Latest Replies


Latest Threads

Dismiss Notice

Need Malware Removal Help?

We offer free malware removal assistance to our members. Sign Up now, and get free malware removal support.

afp virus removal method 4

Discussion in 'Malware Removal Assistance' started by thebrainthatwouldnotdie, Feb 17, 2013.

  1. thebrainthatwouldnotdie

    Feb 17, 2013
    Likes Received:
    OK, this post for those with the AFP virus where method 1 2 or 3 (as described by by Stelian Pilici in his great post titled "Remove Australian Federal Police virus (Ukash Scam)") did not work.

    -you can't boot into safe mode with command prompt
    -you cant boot into safe mode with networking
    -the kickstart usb method does not work

    Method 4
    Restart the computer, and start the 'Recovery Consol'. For me this is availble by pressing f12 during start up, and also by pressing f8 there is also a link to the options menu that lists recovery consol

    If you cannot access recovery consol from there, insert the windows disk into the CD and select the 'repair windows using recovery consol' option at the first options screen.

    After selecting the recovery consol, you are asked to select the install to log into, and then you should get a command prompt.

    Now you can manually restore the registry to an earlier point in time. For the instructions go here: and select "Manually Restore Registry via a Restore Point
    Follow those instructions exactly.

    You might be able to reboot into your OS now, I could not and had to take a second step using rsturi.exe to complete the process. To do this:

    Reboot your machine and press F8 then select "SafeMode with command prompt" This time your system will (hopefully) reboot and give you the command prompt with the safe mode OS running in the background.

    Now follow the balance of Stelian Pilici instructions from "Method 2: Restore Windows to a previous state using System Restore"

    OK, I hope this gets you out of the muck. Good luck!
  2. kuttus

    kuttus Level 2

    Oct 5, 2012
    Likes Received:
    Hi and welcome to the forums!

    I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
    • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine!
    • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Refrain from running self fixes as this will hinder the malware removal process.
    • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
    Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

    Before we start:
    Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.
    <hr />
    STEP 1: Run a scan with OTL by OldTimer
    <ol><li>Download the OTL utility using the below link :
    <><a title="External link" href="" rel="nofollow external">OTL DOWNLOAD LINK</a> <em>(This link will automatically download OTL on your computer)</em></></li>
    <li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    <img src="" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
    <li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
    <li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
    <li>Click the<> Run Scan</> button.
    <img src="" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
    <li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
    <>Please post this 2 logs in your first reply.</>.</li></ol>

    Settings You need to Select in OTL
    1. Click the [b]Scan All Users[/b] checkbox.
    2. Change [b]Standard Registry[/b] to [b]All[/b].
    3. Check the boxes beside [b]LOP Check[/b] and [b]Purity Check.[/b]

    <em>Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="" rel="nofollow external"></a>.</em>

    <hr />
    #2 kuttus, Feb 17, 2013
    Last edited by a moderator: Mar 13, 2014
Other threads that you may like Forum Date
webupdater virus removal Malware Removal Assistance Sep 22, 2016
Cmd opening/closing (after removal of youndoo virus) Malware Removal Assistance Jul 31, 2016
Video Review Avira Free Antivirus Removal Test Video Reviews Jun 13, 2016