I have Windows XP Service Pack 3 and IE8. After encountering the ransomware ICE, I tried Kaspersky Disk 10
but still have the infection. Any ideas for my next step?
but still have the infection. Any ideas for my next step?
ICE Cyber Crimes Virus
- Thread starter rbrown
- Start date
- Mar 8, 2013
- 22,627
Please print these instruction out so that you know what you are doing
- Download OTLPENet.exe to your desktop
- Download Farbar Recovery Scan Tool and save it to a flash drive.
- Ensure that you have a blank CD in the drive
- Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
- Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here - Wait for the CD to detect your hardware and load the operating system
- Your system should now display a Reatogo desktop
Note : as you are running from CD it is not exactly speedy - Insert the USB with FRST
- Locate the flash drive with FRST and double click
- The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
On your clean PC, download attached file and save it onto your flash drive.
Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.
Attempt to boot normally.
Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.
Attempt to boot normally.
- Mar 8, 2013
- 22,627
We're not yet finished, follow this topic and attach requested reports so we can see that everything is fine...
http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
- Mar 8, 2013
- 22,627
1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guidehttp://www.bleepingcomputer.com/combofix/how-to-use-combofix carefully.
Note: ComboFix must be downloaded to your Desktop.
--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program.
If you are unsure how to do this please read http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.htmlthis or this Instruction.
Note: Do not forget to turn on this option after the cleaning.
--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.
--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
If you are unsure how ComboFix works please read this guidehttp://www.bleepingcomputer.com/combofix/how-to-use-combofix carefully.
Note: ComboFix must be downloaded to your Desktop.
--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program.
If you are unsure how to do this please read http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.htmlthis or this Instruction.
Note: Do not forget to turn on this option after the cleaning.
--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.
--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
- Mar 8, 2013
- 22,627
Open notepad and copy/paste the text present inside the code box below:
Save this as CFScript.txt
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
Code:
File::
c:\documents and settings\All Users\Application Data\ezjmqjgr.reg
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"FirewallOverride"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"=-
"50000:UDP"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableVirtualization"=-
"DisableRegedit"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=-
ClearJavaCache::Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
Am I supposed to include from File:: up to ClearJavaCache:: in the file CFScript.txt ?
I did this and drug the file to the ComboFix.exe item in the window.
I did this through my email window. Should it be done from your website instead?
It did not initialize ComboFix.
I did this and drug the file to the ComboFix.exe item in the window.
I did this through my email window. Should it be done from your website instead?
It did not initialize ComboFix.
- Mar 8, 2013
- 22,627
I created the CFScript.txt file and drug it from where it was saved on my desktop to the
ComboFix.exe box above. It doesn't appear that it started running. It brings up an
Internet explorer window that shows the CFScript.txt file.
ComboFix.exe box above. It doesn't appear that it started running. It brings up an
Internet explorer window that shows the CFScript.txt file.
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
That is correct file, can you download fresh ComboFix report, you are not doing something good...
Similar threads
- Locked
