Jump to content


Dealing with the ransomware trojan

Recommended Posts

There I was, preparing to post a reply on SF, then up comes a full page by Cheshire Police eCrime unit accusing me of all sorts of reprehensible online acts. Yup, copped for the ransomware trojan, no clue where from (clean PC on boot at 19:00-ish, only been on eBay, SF and jammaplus, no suspicious email spam in Outlook today either - seems to have jumped on my PC completely out of the blue!)

 

Problem is, f&@! piece of malware won't let me boot in safe mode (even without networking!), page comes up as soon as I log in and won't let me see the task mgr after I've crtl-alt-del. so, I can't get rid with MBAM and now stuck (using my iPad now). Waddler, resident SF expert, can you please help? Or anyone else? This is urgent, need the PC up & running by morning.

 

Additional info: win7 home premium 64 (genuine of course), msse up-to-date, mbam last updated Sunday. I can follow instructions, am not too behind door with command line (is there a way to run mbam by command line from boot? Or at least edit registry?)

 

---------- Post added 11-03-2013 at 22:22 ----------

 

Managed to boot in command line mode, find mbam and have now got it running.

Edited by L00b

Share this post


Link to post
Share on other sites

http://malwaretips.com/blogs/remove-police-trojan/

 

take a look at this, first hit on google, if you cant get in with safe mode you need to use something called hitman pro? theres a link on that section to download it, scroll down to method 3

once youve used that it says you can scan with the normal anti malware scanners such as mbam

 

seems legit

Share this post


Link to post
Share on other sites

Thx mel but now done it, mbam has found it & is cleaning it.

 

Trojan.agent.EVA in c/users/(me)/appdata/roaming/ldr.mcb. Hijack.shell.gen.

 

Nasty piece of work, that's been. Let me reboot & check all is now well.

Edited by L00b

Share this post


Link to post
Share on other sites

Posting from PC now, seems it's gone.

Updating and re-running mbam now, to be sure.

 

Never knew I could boot in command line mode, then start apps, then start their interface and use mouse. My DOS days are well rusty, that's been a useful experience after all :thumbsup:

Edited by L00b

Share this post


Link to post
Share on other sites

My OH, my in house techie, says that for future reference booting from an antivirus CD should do the job.

Share this post


Link to post
Share on other sites

There's been leaks, mbam updated found another (trojan.ransom).

 

Windows defender, next run on its own, is still failing over halfway (error 08x00-something). Makes me think something's still there, time for another reboot & mbam run.

 

Thank your OH for the good suggestion, Medusa, another oldie-but-goodie I've since forgotten...for shame and inconvenience! :blush:

 

---------- Post added 11-03-2013 at 22:53 ----------

 

mbam updated again (new definitions since my update of 22:31-ish!), all clean now.

 

Thx peeps for your posts and support, much appreciated :)

 

EDIT for any fellow sufferrers, just in case: so long as you have malwarebytes (free version) and it's not too out-of-date, here's what to do:

start your PC with pressing F8,

at the boot mode selection, select 'safe mode with command prompt' [carriage return key]

windows safe mode loads and a black window appears with a prompt (usually looks like 'C:>_')

when you're there, type:

cd Program Files (x86) [carriage return key]

cd MalwareBytes' Anti-Malware [carriage return key]

mbam.exe [carriage return key]

mbamgui.exe [carriage return key]

 

Hey presto, malwarebytes running with the user interface, then select a quick scan and let it do its thing :)

Edited by L00b

Share this post


Link to post
Share on other sites

Another good one from a techie I know told me Dr.Web - this is Russian Anti-virus that boots off CD then updates latest definitions in memory.

Share this post


Link to post
Share on other sites

Glad to hear you're sorted :)

 

My OH says you're welcome, but next time if you have to visit porn sites, do it sandboxed :)

Share this post


Link to post
Share on other sites
Glad to hear you're sorted :)
No worries, and thanks for the title edit.
My OH says you're welcome, but next time if you have to visit porn sites, do it sandboxed :)
Parental safety is set to stun and access to such content (or other non-suitable material) is permanently barred, little one uses the PC daily.

 

Tell your OH to stop minding the straw in my eye and to start worrying about the beam in his own :P:D

Edited by L00b

Share this post


Link to post
Share on other sites

I had a couple of clients recently with this problem. I used 'hitman.pro' which is available on free trial. I ran it from a USB stick and it dealt with the problem.

Share this post


Link to post
Share on other sites

Downloading 'new' stuff to get rid of malware always makes me nervous, Marx. Generally I will avoid, and only use as a very last/extreme resort.

 

I did find the links melthebell was on about in the first reply with my iPad, but they just looked like the usual fake help 'fakeware' and a potential source for compounding the problem rather than solve it.

 

Still swear by mbam and hijackthis, besides not venturing into unsalubrious areas of the Web.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

X