For my first post, of course, I bring a problem. My problem may relate to the recent Java vulnerability I've heard about. In any event our Norton Internet Security software did not stop it.
One of our PCs (Win 7 64 bit) now has this virus which completely locks out its use and shows only a bogus page reading "Your computer has been blocked" and so on and a demand for money as a "fine" for some imagined offense. Now the PC will not startup in Safe Mode or Safe Mode with Networking because the virus takes over and restores the demand page. I have been able to start the PC in Safe Mode with Command Promt and run rstrui.exe, but unfortunately there is no system restore point to go back to.
I read about and tried to use Hitman Pro Kickstart but it would not complete installation onto any of my empty flash drives, just simply stopped working after downloading, flashing a very brief "fail" message of some sort.
Hopefully I won't have to reformat the HD boot partition and reinstall software to clear this problem. I could use some help.
For my first post, of course, I bring a problem. My problem may relate to the recent Java vulnerability I've heard about. In any event our Norton Internet Security software did not stop it.
One of our PCs (Win 7 64 bit) now has this virus which completely locks out its use and shows only a bogus page reading "Your computer has been blocked" and so on and a demand for money as a "fine" for some imagined offense. Now the PC will not startup in Safe Mode or Safe Mode with Networking because the virus takes over and restores the demand page. I have been able to start the PC in Safe Mode with Command Promt and run rstrui.exe, but unfortunately there is no system restore point to go back to.
I read about and tried to use Hitman Pro Kickstart but it would not complete installation onto any of my empty flash drives, just simply stopped working after downloading, flashing a very brief "fail" message of some sort.
Hopefully I won't have to reformat the HD boot partition and reinstall software to clear this problem. I could use some help.
Thanks for the welcome and the links, I'm looking into these now. Since I first posted I found MS Windows Defender Offline and I am trying that. I installed it on a flash drive, which became bootble and ran a full scan that lasted two hours. It resulted in locating two trojan programs, Win32/Dynamer!dtc and JS/Reveton.A I had Windows Defender Online "clean" the PC and then rebooted. The ransomeware simply reinstalled itself, so the source was missed in the scan. I am sure it was reinstalled because its displayed 48 hour countdown timer was back to 48.00.00 when it came up again.
The time I was able to get to the Safe Mode Command Promt must have been a fluke, because now all F8 keying during booting results in a pop-up vga colored window laid over the advanced boot options that limits boot options to HD and removable media.
I am doing another full scan with Windows Defender Offline, but after it's done this time I'm going to try to reboot to Safe Mode rather than allowing it to try a normal Windows startup and go from there. If that doesn't work then I'm going to try the Farbar Recovery Scan Tool and take it to some of the places you suggested.
You are to follow their instrictions and not do your own thing with FRST as it is an advanced tool that we use, it is not for the normal user to just go about using without guidance.
Quads
hiznik,
Please do not make things worse by trying any or all of the various tools that are available on a number of sites. If you insist, the best case will be that you don't make it worse. The worse case will be that you can no longer access your computer and may not even be able to reformat and reload it without serious expert assistance. Quads has forgotten more about malware removal than I can imagine. Be smart, get expeert help. The sites I listed offer their services for free.
Keep us posted
" Quads has forgotten more about malware removal than I can imagine"
Ummmm whatever, I am still keeping up with the malware changes
Quads
Thank you both. I was aware that FRST was used for scanning and making a report for qualified folks to decide what ought to be "fixed." This is how I am proceeding at the whathetech.com malware forum, AND we are making progress! The PC's desktop has been recovered.
If you are interested (I have the same username there),
http://forums.whatthetech.com/index.php?showtopic=125497
Guys, how about using Norton Bootable Recovery Tool or NPE maybe? These tools should help. Unless of course, you got ransomware that encrypts files. I saw one a few weeks ago, was called Police central ecrime unit or something like that. Couldn't find any tools to decrytp files except for dr.web's descrypter but it didn't work either.
AdamW wrote:Guys, how about using Norton Bootable Recovery Tool or NPE maybe? These tools should help. Unless of course, you got ransomware that encrypts files. I saw one a few weeks ago, was called Police central ecrime unit or something like that. Couldn't find any tools to decrytp files except for dr.web's descrypter but it didn't work either.
Adam, hiznik is seeking help from a known malware removal site and receiving excellent guidance. They do not need any outside suggestions as if hiznik follows your suggestions while working with a malware removalist, they will drop him.
As a matter of fact, hiznik is making progress and the removalist is currently awaiting more logs.
@ hiznik - looks like you're moving right along, thanks for letting us eavesdrop on your progress.