Windows Police Pro

View previous topic View next topic Go down

Windows Police Pro

Post by donm1021 on 8th September 2009, 11:37 am

Please Help!

I am on a friends computer right now - as mine has been infected with Windows Police Pro. I cannot get a browser to work (so I can't download a fix). I can't get the taskmanager to work (Police Pro blocks it), and I can't run any .exe files as Police Pro has changed the extension and now they will now run.

I am using Windows Xp Pro

What can I do to get my computer to work again?

Thank you for any help you might offer!

donm1021
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-08
OS OS : winxp
Points Points : 26482
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Belahzur on 8th September 2009, 2:27 pm

Hello.
Can you use another machine to download files from and transport them via USB?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Police Pro

Post by donm1021 on 8th September 2009, 2:37 pm

[You must be registered and logged in to see this link.] wrote:Hello.
Can you use another machine to download files from and transport them via USB?

I do have one that I think I can use. I just need to now what to do.

donm1021
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-08
OS OS : winxp
Points Points : 26482
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Police Pro

Post by donm1021 on 9th September 2009, 2:27 pm

bump

donm1021
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-08
OS OS : winxp
Points Points : 26482
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Belahzur on 9th September 2009, 6:44 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Police Pro

Post by donm1021 on 10th September 2009, 11:33 pm

[You must be registered and logged in to see this link.] wrote:Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


I downloaded to a flash drive and tried to install it on the infected PC - it will not run as Windows Police Pro blocks all *.exe files - what now?

donm1021
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-08
OS OS : winxp
Points Points : 26482
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Belahzur on 11th September 2009, 1:38 am

Hello.
Do you get any errors that mention permission denied? or desot.exe? let me know.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Police Pro

Post by donm1021 on 11th September 2009, 11:17 am

[You must be registered and logged in to see this link.] wrote:Hello.
Do you get any errors that mention permission denied? or desot.exe? let me know.

The error I receive says:

Error: C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Thats all it says and it will not run

donm1021
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-08
OS OS : winxp
Points Points : 26482
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Belahzur on 11th September 2009, 6:33 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    cngaudit.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Police Pro

Post by donm1021 on 11th September 2009, 11:44 pm

[You must be registered and logged in to see this link.] wrote:Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    cngaudit.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Here is the content of that log file:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 19:37 on 11/09/2009 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\system32\dllcache\scecli.dll --a--c 180224 bytes [23:56 03/08/2004] [23:56 03/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\system32\scecli.dll --a--- 180224 bytes [23:56 03/08/2004] [23:56 03/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A

Searching for "netlogon.dll"
C:\WINDOWS\system32\dllcache\netlogon.dll --a--c 407040 bytes [23:56 03/08/2004] [23:56 03/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [23:56 03/08/2004] [23:56 03/08/2004] 96353FCECBA774BB8DA74A1C6507015A

Searching for "eventlog.dll"
C:\WINDOWS\system32\dllcache\eventlog.dll --a--c 55808 bytes [23:56 03/08/2004] [23:56 03/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\system32\eventlog.dll --a--- 62464 bytes [23:56 03/08/2004] [23:56 03/08/2004] (Unable to calculate MD5)

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

donm1021
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-08
OS OS : winxp
Points Points : 26482
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Origin on 12th September 2009, 5:15 am

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Police Pro

Post by donm1021 on 12th September 2009, 8:52 am

[You must be registered and logged in to see this link.] wrote:1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.

Here is the content of the avenger.txt file:

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\eventlog.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

donm1021
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-08
OS OS : winxp
Points Points : 26482
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Origin on 12th September 2009, 5:56 pm

Download this version of HijackThis from here:
[You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\winlogon.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Police Pro

Post by donm1021 on 12th September 2009, 6:23 pm

[You must be registered and logged in to see this link.] wrote:Download this version of HijackThis from here:
[You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\winlogon.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

ok I tried to run this and I get what looks like a cmd window that pops up real quick "desote.exe" and then it goes away and the winlogon.exe will not run.

donm1021
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-08
OS OS : winxp
Points Points : 26482
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Belahzur on 12th September 2009, 10:19 pm

Please delete this file in red:
C:\Windows\system32\desote.exe

Next, download [You must be registered and logged in to see this link.] file.

Download it to your Desktop.
Double click it to run it; select yes to the registry merge prompt.

Can you run Hijack This now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Police Pro

Post by donm1021 on 12th September 2009, 11:34 pm

[You must be registered and logged in to see this link.] wrote:Please delete this file in red:
C:\Windows\system32\desote.exe

Next, download [You must be registered and logged in to see this link.] file.

Download it to your Desktop.
Double click it to run it; select yes to the registry merge prompt.

Can you run Hijack This now?

I was able to delete the "desote.exe" file - but when I double click on the ExeErrorFix file I receive the following error:

"Registry editing has been disabled by your administrator." And it will not work.

donm1021
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-08
OS OS : winxp
Points Points : 26482
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Belahzur on 14th September 2009, 12:24 am


  • Now open a new notepad file.
  • Input this into the notepad file:

    [Version]
    Signature=$CHICAGO$

    [DefaultInstall]
    AddReg=Add.Settings

    [Add.Settings]
    HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000000

  • Save this as fixreg.inf, save it to your desktop.
  • Right click fixreg.inf and select install.

Can you re-run the .reg file now and see if you still get that error.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Police Pro

Post by donm1021 on 14th September 2009, 4:15 am

[You must be registered and logged in to see this link.] wrote:

  • Now open a new notepad file.
  • Input this into the notepad file:

    [Version]
    Signature=$CHICAGO$

    [DefaultInstall]
    AddReg=Add.Settings

    [Add.Settings]
    HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000000

  • Save this as fixreg.inf, save it to your desktop.
  • Right click fixreg.inf and select install.

Can you re-run the .reg file now and see if you still get that error.

Was not able to do the last instruction given, as now I cannot even get to my desktop at all anymore... I receive many errors while starting pc up.... lsass.exe - Application Error - "memory could not be read" Click on OK to terminate program. Click on CANCEL to debug the program.

services.exe - Application Error - "memory could not be read" Click on OK to terminate program. Click on CANCEL to debug the program.

SAS window: winlogon.exe - "memory could not be read" Click on OK to terminate program. Click on CANCEL to debug the program.

winlogin.exe - - "memory could not be read" Click on OK to terminate program. Click on CANCEL to debug the program.

After clicking on OK to all of the above... I get a blue screen Fatal Error and PC restarts over and over again.

donm1021
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-08
OS OS : winxp
Points Points : 26482
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Belahzur on 14th September 2009, 9:21 pm

Hello. Looks like there is another infection hiding, possibly a file infector.

I would advise a format right now, many system files are damaged and can't be repaired.
See here:
[You must be registered and logged in to see this link.]

Instructions how to format and reinstall Windows can be found [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum