Dealing with the ransomware trojan

[L00b 441]

There I was, preparing to post a reply on SF, then up comes a full page by Cheshire Police eCrime unit accusing me of all sorts of reprehensible online acts. Yup, copped for the ransomware trojan, no clue where from (clean PC on boot at 19:00-ish, only been on eBay, SF and jammaplus, no suspicious email spam in Outlook today either - seems to have jumped on my PC completely out of the blue!)

 

Problem is, f&@! piece of malware won't let me boot in safe mode (even without networking!), page comes up as soon as I log in and won't let me see the task mgr after I've crtl-alt-del. so, I can't get rid with MBAM and now stuck (using my iPad now). Waddler, resident SF expert, can you please help? Or anyone else? This is urgent, need the PC up & running by morning.

 

Additional info: win7 home premium 64 (genuine of course), msse up-to-date, mbam last updated Sunday. I can follow instructions, am not too behind door with command line (is there a way to run mbam by command line from boot? Or at least edit registry?)

 

---------- Post added 11-03-2013 at 22:22 ----------

 

Managed to boot in command line mode, find mbam and have now got it running.

Edited March 11, 2013 by L00b

[melthebell 862]

http://malwaretips.com/blogs/remove-police-trojan/

 

take a look at this, first hit on google, if you cant get in with safe mode you need to use something called hitman pro? theres a link on that section to download it, scroll down to method 3

once youve used that it says you can scan with the normal anti malware scanners such as mbam

 

seems legit

[L00b 441]

Thx mel but now done it, mbam has found it & is cleaning it.

 

Trojan.agent.EVA in c/users/(me)/appdata/roaming/ldr.mcb. Hijack.shell.gen.

 

Nasty piece of work, that's been. Let me reboot & check all is now well.

Edited March 11, 2013 by L00b

[melthebell 862]

ok, good

 

fingers crossed

[L00b 441]

Posting from PC now, seems it's gone.

Updating and re-running mbam now, to be sure.

 

Never knew I could boot in command line mode, then start apps, then start their interface and use mouse. My DOS days are well rusty, that's been a useful experience after all

Edited March 11, 2013 by L00b

[medusa 16]

My OH, my in house techie, says that for future reference booting from an antivirus CD should do the job.

[L00b 441]

There's been leaks, mbam updated found another (trojan.ransom).

 

Windows defender, next run on its own, is still failing over halfway (error 08x00-something). Makes me think something's still there, time for another reboot & mbam run.

 

Thank your OH for the good suggestion, Medusa, another oldie-but-goodie I've since forgotten...for shame and inconvenience!

 

---------- Post added 11-03-2013 at 22:53 ----------

 

mbam updated again (new definitions since my update of 22:31-ish!), all clean now.

 

Thx peeps for your posts and support, much appreciated

 

EDIT for any fellow sufferrers, just in case: so long as you have malwarebytes (free version) and it's not too out-of-date, here's what to do:

start your PC with pressing F8,

at the boot mode selection, select 'safe mode with command prompt' [carriage return key]

windows safe mode loads and a black window appears with a prompt (usually looks like 'C:>_')

when you're there, type:

cd Program Files (x86) [carriage return key]

cd MalwareBytes' Anti-Malware [carriage return key]

mbam.exe [carriage return key]

mbamgui.exe [carriage return key]

 

Hey presto, malwarebytes running with the user interface, then select a quick scan and let it do its thing

Edited March 11, 2013 by L00b

[swarfendor437 14]

Another good one from a techie I know told me Dr.Web - this is Russian Anti-virus that boots off CD then updates latest definitions in memory.

[medusa 16]

Glad to hear you're sorted

 

My OH says you're welcome, but next time if you have to visit porn sites, do it sandboxed

[L00b 441]

Glad to hear you're sorted

No worries, and thanks for the title edit.

My OH says you're welcome, but next time if you have to visit porn sites, do it sandboxed

Parental safety is set to stun and access to such content (or other non-suitable material) is permanently barred, little one uses the PC daily.

 

Tell your OH to stop minding the straw in my eye and to start worrying about the beam in his own

Edited March 11, 2013 by L00b

[Marx 10]

I had a couple of clients recently with this problem. I used 'hitman.pro' which is available on free trial. I ran it from a USB stick and it dealt with the problem.

[L00b 441]

Downloading 'new' stuff to get rid of malware always makes me nervous, Marx. Generally I will avoid, and only use as a very last/extreme resort.

 

I did find the links melthebell was on about in the first reply with my iPad, but they just looked like the usual fake help 'fakeware' and a potential source for compounding the problem rather than solve it.

 

Still swear by mbam and hijackthis, besides not venturing into unsalubrious areas of the Web.