Solved DOJ ransomware(need help)

[satmandew]

The only access to my computer is from safe mode command prompt. i'm not sure how long before virus takes over it to...any help needed, please

 

[argus]

Which Windows XP, Win7 ...

 

[satmandew]

vista home premium

 

[argus]

Please download Farbar Recovery Scan Tool x86 and save it to a flash drive.

• Plug the flashdrive into the infected PC.
• Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
• Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
• In the Choose Recovery Tool menu select Command Prompt.
• You will see a big black window with a blinking cursor (command prompt).
  
  
  
  
  
  Access the notepad and identify your USB drive
  
  In the Command Prompt please type in:
  

  notepad

  and press Enter.
• When the notepad opens, go to File menu.
• Select Open.
• Go to Computer and search there for your USB drive letter.
• Note down the letter and close the notepad.
  
  
  
  
  
  Scan with Farbar Recovery Scan Tool
  
  Once back in the command prompt window, please do the following:
• Type in e:\frst.exe and press Enter.
  You need to replace e with the letter of your USB drive taken from notepad!
• FRST will start to run. Give him a minute or so to load itself.
• Click Yes to Disclaimer.
• In the main console, please click Scan and wait.
• When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.
  
  Transfer it to your clean machine and include it in your next reply.

 

[satmandew]

i downloaded farbar to flash, but Advanced Menu does not have repair computer option.

 

[argus]

Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
  
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• Wait for the CD to detect your hardware and load the operating system
• Your system should now display a Reatogo desktop
  Note : as you are running from CD it is not exactly speedy
• Insert the USB with FRST
• Locate the flash drive with FRST and double click
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[satmandew]

i had a windows live cd and used it . the farbar scan is running now.

 

[satmandew]

results of farbar scan

 

[argus]

Now I need one more search.

FRST search

Once again we shall use FRST for additional checks. Re-run FRST/FRST64:

• Copy User32.dll into the Search: field in FRST then click the Search Files button.
• FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
• Please attach it to your reply.

 

[satmandew]

hope this is right.

 

[argus]

Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>> Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your USB flashdrive.

>> Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally..

 

[satmandew]

here is log. windows would not boot. i am trying startup repair with disk

 

[argus]

We will continue tomorrow, now is 24.00

 

[satmandew]

startup repair worked. got to desktop. what software do you recommend to remove the rest of virus? are there any programs i shouldn't open yet?

 

[satmandew]

When you read this tomorrow, I what you to know how much i appreciate your help. Thank you. I hope someone is there for you in your hour of need.

 

[argus]

Scan with Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.

• Install the progam and select update.
• Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
• Click the Scan tab, choose Threat Scan is checked and click Scan Now.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

 

[satmandew]

With help from this site (Argus), I was able to access my computer to remove the virus and make the necessary repairs for the machine to rise again to be a factor on the human condition...Thank you all...I consider this matter solved.