W32/Blaster.Worm - Purchase "Privacy Protection" Scam

View previous topic View next topic Go down

W32/Blaster.Worm - Purchase "Privacy Protection" Scam

Post by Nellabelle76 on 8th November 2011, 1:25 am

Hi,

I am using a different computer as the infected one cannot connect to the internet.

I am getting a warning that the computer is infected with a W32/Blaster.Worm and that I need to use "Privacy Protection" to repair the problem, then it takes me to a website to purchase this item (which, I am glad to say, I was not stupid enough to do!).

The worm has locked me out of all files, I can't download anything (no internet) or copy any files from a CD and dont have a USB to try.

I have tried putting the system into safe mode but when I press F8 the safe mode screen comes up and freezes and I have to shut the computer down again to get out of it.

I have looked online for a repair but no one seems to have the same problem as me (the safe mode screen freezing and no internet) so I am still not able to repair my system.

I am extremely computer illiterate and really need some help please.

Nellabelle76
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2011-11-08
OS OS : Vista
Points Points : 18573
# Likes # Likes : 0

View user profile

Back to top Go down

Re: W32/Blaster.Worm - Purchase "Privacy Protection" Scam

Post by Gabethebabe on 10th November 2011, 6:42 am

Hi there Nellabelle76 and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst Im helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. Im here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesnt mean it is clean yet!

====================

Your computer is infected with rogueware. It is good that you have a clean computer available too, so you can download the tools we need and bring them to your infected computer with a USB drive. Please proceed with the following:

Please download RKill by Grinler from Download Mirror #1 and save it to your desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double click the RKill desktop icon (rightclick > Run as Administrator for Vista/WIN7).
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and try using Mirror #2
  • Continue process until the tool runs.
  • Important: RKill only temporarily disables the malware. If you reboot the computer, it will be active again. So do not reboot until we kill the infection.

====================

Please download OTL by OldTimer from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

Code:
%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
netlogon.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
disk.sys
explorer.exe
userinit.exe
winlogon.exe
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need multiple posts to get it all.



Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38238
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum