Police virus! Please help

Discussion in 'Malware Help (A Specialist Will Reply)' started by Bart2727, Dec 17, 2012.

  1. Bart2727

    Bart2727 Private E-2

    OK, you probably have heard this thing before, but I have the police virus on my Asus laptop. I have tried some things that you can find about it on the internet. I have tried to start in safe mode, doesn't work. None of the three possible safe modes. I have created the Hitmanpro Kickstart USB, but he doesn't let me start from there. Creating a Windows bit defender CD or anything else also doesn't work, simply because I can't boot from the CD (or so it seems). Now a couple of days later, I don't see the virus anymore, I only see a white screen once I start the computer. It's the version where they take a picture of you with the webcam, the Spanish one. Does anyone know how I possibly could remove the virus? I have a Windows 7 operating system. Thanks in advance!
     
    Bart2727, Dec 17, 2012
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    http://img827.imageshack.us/img827/1263/frst.gif For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply. (How to attach)
     
    Kestrel13!, Dec 17, 2012
    #2
  3. Bart2727

    Bart2727 Private E-2

    Here is the log file:


    Thanks a lot, I hope this will work.

    Bart
     

    Attached Files:

    Last edited by a moderator: Dec 17, 2012
    Bart2727, Dec 17, 2012
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Attached is fixlist.txt
    • Save fixlist.txt to your flash drive.
    • You should now have both fixlist.txt and FRST64.exe on your flash drive.

    Now re-enter System Recovery Options.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt).
    Please attach this to your next message. (How to attach)

    Now attempt to boot normally.

    -------------------------------
     

    Attached Files:

    Kestrel13!, Dec 17, 2012
    #4
  5. Bart2727

    Bart2727 Private E-2

    And here the log...

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
    Ran by SYSTEM at 2012-12-18 20:21:04 Run:2
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\facemoods Value deleted successfully.
    HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SweetIM Value deleted successfully.
    HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator Value deleted successfully.
    HKEY_USERS\Bart\Software\Microsoft\Windows\CurrentVersion\Run\\Update Value deleted successfully.
    HKEY_USERS\Bart\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load Value not found.
    HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\45253 Value not found.

    ==== End of Fixlog ====
     
    Bart2727, Dec 18, 2012
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    ...and can you boot normally now...?
     
    Kestrel13!, Dec 18, 2012
    #6
  7. Bart2727

    Bart2727 Private E-2

    No, still not..
     
    Bart2727, Dec 18, 2012
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hmm, run FRST again and attach the new log.
     
    Kestrel13!, Dec 19, 2012
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds