windows police pro help

View previous topic View next topic Go down

windows police pro help

Post by saulA on 9th September 2009, 3:38 am

i used spyware dr to remove the fake antivirus upon my computers rebooting everything on my desktop has dissapeared and im using task manager to launch anything


help is greatly appreciated

saulA
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-08-17
OS OS : xp
Points Points : 26704
# Likes # Likes : 0

View user profile

Back to top Go down

Re: windows police pro help

Post by Dr Jay on 9th September 2009, 5:56 am

Hi

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: windows police pro help

Post by saulA on 11th September 2009, 11:26 am

I already have malware but I can't run it for when I ask task manager to open it it tells me it doesn't exist

saulA
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-08-17
OS OS : xp
Points Points : 26704
# Likes # Likes : 0

View user profile

Back to top Go down

Re: windows police pro help

Post by Dr Jay on 11th September 2009, 7:36 pm

Hi

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).

Please navigate to the Control Panel, enter Add or Remove programs. Uninstall Malwarebytes Anti-Malware.

Then...

Please download a fresh copy of Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]. SAVE the file to your Desktop, and RENAME it to imal-remove.scr, then click the Save button.

Double Click imal-remove.scr to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: windows police pro help

Post by sunshineisublime on 11th September 2009, 7:58 pm

I just wanted to thak you DragonMaster I had been looking at the posts and with all the information provided I was able to slay that demon spawn police pro virus. You guys rock.Right On!
I just saved Malwarebytes on my desktop as .scr and it worked ! Hooray!
It also could be under dddesot.dll
Thank You! I will always come back to geekpolice anytime I have any computer problems.
I also wanted to ask I use Limewire for music. Could that have been the entryway to which the virus could have entered??

sunshineisublime
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-09-09
OS OS : Windows XP
Points Points : 26461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: windows police pro help

Post by Dr Jay on 11th September 2009, 8:20 pm

Hi

Yes. Downloading files from P2P clients (Peer-2-Peer), is one of the biggest problems we see in the malware community. The problem is, that attackers use specially crafted files to distribute malware to users. I suggest to not use it, unless you know what you're doing.

==

Please post the log from Malwarebytes log, so I can verify if you need more help or not.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: windows police pro help

Post by saulA on 12th September 2009, 1:00 am

I wasn't able to open in safe mode and I re-downloaded malwarebyte but as soon as it begins to scan it closes and I cannot find it with my entire desktop still gone

saulA
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-08-17
OS OS : xp
Points Points : 26704
# Likes # Likes : 0

View user profile

Back to top Go down

Re: windows police pro help

Post by Dr Jay on 12th September 2009, 2:22 am

Please visit Safe Mode with Networking again.

Please download ComboFix from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] to your Desktop.

**Note:
In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**


  1. If you are using Firefox, make sure that your download settings are as follows:

    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

  • During the download, rename Combofix to Combo-Fix as follows:




  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------


    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on [You must be registered and logged in to see this link.] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------



    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------


  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

  • **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

    If you still cannot get this to run, try booting into Safe Mode, and run it there.

    To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode."

    If this doesn't work either, try the same method (above method), but name
    Combofix.exe to iexplore.exe instead, or winlogon.exe.
    This is because it also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so this whitelist also includes system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13743
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302211
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: windows police pro help

    Post by saulA on 14th September 2009, 3:54 am

    I can't open in safe mode it sends me in loops till it just starts as usual and now I'm not able to browse the web so easy

    saulA
    Novice
    Novice

    Posts Posts : 10
    Joined Joined : 2009-08-17
    OS OS : xp
    Points Points : 26704
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: windows police pro help

    Post by Dr Jay on 14th September 2009, 7:18 pm

    Hi

    Please download and unzip [You must be registered and logged in to see this link.]to its own folder on your desktop


    If you get a lot of "red entries" in an IceSword log, don't panic.

    Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.


    Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.


    Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.


    Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.


    Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.



    Now post all of the data collected under the headings for :

    Processes
    Win32 Services
    Startup
    SSDT
    Message Hooks


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13743
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302211
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: windows police pro help

    Post by saulA on 14th September 2009, 7:51 pm

    Chrome is my browser and it tells me all web pages have become unresponsive I am posting from my iPhone , thanks for all the help this far

    saulA
    Novice
    Novice

    Posts Posts : 10
    Joined Joined : 2009-08-17
    OS OS : xp
    Points Points : 26704
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: windows police pro help

    Post by Dr Jay on 14th September 2009, 7:56 pm

    Do you have access to a CD burner?

    Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.
    • Download The Avira AntiVir Rescue System from [You must be registered and logged in to see this link.].
    • Just double-click on the rescue system package to burn it to a CD/DVD.
    • Then please use that CD/DVD with Avira Rescue System to boot your computer.
    You'll get a boot option to either boot from hard drive or AntiVir Rescue System.


    Press the number 2 on your keyboard to boot into AntiVir Rescue System.

    Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.


    Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.


    Then please start the scan.

    The Avira AntiVir Rescue System wil now

    • repair a damaged system,
    • rescue data,
    • scan the system for virus infections.


    Tell me of the results.
    ===

    If you cannot get the CD, and do the rescue scan, then please do the following in Safe Mode:

    Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Do NOT perform a scan yet

    • Double-click on drweb-cureit.exe to start the program.
      An Express Scan of your PC notice will appear.
    • Under Start the Express Scan Now, Click OK to start the scan.
      This is a short scan that will scan the files currently running in memory.
      If something is found, click the Yes button when it asks you if you want to cure it.
    • Once the short scan has finished, Click Options > Change settings
    • Choose the Scan tab and UNcheck Heuristic analysis
    • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
    • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
    • When finished, a message will be displayed at the bottom advising if any viruses were found.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, look if you can see the icon next to the files found.
      If so, click it, then click the next icon right below and select Move incurable.
      (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
    • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
    • Save the DrWeb.csv report to your Desktop.
    • Exit Dr.Web Cureit when you have finished.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13743
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302211
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: windows police pro help

    Post by Rickyking1 on 14th September 2009, 8:39 pm

    Moderated Message:Comment removed. Please do not post in another member's topic. If you need help, please read [You must be registered and logged in to see this link.] over and [You must be registered and logged in to see this link.] to open a new topic. DO NOT delete your post then repost here. This topic is for saulA only.

    Rickyking1
    Novice
    Novice

    Posts Posts : 26
    Joined Joined : 2009-09-03
    Gender Gender : Male
    OS OS : Windows XP Pro
    Points Points : 26558
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum