Long story short, i somehow managed to get the windows police pro virus, probably from visiting some website(I haven't downloaded anything recently)

Here is where it gets problematic: I can only run internet explorer, can't run command prompt, (I can run command.com out of the run menu though), I cant boot into safemode(of any kind, networking, command prompt, etc), I cant start msconfig, nor can i run MBAM or spyware doctor.

Also, After reading a similar thread, I can't find windowspolicepro.exe in my process list. I did however find svchasts.exe and ended it.

I can't find a solution and it seems I'm screwed at the moment, anyone know how I should proceed or can help?

I was reading another thread and someone suggested doing a bunch of commands for a task list

Here it is


Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 0 16 K
System 4 0 780 K
csrss.exe 696 0 4,104 K
winlogon.exe 720 0 1,540 K
services.exe 764 0 4,676 K
lsass.exe 776 0 2,484 K
svchost.exe 964 0 9,180 K
svchost.exe 1052 0 4,752 K
svchost.exe 1160 0 19,024 K
svchost.exe 1200 0 4,172 K
svchost.exe 1340 0 3,924 K
spoolsv.exe 1528 0 5,128 K
explorer.exe 1804 0 12,596 K
ctfmon.exe 1824 0 5,300 K
svchost.exe 300 0 4,288 K
mbamservice.exe 396 0 3,520 K
svchost.exe 432 0 5,000 K
ZuneBusEnum.exe 948 0 5,080 K
svchost.exe 492 0 35,416 K
alg.exe 480 0 5,000 K
iexplore.exe 668 0 65,308 K
svchost.exe 2148 0 4,264 K
svchost.exe 2244 0 6,528 K
firefox.exe 2544 0 41,072 K
rundll32.exe 1396 0 4,036 K
ntvdm.exe 1012 0 4,684 K
cmd.exe 2468 0 4,148 K
tasklist.exe 2664 0 5,660 K
wmiprvse.exe 2620 0 7,228 K

Recommended Answers

Hi, what is it we are dealing with here... Desktop or notebook!!

Jump to Post

Because after checking in all these stuff what i can suggest is.. you have to Restore the computer back to the factory default settings...

Jump to Post

Is this like reformating where it deletes all the files, or is it a settings change, and how do I go about doing it?

That is the "Last Resort," and certainly not called for at this time.
You will lose any data that is not backed up......

-- Are …

Jump to Post

Sorry to say that but yes, it will reformate everything & the destop will be like a brand new one...

The process is:

Restart your computer. As its restarting hold down CTRL + F11 (before the XP screen). Your computer will make a lot of beeping sounds and …

Jump to Post

F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
F2 - REG:system.ini: UserInit=C:\WINDOWS.0\system32\userinit.exe,C:\WINDOWS.0\system32\sdra64.exe,

So sorry to be the bearer of bad news, but you have a nasty backdoor trojan with rootkit components.
This thing is far worse than Windows Police Pro - If you do any sort of online banking, there is …

Jump to Post

All 44 Replies

Hi, what is it we are dealing with here... Desktop or notebook!!

Hi, what is it we are dealing with here... Desktop or notebook!!

Dell XPS 400 desktop PC running windows XP with some slight mods(another vid card and 2gb ram)

Because after checking in all these stuff what i can suggest is.. you have to Restore the computer back to the factory default settings...

Because after checking in all these stuff what i can suggest is.. you have to Restore the computer back to the factory default settings...

Is this like reformating where it deletes all the files, or is it a settings change, and how do I go about doing it?

Is this like reformating where it deletes all the files, or is it a settings change, and how do I go about doing it?

That is the "Last Resort," and certainly not called for at this time.
You will lose any data that is not backed up......

-- Are you able to access System Restore?

PP :)

Sorry to say that but yes, it will reformate everything & the destop will be like a brand new one...

The process is:

Restart your computer. As its restarting hold down CTRL + F11 (before the XP screen). Your computer will make a lot of beeping sounds and a new screen will pop up. Just follow directions and youre computer will be as good as new (literally, with all the bloatware and stuff).

As noted by PhilliePhan, a reformat is absolutely not required at this time. If , after cleaning up you still have a problem, then maybe.

That is the "Last Resort," and certainly not called for at this time.
You will lose any data that is not backed up......

-- Are you able to access System Restore?

PP :)

Nope, a command prompt window pops up and closes in under 2 seconds. Probably blocked by this stupid virus

I'm hoping I don't have to delete all my stuff, I have a truckload of music/games that I never backed up

-- Open a command prompt with command.com

Type %systemroot%\system32\restore\rstrui.exe ENTER

What happens?

But i've seen these kind of issue before & there the system restore doesn't work... that's why gave the option for system reformate...

But i've seen these kind of issue before & there the system restore doesn't work... that's why gave the option for system reformate...

Let us try a few options before resorting to this.

BTW - did you ask the poster if they have a copy of Windows or a recovery partition?

-- Open a command prompt with command.com

Type %systemroot%\system32\restore\rstrui.exe ENTER

What happens?

System Restore pops up. Should I restore my computer to an earlier time?

System Restore pops up. Should I restore my computer to an earlier time?

YES - Preferably to a point long before your issues started.

Then, see if you can Update and Run MBA-M. Have it remove what it finds and post back here with the scanlog.

-- Let us know if you run into problems.

PP :)

YES - Preferably to a point long before your issues started.

Then, see if you can Update and Run MBA-M. Have it remove what it finds and post back here with the scanlog.

-- Let us know if you run into problems.

PP :)

No bolded days on the calendar, and no restore points available:(

I also have no windows CD on hand, one of my friends has it. Recovery partition as in another HD? Don't have it

No bolded days on the calendar, and no restore points available:(

I also have no windows CD on hand, one of my friends has it. Recovery partition as in another HD? Don't have it

I was afraid of that....

You have MBA-M installed, right? Do you know how to run it via command prompt?

I was afraid of that....

You have MBA-M installed, right? Do you know how to run it via command prompt?

malware bytes anti malware? Yes, and no I don't know how to run it in command prompt

So what happened!! Did the system restore worked!!

So what happened!! Did the system restore worked!!

Sadly, no, I'm looking around on how to run MB using the command.com prompt

malware bytes anti malware? Yes, and no I don't know how to run it in command prompt

Is it installed in Program Files (it should be)?

Is your system drive C:\ or different?

Is it installed in Program Files (it should be)?

Is your system drive C:\ or different?

Yes, its in program files and my system drive is C:\

Yes, its in program files and my system drive is C:\

Using your command prompt:

Type C:\PROGRA~1\MALWAR~1\mbam.exe ENTER

See if that works.

Using your command prompt:

Type C:\PROGRA~1\MALWAR~1\mbam.exe ENTER

See if that works.

Wow, it worked, and I hit quick scan, and already found 7 infected objects. Hoping it works:)

Wow, it worked, and I hit quick scan, and already found 7 infected objects. Hoping it works:)

Great! Good job :)

Make sure to have MBA-M remove all it finds and post the log - you may be instructed to run it again if the defs are not up to date. Plus, you'll want to do a "Full Scan" next time.

If I am not around, I'm sure another volunteer will be happy to assist you further.

Best Luck :)
PP

Great! Good job :)

Make sure to have MBA-M remove all it finds and post the log - you may be instructed to run it again if the defs are not up to date. Plus, you'll want to do a "Full Scan" next time.

If I am not around, I'm sure another volunteer will be happy to assist you further.

Best Luck :)
PP

Well, I tried scanning 3 times, every time it gets about 3 minutes in, i get blue screened, and computer restarts. It blue screens/restarts in under a second, so I couldn't see what the blue screen said

I also have spyware doctor, maybe it can scan/clean up?

I also have spyware doctor, maybe it can scan/clean up?

You could try that - do you know the executable for SD? Bearing in mind that this is command.com.

-- Can you get me the log(s) from the aborted MBA-M runs?

You could try that - do you know the executable for SD? Bearing in mind that this is command.com.

-- Can you get me the log(s) from the aborted MBA-M runs?

i dont know the command for SD, nor do I know how to access aborted MBA-M logs. The logs i see right now don't have any of the recent ones, just past scans from weeks ago

i dont know the command for SD, nor do I know how to access aborted MBA-M logs. The logs i see right now don't have any of the recent ones, just past scans from weeks ago

Ok.
Let's try Spyware Doctor.

Command prompt
Type C:\C:\PROGRA~1\DIR /x ENTER

Find the Spyware Doctor entry. Will probably look like SPYWAR~1 or similar.

Then, Type C:\PROGRA~1\XXXXXX~1\DIR /x ENTER and find what the executable is and let me know - XXXXXX~1 is whatever you found previously.

Ok.
Let's try Spyware Doctor.

Command prompt
Type C:\C:\PROGRA~1\DIR /x ENTER

Find the Spyware Doctor entry. Will probably look like SPYWAR~1 or similar.

Then, Type C:\PROGRA~1\XXXXXX~1\DIR /x ENTER and find what the executable is and let me know - XXXXXX~1 is whatever you found previously.

Do I type In C:\C:\ or is one of those just a mistake? Also, how can I find the spyware doc entry?

Do I type In C:\C:\ or is one of those just a mistake? Also, how can I find the spyware doc entry?

Sorry! TYPO!

Do this:
Command Prompt

TYPE DIR /x "C:\PROGRA~1" >> C:\LOGIT.txt ENTER

Navigate to C:\LOGIT.txt and post that for me.


Also Go into Program Files and the MalwareBytes folder and rename mbam.exe to zappa.exe. I don't think we tried that.....
DoubleClick it and see if it runs.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.19 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.