Thanks Thanks:  5
Likes Likes:  0
Results 1 to 4 of 4
  1. #1
    Member
    Join Date
    Sep 2012
    Posts
    7
    Post Thanks
    Chats
    0
    Rep Power
    0

    Virus Removal Advice

    I have some quick advice that I learnt from getting one of those nasty virus that displays a full screen image saying your computer has been locked by the Met police etc. I have a non administrator account that has its access to applications restricted apart from a virus scan. Because Windows only allows this virus software (AVG in my case) to run it won't let the virus run and I was able to remove the virus using AVG no problem. Hope that helps everyone.

  2. Thanks plasterer thanked for this post
  3. #2
    Member
    Join Date
    Oct 2012
    Posts
    8
    Post Thanks
    Chats
    0
    Rep Power
    0

    Re: Virus Removal Advice

    My mate had that a few weeks ago & it took his activation away for windows xp. It was made doubly difficult by that & safe mode or nothing worked even with cmd, it would not even let him run malwarebytes & he had to reformat.

  4. #3
    DarkHours Moderator dx100-uk's Avatar
    Join Date
    Jul 2006
    Location
    hiding....
    Age
    64
    Posts
    2,423
    Post Thanks
    Chats
    0
    Rep Power
    28

    Re: Virus Removal Advice

    combofix in safe mode with network
    connect via ether net cable

    then remove avg and all folders and files of avg

    look for AVG$ files / folders too

    then delete all saved restores

    if he upgraded from avg8 or 7'5

    thatawhere it got passed avg

    7'5 & 8 were compromised and this virus get into the new avg via the avg$ files cache

    use mse its free!

    dx
    its nice here....

  5. Thanks DessertDog, thelostone, dazdcfc, Thomas Leone thanked for this post
  6. #4
    Member
    Join Date
    Nov 2012
    Posts
    11
    Post Thanks
    Chats
    0
    Rep Power
    0

    Re: Virus Removal Advice

    I got the police virus last week and followed this tutorial and it seemed to work and removed everything and allowed me to get my computer back, hope it helps someone else.

    Step 1:

    Reboot,tap F8 when windows starts loading, select Safe Mode.
    Step 2:
    goto%userprofile%\appdata\local\temp
    removerool0_pk.exe
    remove V.class

    the viruscan have names other than "rool0_pk.exe" but it should look like itdoesn't belong and should have a create date/time the same as a .class file...if you sort by file mod/create time you'll find it.
    Step 3:
    goto%appdata%\microsoft\windows\start menu\programs\startup
    remove ctfmon (ctfmon.lnk)

    this iswhat's calling the virus on startup - some variants use the registry to launchthe virus but I found the launcher in my startup folder and my registry wasclean. If they've changed things and the file name isn't ctfmon.lnk just lookfor a file in startup with the same create date/time as the exe and class filesyou killed in step 2.
    you mayhave to crack open the registry too in order to supress some funky startuperrors (I didn't have to) but removing the exe file will cure things andremoving the class file that, from what I could tell when I decompiled, uses ajava vulnerability to install the virus, is just for good measure.
    If you endup having to get into the registry just go to HKLM\Software\Microsoft\Windows\CurrentVersion\Run and make sure there's nothing in there invoking that exe you killed via rundll.
    Last edited by Iceland; 12-11-2012 at 04:46 PM.

Similar Threads

  1. Win 7 removal?
    By shauny33 in forum Windows 7 section
    Replies: 8
    Last Post: 05-12-2013, 12:37 AM
  2. Pace Network Pin Removal
    By Stuzza in forum General Cable T.V
    Replies: 2
    Last Post: 28-03-2009, 02:12 PM
  3. Vista removal
    By ste_lev in forum Vista
    Replies: 8
    Last Post: 03-12-2007, 09:08 PM
  4. modem removal
    By ando in forum Cable Dbox2
    Replies: 12
    Last Post: 30-04-2007, 02:41 PM
  5. removal of sagem board
    By titch12 in forum Cable Dbox2
    Replies: 4
    Last Post: 04-09-2006, 11:50 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •