive should be fine. This type of infection does not spread to other devices.

Be safe

 

OK I've deleted the FRST and B7E858A701AF04F3038F4765B4EB2331 folders. The former was easy. The latter required me to drop down to DOS due to the fact that in Windows, the latter remained hidden even though "show hidden folders" was enabled. Apart from remembering how to delete files & folders in DOS, it was straightforward operation.

I note in Firefox, McAfee SiteAdvisor has been disabled. I seem to recall this was a recent occurrence after updating Firefox. Java was not up to date but is now. Both Adobe products were up to date.

This would support your suggestion that Java is vulnerable!

Many thanks again.

 

You're welcome