| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 132782 | 2013-05-22 00:54:00 | Australian Federal Police (AFP) Ukash/ICSPA virus | NZHawk (4093) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1342545 | 2013-05-22 00:54:00 | Windows 7 infected with Australian Federal Police (AFP) Ukash/ICSPA virus won't allow me into Safe Mode - stalls at ClassPNP any suggestions? |
NZHawk (4093) | ||
| 1342546 | 2013-05-22 02:00:00 | use hitman Pro kickstart (www.surfright.nl) Watch the videos on how to use it link for second one is at end of creation demo. if the Computer for some reason wont boot from a USB drive, look on the right of that page about halfway down theres a ISO image to make a bootable CD. Either option, make sure its connected to the interent so it can update. Once boot normally, THEN run other antimalware / Antivirus through again to check. |
wainuitech (129) | ||
| 1342547 | 2013-05-22 02:10:00 | Thank you! | NZHawk (4093) | ||
| 1342548 | 2013-05-22 02:53:00 | Couldn't get the usb drive to work - it stated that it was password protected (not), created an ISO image cd - booted to the cd but it did circumvent the virus - nothing happend any other suggestions? |
NZHawk (4093) | ||
| 1342549 | 2013-05-22 03:55:00 | Was it saying the USB drive is Password protected ?? Try another drive, as long as the USB drive is on another clean PC to install the software it usually works fine. One of the 'tricks" they do is disable safe mode. There is another way that sometimes works, restart the computer in safemode with Command prompt - at the prompt run system restore with the command rstrui.exe when restore opens run it back to before thee computer got infected, this will usually allow you to boot it normally, but it still needs to be scanned for malware, cleaned out etc. This infection also hides in the temp folder, and sometimes other places as well. You can also try running restore back from a Windows 7 Rescue CD - as long as it hasn't disabled the ability to boot from a CD. If that doesn't work, remove the HDD and slave it to another PC and scan with the usual Antimalware Programs. once its booted make sure you disable system Restore. You'll find depending on which one it is, it can actually be in several locations. Last one I did it actually mascaraed as a bookmark - sneaky bloody thing ;) |
wainuitech (129) | ||
| 1342550 | 2013-05-22 04:51:00 | thank you removed the hdd and am running a scan now. will report back tomorrow so far Malwarebytes has detected 4 infections |
NZHawk (4093) | ||
| 1342551 | 2013-05-22 04:52:00 | thank you removed the hdd and am running a scan now. will report back tomorrow so far Malwarebytes has detected 4 infections |
NZHawk (4093) | ||
| 1342552 | 2013-05-22 23:15:00 | use hitman Pro kickstart (www.surfright.nl) Watch the videos on how to use it link for second one is at end of creation demo. if the Computer for some reason wont boot from a USB drive, look on the right of that page about halfway down theres a ISO image to make a bootable CD. Either option, make sure its connected to the interent so it can update. Once boot normally, THEN run other antimalware / Antivirus through again to check.Created a CD from the ISO last night, it hung on loading and wouldnt work, sadly what I thought was going to be a 5 minute removal turned into a 3 hour nightmare - all .exe files wouldnt run, same in safe mode, no restore points, administrator profile disabled....it eventually ended up corrupting its own .exe. The system was running AVG Corporate Edition, what a load of crap, it didnt even detect them. Put ESET on it, it could see it, but wouldnt clean it. Still, got it all sorted and client extremely happy, didnt loose any data. Have to try the disk again and find out if it was the computers fault or disk issue, I suspect it was the computer. |
Iantech (16386) | ||
| 1342553 | 2013-05-22 23:26:00 | Some infections disable the ability to boot from CD and USB, makes life interesting when that happens :) | wainuitech (129) | ||
| 1342554 | 2013-05-22 23:44:00 | I removed the HDD and slave it to another PC then scanned with Malwarebytes & it cleaned up 5 infections enough for me to reinstall the hdd & boot normally ran Malwarebytes on the original computer & removed infected file and am currently running a scan with a virus program |
NZHawk (4093) | ||
| 1 2 3 | |||||