Police Pro at it again!

Thanks! its a start! isnt there ANY way to complain to SOME ENTITY about this kind of practice???

jc

If you are still having trouble, navigate to your C:\Program Files\MamwareBytes Folder.

Then, Rename mbam.exe to zappa.com
See if it will run.
If so, please have it remove all that it finds and post the log for us.

If it does not run, you can try the following, but it is strictly a "Run At Your Own Risk!" proposition:

* Download KILLBAD.zip and EXTRACT the KILLBAD folder to your C:\ Drive
* Use START > RUN >Command.com to get a command prompt

* TYPE C:\KILLBAD\KILLBAD.bat ENTER

* If the tool is able to run, a log should eventually pop up in notepad.
Please post that for us.

Then, try running MBA-M again.

Best Luck :)
PP

New linky for KILLBAD.zip

KILLBAD.zip

You might be able to run it by navigating to C:\KILLBAD\KILLBAD.bat and DoubleClicking the .bat file - that ought to work.

PP :)

See if you are able to get this to run.

Looks like there are some serious rootkit components to this and our best bet would be to get combofix to run. Generally, when I see baddies such as this, I advise a reformat because of the nature of the rootkit beast.

If you'd like to continue, please do the following:

Please Download Win32kDiag and save it to your Desktop.

• http://ad13.geekstogo.com/Win32kDiag.exe
• http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe

-- DoubleClick on Win32kDiag.exe to run it. Let it run for as long as it needs to.
-- When it says Finished – Press any key to exit, do that to exit the program.
-- You should now have a Win32kDiag.txt on your Desktop. Please post the entire log for me and we’ll go from there.

I will check back as soon as time permits.

Cheers :)
PP

Thanks for ALL your help and advice! Gonna work on this FRIDAY and will let you know what happens!

jc

Thanks for ALL your help and advice! Gonna work on this FRIDAY and will let you know what happens!

OK :)

All you need to do at this point is get me that Win32kDiag log and we'll go from there.

PP:)

UPDATE: We were able to change the name of the Malware file and it ran for about an hour, 85,000+ files then crapped out.

We have removed the two hard drives from the computer and have tried installing them in another computer to see if we can "rescue" the data files. . . but it seems like the f**king virus might have done some hardware damage as well.

Any thoughts? At this point we just need to recover lots of data files before we re-format

THANKS! so much for your help!

At this point we just need to recover lots of data files before we re-format

At this point, without seeing exactly what is infecting you, It is difficult to comment with any accuracy - It sounds like you might have more than one infection.

Also, due to the rootkits involved with the infection you noted, putting those hard drives in another computer for data recovery is a bad idea - you could end up with another compromised machine.

-- Can you get me a HijackThis log?
-- Try running MBA-M in Safe Mode and see if it completes
-- If not, run it until it has found a bunch of baddies - abort the scan manually and then see if you are able to have it clean what it has found and run it again.

-- When MBA-M craps out, what file is it "hanging" on?

PP:)

Finally: a breakthru: My computer guy was able to "partition" off parts of the hard drive and isolate the OS. (Can you tell i have NO idea what Im talking about?) He then was able to re-load the OS and we seem to have solved the problem.

To all of you: THANKS! There MUST be a way to stop or prosecute these individuals that perpetrate this kind of destruction.

THANKS again!

THANKS again!

You are welcome! Glad you got it sorted out!

I would suggest that you tell your computer guy that there very likely was a Rootkit(s) on the machine.

Cheers :)
PP

THANKS

Thanks will tell him!