Windows Police Pro

View previous topic View next topic Go down

Windows Police Pro

Post by adamjw on 19th October 2009, 12:27 am

Hopefully someone will be able to help me.
Looks like I got infected with Windows Police Pro
Following are few items that are happening on the PC
- Windows POP up
- unable to use taskmanager
- Windows Police Pro pops up messaged that system is infected and wants to download a full version
- PC re-sets if I'm connected to internet.

Any sugestions will be appreciated

Thank you,

~Adam

adamjw
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-10-19
OS OS : xp
Points Points : 26104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Belahzur on 19th October 2009, 12:40 am

Please download [You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Police Pro

Post by adamjw on 19th October 2009, 1:04 am

Thanks for your help
Run the exeHelper twice

Results from 1st. run:
exeHelper by Raktor
Build 20091018
Run at 20:47:41 on 10/18/09
Now searching...
Checking for numerical processes...
Deleting file C:\Documents and Settings\All Users\Application Data\90652830\90652830.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\90652830
Deleting file C:\Documents and Settings\All Users\Application Data\33579633\33579633.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\33579633
Checking for bad processes...
Killed process Windows Police Pro.exe
Checking for bad files...
Deleting file C:\WINDOWS\system32\AVR09.exe
Deleting file C:\WINDOWS\system32\~.exe
Deleting file C:\WINDOWS\system32\winupdate.exe
Deleting file C:\WINDOWS\system32\41.exe
Deleting file C:\WINDOWS\system32\winhelper.dll
Deleting file C:\WINDOWS\system32\pump.exe
Deleting file C:\WINDOWS\system32\calc.dll
Deleting file C:\Program Files\Windows Police Pro\Windows Police Pro.exe
Checking for bad registry entries...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Log from the 2nd run:
exeHelper by Raktor
Build 20091018
Run at 20:57:39 on 10/18/09
Now searching...
Checking for numerical processes...
Deleting file C:\Documents and Settings\All Users\Application Data\03915220\03915220.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\03915220
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

adamjw
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-10-19
OS OS : xp
Points Points : 26104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Belahzur on 19th October 2009, 12:10 pm

Hello.
Okay, we've made a dent big enough to allow us to start slicing away at this malware.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum