User Tag List

Windows Police Pro

This is a discussion on Windows Police Pro within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. This is my first posting a thread, my computer has the Windows Police Pro virus since Friday the 9th of


 
 
Thread Tools Search this Thread
Old 10-12-2009, 10:00 AM   #1
Guest
 
Join Date: Oct 2009
Posts: 9
OS:


Exclamation

This is my first posting a thread, my computer has the Windows Police Pro virus since Friday the 9th of October. I have not used my computer since this morning. In the meantime, the following items are not allowing me to remove this virus:

Will not start in any safe mode
Disabled my task manager
Disabled my icons and start menu
Disabled my manual start command

Please help, the information stored on my computer has not been backed up.

thanks
gunk0065 is offline  
Sponsored Links
Advertisement
 
Old 10-12-2009, 01:55 PM   #2
Security Team
Analyst
 
Join Date: Jun 2008
Location: Midwest, U.S.A.
Posts: 988
OS: Dual Boot Setup, Vista SP2 and XPSP3



Please download Malwarebytes Anti-Malware and save it to your desktop.
If you have problems with that link, you can also download it from Here or Here
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If you encounter any problems while downloading the updates, manually download them from here
    and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Exit MBAM. Please remember to copy and paste the contents of that report in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
__________________
Disabled Veteran, U.S.C.G. 1972 - 1978

Windows XP Performance and Maintenance
Windows Vista Performance and Maintenance

1972vet is offline  
Old 10-12-2009, 02:05 PM   #3
Guest
 
Join Date: Oct 2009
Posts: 9
OS:



Unfortanetly, I am not able to get on the internet, my icons and start menu are gone. Also, I am unable to start through safe mode. What are my other options?
gunk0065 is offline  
Sponsored Links
Advertisement
 
Old 10-12-2009, 03:56 PM   #4
Security Team
Analyst
 
Join Date: Jun 2008
Location: Midwest, U.S.A.
Posts: 988
OS: Dual Boot Setup, Vista SP2 and XPSP3



Quote:
Unfortanetly, I am not able to get on the internet, my icons and start menu are gone. Also, I am unable to start through safe mode. What are my other options?
How did you get on the internet to post here?

Open your command prompt and paste the following:
@SC CONFIG EVENTLOG START= DISABLED
...you should receive a "Success" message returned. If so, try running the combofix utility again and post back your results. Thanks!
__________________
Disabled Veteran, U.S.C.G. 1972 - 1978

Windows XP Performance and Maintenance
Windows Vista Performance and Maintenance

1972vet is offline  
Old 10-12-2009, 03:59 PM   #5
Guest
 
Join Date: Oct 2009
Posts: 9
OS:



I am using another computer. I tried using my command prompt and it is disabled, the command prompt is start + r, correct?
gunk0065 is offline  
Old 10-12-2009, 07:51 PM   #6
Security Team
Analyst
 
Join Date: Jun 2008
Location: Midwest, U.S.A.
Posts: 988
OS: Dual Boot Setup, Vista SP2 and XPSP3



Start + r should work...but it won't open a command prompt. It opens the run box and we can get there by typing CMD then clicking "OK". Post back your results. Thanks!
__________________
Disabled Veteran, U.S.C.G. 1972 - 1978

Windows XP Performance and Maintenance
Windows Vista Performance and Maintenance

1972vet is offline  
Old 10-13-2009, 05:22 AM   #7
Guest
 
Join Date: Oct 2009
Posts: 9
OS:


Exclamation

Quote:
Originally Posted by 1972vet View Post
Start + r should work...but it won't open a command prompt. It opens the run box and we can get there by typing CMD then clicking "OK". Post back your results. Thanks!

I am not sure how to do the command prompt in your previous post, however, using start +r is not working. Is there anyway to access MS Dos without using safe mode (which has been block by virus)? Is there anyway to get this virus off my computer without wiping out my system?
gunk0065 is offline  
Old 10-13-2009, 08:38 AM   #8
Security Team
Analyst
 
Join Date: Jun 2008
Location: Midwest, U.S.A.
Posts: 988
OS: Dual Boot Setup, Vista SP2 and XPSP3



Let's try a boot CD.

In the infected system, make sure the boot sequence menu is set to boot from the CD-ROM drive...then follow the instructions below. When finished with them, you will return to this non-working system with a bootable CD that will scan the system for malicious software.

Please download Avira Antivir Rescue System.

Insert a blank CD into your CD-ROM drive, double-click on the rescue system package...then click the Burn CD button. When completed, remove the CD and insert it into the non-working operating system. Reboot the computer.

When the system comes back up, you will be presented with a menu having two options. By default, the recovery program will load in a few seconds even if you do nothing...so, you can either enter option "1" or just wait a few seconds and the rescue application will load.

Once the application loads, you will see two flags in the lower left corner...the one on the left is a German flag and the one on the right is a British flag. Click the one on the right and the language will convert to English. Then click the settings button and be sure to check both boxes for "heal" and "rename" for any infected files found.

Back at the main screen, click the "Scan" button to begin the scan.

Allow the scan to complete and save the log to post back your results on your next reply. Thanks!
__________________
Disabled Veteran, U.S.C.G. 1972 - 1978

Windows XP Performance and Maintenance
Windows Vista Performance and Maintenance

1972vet is offline  
Old 10-13-2009, 11:57 AM   #9
Guest
 
Join Date: Oct 2009
Posts: 9
OS:



[QUOTE=1972vet;2388623]Let's try a boot CD.

In the infected system, make sure the boot sequence menu is set to boot from the CD-ROM drive...then follow the instructions below. When finished with them, you will return to this non-working system with a bootable CD that will scan the system for malicious software.

Please download Avira Antivir Rescue System.

I have burned the CD and changed the system boot order so the CD Rom is first, however, when it starts up it goes into safe mode menu. My computer will not open in safe mode, should I open it in windows?
gunk0065 is offline  
Old 10-13-2009, 12:12 PM   #10
Guest
 
Join Date: Oct 2009
Posts: 9
OS:


Exclamation

I opened it in windows and it worked for a minute, my taskbar and icons showed up and then I tried to run the program and the virus got a hold of it and stopped the operation. Is there another program that I can run the same way? After that, can you give me directions once windows begins? Because we are now back to square one, the icons and taskbar are missing. As well as entering in any command prompts. We are almost there.

thanks
gunk0065 is offline  
Old 10-13-2009, 07:53 PM   #11
Security Team
Analyst
 
Join Date: Jun 2008
Location: Midwest, U.S.A.
Posts: 988
OS: Dual Boot Setup, Vista SP2 and XPSP3



Download This Tool...you can save it to a removable drive if necessary. Transfer the media to your non-working PC. Unzip the file to the desktop...then open the extracted folder and find xp_emergencyutil.exe Courtesy of Doug Knox. Double click on the .exe file and check the box "Launch these utilities after creating the copies"...then click Create Copies.

Open the copy of "Task Manager"...click File-->New Task, and type eventvwr in the dialogue box then click "OK".

In the event viewer, please do the following:
Click System in the left pane....then
  • From the Menu at the top, Click Action-->Save Log File As
  • Change the Save As Type to "Text" (.txt)
  • then save the system event log as mysystem.txt
  • Save the log to your Desktop
  • Open the log and delete all the events dated prior to October 9th 2009.
  • The log that remains will be all of your system events having the dates from today back to October 9th. Paste THAT information back here on your next reply.
Thanks!
__________________
Disabled Veteran, U.S.C.G. 1972 - 1978

Windows XP Performance and Maintenance
Windows Vista Performance and Maintenance

1972vet is offline  
Old 10-14-2009, 07:26 AM   #12
Guest
 
Join Date: Oct 2009
Posts: 9
OS:



Quote:
Originally Posted by 1972vet View Post
Download This Tool...you can save it to a removable drive if necessary. Transfer the media to your non-working PC. Unzip the file to the desktop...then open the extracted folder and find xp_emergencyutil.exe Courtesy of Doug Knox. Double click on the .exe file and check the box "Launch these utilities after creating the copies"...then click Create Copies.

Open the copy of "Task Manager"...click File-->New Task, and type eventvwr in the dialogue box then click "OK".

In the event viewer, please do the following:
Click System in the left pane....then
  • From the Menu at the top, Click Action-->Save Log File As
  • Change the Save As Type to "Text" (.txt)
  • then save the system event log as mysystem.txt
  • Save the log to your Desktop
  • Open the log and delete all the events dated prior to October 9th 2009.
  • The log that remains will be all of your system events having the dates from today back to October 9th. Paste THAT information back here on your next reply.
Thanks!

I burned the file to a disc, tried to do a boot with it and nothing happened. Still do not have any icons or key commands. What are my other options? Is there another system stronger than avira?
gunk0065 is offline  
Old 10-14-2009, 07:40 AM   #13
Security Team
Analyst
 
Join Date: Jun 2008
Location: Midwest, U.S.A.
Posts: 988
OS: Dual Boot Setup, Vista SP2 and XPSP3



Did you actually read the instruction in post #11?
__________________
Disabled Veteran, U.S.C.G. 1972 - 1978

Windows XP Performance and Maintenance
Windows Vista Performance and Maintenance

1972vet is offline  
Old 10-14-2009, 07:54 AM   #14
Guest
 
Join Date: Oct 2009
Posts: 9
OS:



Quote:
Originally Posted by 1972vet View Post
Did you actually read the instruction in post #11?
I am on the internet now, but all the programs that I download will not run since they are exe files. I was able to get on the internet through an error message. I still do not have any icons. Help
gunk0065 is offline  
Old 10-14-2009, 08:03 AM   #15
Security Team
Analyst
 
Join Date: Jun 2008
Location: Midwest, U.S.A.
Posts: 988
OS: Dual Boot Setup, Vista SP2 and XPSP3



Try using a removable media if necessary to download this tool...transfer it to the non-working computer and place it on the desktop...

Please download Fixswen.inf and save it your desktop.
This is a tool that will undo certain registry changes made by some malware threats that prevent REGEDIT/BAT/COM/EXE/PIF/REG/SCR files from running.
  • If it does not download, then click on File in the top menu and choose "Save Page as..." to save the file. The tool has an .inf file extension so be careful not to change it.
  • Right-click on Fixswen.inf and click install.
  • When running the tool it will not display any notice or message...that is normal.
  • Reboot your computer.

If this was successful, please see if mbam will run now and post the resulting log on your next reply. Thanks!
__________________
Disabled Veteran, U.S.C.G. 1972 - 1978

Windows XP Performance and Maintenance
Windows Vista Performance and Maintenance

1972vet is offline  
Old 10-14-2009, 09:37 AM   #16
Guest
 
Join Date: Oct 2009
Posts: 9
OS:



Unseccessful, the virus is cleaver mother, it stopped my internet use after 5 minutes. Is there another boot cd I could download?
gunk0065 is offline  
Old 10-14-2009, 04:20 PM   #17
Security Team
Analyst
 
Join Date: Jun 2008
Location: Midwest, U.S.A.
Posts: 988
OS: Dual Boot Setup, Vista SP2 and XPSP3



Quote:
I have burned the CD and changed the system boot order so the CD Rom is first, however, when it starts up it goes into safe mode menu...
...I burned the file to a disc, tried to do a boot with it and nothing happened.

...Is there another boot cd I could download?
My firm conviction is to avoid trying the same thing twice and expecting different results. With your description of the system's response to a boot CD, you wouldn't even be able to reformat to reinstall windows.

I am nearing the end of the road...and am trying to consider how you would even reformat that thing without a proper boot sequence being recorded from the bios. Having that in mind, I will consort with my colleagues to see if they have some other suggestions. In the meantime, you might try to record a copy of your system's bios update(s) from the motherboard's manufacturer to a removable media and try to flash the bios...my thought is, in that way, you should at least be able to make the appropriate changes necessary to allow your system to boot from a CD.
__________________
Disabled Veteran, U.S.C.G. 1972 - 1978

Windows XP Performance and Maintenance
Windows Vista Performance and Maintenance

1972vet is offline  
Old 10-15-2009, 07:12 PM   #18
Security Team
Analyst
 
Join Date: Jun 2008
Location: Midwest, U.S.A.
Posts: 988
OS: Dual Boot Setup, Vista SP2 and XPSP3



Well, I've not heard a thing from anyone. Have you tried to flash your bios as suggested?

Edit added:
When you first tried to change the boot sequence order, are you certain you told the bios to save the settings when you exited?
Read more Here how to properly change the boot sequence.
__________________
Disabled Veteran, U.S.C.G. 1972 - 1978

Windows XP Performance and Maintenance
Windows Vista Performance and Maintenance

1972vet is offline  
Old 10-17-2009, 04:26 PM   #19
Security Team
Analyst
 
Join Date: Jun 2008
Location: Midwest, U.S.A.
Posts: 988
OS: Dual Boot Setup, Vista SP2 and XPSP3



Still with us gunk0065?
__________________
Disabled Veteran, U.S.C.G. 1972 - 1978

Windows XP Performance and Maintenance
Windows Vista Performance and Maintenance

1972vet is offline  
Old 10-18-2009, 04:08 PM   #20
Security Team
Analyst
 
Join Date: Jun 2008
Location: Midwest, U.S.A.
Posts: 988
OS: Dual Boot Setup, Vista SP2 and XPSP3



gunk0065, if you're still with us, try burning a Hiren's Boot CD...it's not the same as the others we've tried, so we should be able to expect some positive result. If you find this Boot CD works for you, I should warn you while you are able to boot the system using it, please DO NOT do anything while booted up with this CD unless you are directed. If you are successful, just post back to let us know that it has booted up for you and we can perform some diagnostics from there. Thanks!
__________________
Disabled Veteran, U.S.C.G. 1972 - 1978

Windows XP Performance and Maintenance
Windows Vista Performance and Maintenance

1972vet is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:09 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts