DOJ Malware - Brown328

[Brown328]

I am locked out with the DOJ Malware. I followed the 4 steps and none of them worked. THe last thing i tried was the Hitman pro kickstart through the USB port and it ran right up until the DOJ screen came up again, however the HITman Pro window never opened.
Any suggestions would be appreciated.
Thanks

 

[Fiery]

Hi and welcome to MalwareTips!

Please print these instruction out so that you know what you are doing

• Download OTLPE to your desktop
• Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• Wait for the CD to detect your hardware and load the operating system
• Your system should now display a Reatogo desktop
  Note : as you are running from CD it is not exactly speedy
  While in OTLPE, double click the OTLPE icon.
  
  • Select the Windows folder of the infected drive if it asks for a location.
  • When asked Do you wish to load the remote registry, select Yes.
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes.
  • Ensure the box Automatically Load All Remaining Users is checked and press OK.
  • OTL should now start
  • Check the boxes beside LOP Check and Purity Check
  • Press the Run Scan button
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to a USB drive if you do not have internet connection on the system.
  • Please attach the content of OTL.txt in your next reply.

 

[Brown328]

I will do this tonight! Thanks for the help!

 

[Brown328]

Ok I downloaded the OTLPE and then burned the cd. I took that CD to the infected computer and selected to boot from the CD ROM and it said device not available. I looked in the setup menu and it showed the CD ROM was available.

Now just to be clear i cannot get into the infected computer so i burned the CD on a good computer and then ran it from the infected computer. I think that was corrrect!

 

[Fiery]

Now just to be clear i cannot get into the infected computer so i burned the CD on a good computer and then ran it from the infected computer. I think that was corrrect!

Yes that is correct.

Do you mean you can not change the BIOS setting to CD ROM or when you boot, it saids device not available? Anyways, that means we have to use another method to run OTLPE. This one is more complicated.

IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

1. 
   
   • Download OTLPE.iso from one of the following links and save it to your Desktop mirror1 or mirror2
   • Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
   • Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
2. Once you have 7-zip install, decompress OTLPE.iso by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop
   
   
   
   
   
   
3. Please also decompress eeepcfr to your systemroot (usually C:\).
4. Empty the flash drive you want to install OTLPE on.
5. Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
6. Press any key when asked to in the black window that opens.
7. As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
   For Drive Label: type in OTLPE.
   Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
   Finally check Enable File Copy.
   
8. Click on Start, accept the disclaimers and wait for the program to finish.

• Reboot your system using the bootable flash drive you just created.
• Note : If you do not know how to set your computer to boot from Flash drive follow the steps here
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location.
• Ensure the box "Automatically Load All Remaining Users" is checked
• and press OK
• OTL should now start.
• Select the Windows folder of the infected drive if it asks for a location.
• When asked Do you wish to load the remote registry, select Yes.
• When asked Do you wish to load remote user profile(s) for scanning, select Yes.
• Ensure the box Automatically Load All Remaining Users is checked and press OK.
• OTL should now start
• Check the boxes beside LOP Check and Purity Check
• Press the Run Scan button
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to a USB drive if you do not have internet connection on the system.
• Please attach the content of OTL.txt in your next reply.

 

[Brown328]

i'm sorry but neither of the links mirror1 or mirror2 are working to download OTLPE.ISO. I was able to download eeepcfr.zip and the 7-zip.

is there another site i can try?

thanks

 

[Fiery]

Sorry about that, try this one

http://oldtimer.geekstogo.com/OTLPEStd.exe

 

[Brown328]

i'm sorry but i'm having some issues. After going to eeepcfr and double clicking on usb_prep8.cmd i get to the screen where i'm supposed to select the USB port but it says No USB Disk Found, however i just was able to read the flash drive in the usb port. i tried another port and i get the same message.

 

[Fiery]

Ok.. that doesn't seem to work..

Let see if this rescue disk will help. Follow the instructions here:

http://malwaretips.com/Announcement-Computer-won-t-boot-up-Hard-to-remove-malware-Learn-how-to-create-and-use-a-Kaspersky-Rescue-Disk