L00b Posted March 11, 2013 Share Posted March 11, 2013 (edited) There I was, preparing to post a reply on SF, then up comes a full page by Cheshire Police eCrime unit accusing me of all sorts of reprehensible online acts. Yup, copped for the ransomware trojan, no clue where from (clean PC on boot at 19:00-ish, only been on eBay, SF and jammaplus, no suspicious email spam in Outlook today either - seems to have jumped on my PC completely out of the blue!) Problem is, f&@! piece of malware won't let me boot in safe mode (even without networking!), page comes up as soon as I log in and won't let me see the task mgr after I've crtl-alt-del. so, I can't get rid with MBAM and now stuck (using my iPad now). Waddler, resident SF expert, can you please help? Or anyone else? This is urgent, need the PC up & running by morning. Additional info: win7 home premium 64 (genuine of course), msse up-to-date, mbam last updated Sunday. I can follow instructions, am not too behind door with command line (is there a way to run mbam by command line from boot? Or at least edit registry?) ---------- Post added 11-03-2013 at 22:22 ---------- Managed to boot in command line mode, find mbam and have now got it running. Edited March 11, 2013 by L00b Link to comment Share on other sites More sharing options...
melthebell Posted March 11, 2013 Share Posted March 11, 2013 http://malwaretips.com/blogs/remove-police-trojan/ take a look at this, first hit on google, if you cant get in with safe mode you need to use something called hitman pro? theres a link on that section to download it, scroll down to method 3 once youve used that it says you can scan with the normal anti malware scanners such as mbam seems legit Link to comment Share on other sites More sharing options...
L00b Posted March 11, 2013 Author Share Posted March 11, 2013 (edited) Thx mel but now done it, mbam has found it & is cleaning it. Trojan.agent.EVA in c/users/(me)/appdata/roaming/ldr.mcb. Hijack.shell.gen. Nasty piece of work, that's been. Let me reboot & check all is now well. Edited March 11, 2013 by L00b Link to comment Share on other sites More sharing options...
melthebell Posted March 11, 2013 Share Posted March 11, 2013 ok, good fingers crossed Link to comment Share on other sites More sharing options...
L00b Posted March 11, 2013 Author Share Posted March 11, 2013 (edited) Posting from PC now, seems it's gone. Updating and re-running mbam now, to be sure. Never knew I could boot in command line mode, then start apps, then start their interface and use mouse. My DOS days are well rusty, that's been a useful experience after all Edited March 11, 2013 by L00b Link to comment Share on other sites More sharing options...
medusa Posted March 11, 2013 Share Posted March 11, 2013 My OH, my in house techie, says that for future reference booting from an antivirus CD should do the job. Link to comment Share on other sites More sharing options...
L00b Posted March 11, 2013 Author Share Posted March 11, 2013 (edited) There's been leaks, mbam updated found another (trojan.ransom). Windows defender, next run on its own, is still failing over halfway (error 08x00-something). Makes me think something's still there, time for another reboot & mbam run. Thank your OH for the good suggestion, Medusa, another oldie-but-goodie I've since forgotten...for shame and inconvenience! ---------- Post added 11-03-2013 at 22:53 ---------- mbam updated again (new definitions since my update of 22:31-ish!), all clean now. Thx peeps for your posts and support, much appreciated EDIT for any fellow sufferrers, just in case: so long as you have malwarebytes (free version) and it's not too out-of-date, here's what to do: start your PC with pressing F8, at the boot mode selection, select 'safe mode with command prompt' [carriage return key] windows safe mode loads and a black window appears with a prompt (usually looks like 'C:>_') when you're there, type: cd Program Files (x86) [carriage return key] cd MalwareBytes' Anti-Malware [carriage return key] mbam.exe [carriage return key] mbamgui.exe [carriage return key] Hey presto, malwarebytes running with the user interface, then select a quick scan and let it do its thing Edited March 11, 2013 by L00b Link to comment Share on other sites More sharing options...
swarfendor437 Posted March 11, 2013 Share Posted March 11, 2013 Another good one from a techie I know told me Dr.Web - this is Russian Anti-virus that boots off CD then updates latest definitions in memory. Link to comment Share on other sites More sharing options...
medusa Posted March 11, 2013 Share Posted March 11, 2013 Glad to hear you're sorted My OH says you're welcome, but next time if you have to visit porn sites, do it sandboxed Link to comment Share on other sites More sharing options...
L00b Posted March 11, 2013 Author Share Posted March 11, 2013 (edited) Glad to hear you're sorted No worries, and thanks for the title edit.My OH says you're welcome, but next time if you have to visit porn sites, do it sandboxed Parental safety is set to stun and access to such content (or other non-suitable material) is permanently barred, little one uses the PC daily. Tell your OH to stop minding the straw in my eye and to start worrying about the beam in his own Edited March 11, 2013 by L00b Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now