0

Long story short, i somehow managed to get the windows police pro virus, probably from visiting some website(I haven't downloaded anything recently)

Here is where it gets problematic: I can only run internet explorer, can't run command prompt, (I can run command.com out of the run menu though), I cant boot into safemode(of any kind, networking, command prompt, etc), I cant start msconfig, nor can i run MBAM or spyware doctor.

Also, After reading a similar thread, I can't find windowspolicepro.exe in my process list. I did however find svchasts.exe and ended it.

I can't find a solution and it seems I'm screwed at the moment, anyone know how I should proceed or can help?

I was reading another thread and someone suggested doing a bunch of commands for a task list

Here it is


Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 0 16 K
System 4 0 780 K
csrss.exe 696 0 4,104 K
winlogon.exe 720 0 1,540 K
services.exe 764 0 4,676 K
lsass.exe 776 0 2,484 K
svchost.exe 964 0 9,180 K
svchost.exe 1052 0 4,752 K
svchost.exe 1160 0 19,024 K
svchost.exe 1200 0 4,172 K
svchost.exe 1340 0 3,924 K
spoolsv.exe 1528 0 5,128 K
explorer.exe 1804 0 12,596 K
ctfmon.exe 1824 0 5,300 K
svchost.exe 300 0 4,288 K
mbamservice.exe 396 0 3,520 K
svchost.exe 432 0 5,000 K
ZuneBusEnum.exe 948 0 5,080 K
svchost.exe 492 0 35,416 K
alg.exe 480 0 5,000 K
iexplore.exe 668 0 65,308 K
svchost.exe 2148 0 4,264 K
svchost.exe 2244 0 6,528 K
firefox.exe 2544 0 41,072 K
rundll32.exe 1396 0 4,036 K
ntvdm.exe 1012 0 4,684 K
cmd.exe 2468 0 4,148 K
tasklist.exe 2664 0 5,660 K
wmiprvse.exe 2620 0 7,228 K

4
Contributors
44
Replies
45
Views
8 Years
Discussion Span
Last Post by PhilliePhan
Featured Replies
  • [QUOTE=Atecks;963489] F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav F2 - REG:system.ini: UserInit=C:\WINDOWS.0\system32\userinit.exe,C:\WINDOWS.0\system32\sdra64.exe, [/QUOTE] So sorry to be the bearer of bad news, but you have a nasty backdoor trojan with rootkit components. This thing is far worse than Windows Police Pro - If you do any sort of online banking, … Read More

0

Hi, what is it we are dealing with here... Desktop or notebook!!

Dell XPS 400 desktop PC running windows XP with some slight mods(another vid card and 2gb ram)

0

Because after checking in all these stuff what i can suggest is.. you have to Restore the computer back to the factory default settings...

0

Because after checking in all these stuff what i can suggest is.. you have to Restore the computer back to the factory default settings...

Is this like reformating where it deletes all the files, or is it a settings change, and how do I go about doing it?

0

Is this like reformating where it deletes all the files, or is it a settings change, and how do I go about doing it?

That is the "Last Resort," and certainly not called for at this time.
You will lose any data that is not backed up......

-- Are you able to access System Restore?

PP :)

0

Sorry to say that but yes, it will reformate everything & the destop will be like a brand new one...

The process is:

Restart your computer. As its restarting hold down CTRL + F11 (before the XP screen). Your computer will make a lot of beeping sounds and a new screen will pop up. Just follow directions and youre computer will be as good as new (literally, with all the bloatware and stuff).

0

As noted by PhilliePhan, a reformat is absolutely not required at this time. If , after cleaning up you still have a problem, then maybe.

0

That is the "Last Resort," and certainly not called for at this time.
You will lose any data that is not backed up......

-- Are you able to access System Restore?

PP :)

Nope, a command prompt window pops up and closes in under 2 seconds. Probably blocked by this stupid virus

I'm hoping I don't have to delete all my stuff, I have a truckload of music/games that I never backed up

0

But i've seen these kind of issue before & there the system restore doesn't work... that's why gave the option for system reformate...

0

But i've seen these kind of issue before & there the system restore doesn't work... that's why gave the option for system reformate...

Let us try a few options before resorting to this.

BTW - did you ask the poster if they have a copy of Windows or a recovery partition?

0

-- Open a command prompt with command.com

Type %systemroot%\system32\restore\rstrui.exe ENTER

What happens?

System Restore pops up. Should I restore my computer to an earlier time?

0

System Restore pops up. Should I restore my computer to an earlier time?

YES - Preferably to a point long before your issues started.

Then, see if you can Update and Run MBA-M. Have it remove what it finds and post back here with the scanlog.

-- Let us know if you run into problems.

PP :)

0

YES - Preferably to a point long before your issues started.

Then, see if you can Update and Run MBA-M. Have it remove what it finds and post back here with the scanlog.

-- Let us know if you run into problems.

PP :)

No bolded days on the calendar, and no restore points available:(

I also have no windows CD on hand, one of my friends has it. Recovery partition as in another HD? Don't have it

0

No bolded days on the calendar, and no restore points available:(

I also have no windows CD on hand, one of my friends has it. Recovery partition as in another HD? Don't have it

I was afraid of that....

You have MBA-M installed, right? Do you know how to run it via command prompt?

0

I was afraid of that....

You have MBA-M installed, right? Do you know how to run it via command prompt?

malware bytes anti malware? Yes, and no I don't know how to run it in command prompt

0

So what happened!! Did the system restore worked!!

Sadly, no, I'm looking around on how to run MB using the command.com prompt

0

malware bytes anti malware? Yes, and no I don't know how to run it in command prompt

Is it installed in Program Files (it should be)?

Is your system drive C:\ or different?

0

Is it installed in Program Files (it should be)?

Is your system drive C:\ or different?

Yes, its in program files and my system drive is C:\

0

Yes, its in program files and my system drive is C:\

Using your command prompt:

Type C:\PROGRA~1\MALWAR~1\mbam.exe ENTER

See if that works.

0

Using your command prompt:

Type C:\PROGRA~1\MALWAR~1\mbam.exe ENTER

See if that works.

Wow, it worked, and I hit quick scan, and already found 7 infected objects. Hoping it works:)

0

Wow, it worked, and I hit quick scan, and already found 7 infected objects. Hoping it works:)

Great! Good job :)

Make sure to have MBA-M remove all it finds and post the log - you may be instructed to run it again if the defs are not up to date. Plus, you'll want to do a "Full Scan" next time.

If I am not around, I'm sure another volunteer will be happy to assist you further.

Best Luck :)
PP

0

Great! Good job :)

Make sure to have MBA-M remove all it finds and post the log - you may be instructed to run it again if the defs are not up to date. Plus, you'll want to do a "Full Scan" next time.

If I am not around, I'm sure another volunteer will be happy to assist you further.

Best Luck :)
PP

Well, I tried scanning 3 times, every time it gets about 3 minutes in, i get blue screened, and computer restarts. It blue screens/restarts in under a second, so I couldn't see what the blue screen said

I also have spyware doctor, maybe it can scan/clean up?

0

I also have spyware doctor, maybe it can scan/clean up?

You could try that - do you know the executable for SD? Bearing in mind that this is command.com.

-- Can you get me the log(s) from the aborted MBA-M runs?

0

You could try that - do you know the executable for SD? Bearing in mind that this is command.com.

-- Can you get me the log(s) from the aborted MBA-M runs?

i dont know the command for SD, nor do I know how to access aborted MBA-M logs. The logs i see right now don't have any of the recent ones, just past scans from weeks ago

0

i dont know the command for SD, nor do I know how to access aborted MBA-M logs. The logs i see right now don't have any of the recent ones, just past scans from weeks ago

Ok.
Let's try Spyware Doctor.

Command prompt
Type C:\C:\PROGRA~1\DIR /x ENTER

Find the Spyware Doctor entry. Will probably look like SPYWAR~1 or similar.

Then, Type C:\PROGRA~1\XXXXXX~1\DIR /x ENTER and find what the executable is and let me know - XXXXXX~1 is whatever you found previously.

0

Ok.
Let's try Spyware Doctor.

Command prompt
Type C:\C:\PROGRA~1\DIR /x ENTER

Find the Spyware Doctor entry. Will probably look like SPYWAR~1 or similar.

Then, Type C:\PROGRA~1\XXXXXX~1\DIR /x ENTER and find what the executable is and let me know - XXXXXX~1 is whatever you found previously.

Do I type In C:\C:\ or is one of those just a mistake? Also, how can I find the spyware doc entry?

0

Do I type In C:\C:\ or is one of those just a mistake? Also, how can I find the spyware doc entry?

Sorry! TYPO!

Do this:
Command Prompt

TYPE DIR /x "C:\PROGRA~1" >> C:\LOGIT.txt ENTER

Navigate to C:\LOGIT.txt and post that for me.


Also Go into Program Files and the MalwareBytes folder and rename mbam.exe to zappa.exe. I don't think we tried that.....
DoubleClick it and see if it runs.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.