Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Police Ransom Virus
Message
<blockquote data-quote="Fiery" data-source="post: 95922" data-attributes="member: 9"><p>Please do the following in safe mode. If you don't know how to access safe mode, follow the instructions <a href="http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true" target="_blank">here</a></p><p></p><p>Download and run <span style="color: blue"><strong>RKill</strong></span></p><p><a href="http://download.bleepingcomputer.com/grinler/rkill.com" target="_blank"><u><span style="color: blue">Download mirror 1</span></u></a> - <a href="http://download.bleepingcomputer.com/grinler/rkill.exe" target="_blank"><u><span style="color: blue">Download mirror 2</span></u></a> - <a href="http://download.bleepingcomputer.com/grinler/iExplore.exe" target="_blank"><u><span style="color: blue">Download mirror 3</span></u></a></p><p></p><p></p><ul> <li data-xf-list-type="ul">Save it to your Desktop.</li> <li data-xf-list-type="ul">Double click the RKill desktop icon.</li> <li data-xf-list-type="ul">It will quickly run. If it does not run, try another download link from above.</li> </ul><p><img title="RKILL Command prompt" src="http://malwaretips.com/images/removalguide/rkill2.png" alt="[Image: run-rkill-2.png]" width="507" height="256" border="0" /></p><ul> <li data-xf-list-type="ul">When Rkill has completed its task, it will <<strong>>generate a log</<strong>>. You can then <<strong>>proceed with the rest of the guide</<strong>>.</strong></strong></strong></strong></li> </ul><p><strong><strong><strong><strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><img title="RKILL LOG" src="http://malwaretips.com/images/removalguide/rkill3.png" alt="[Image: XP Defender 2013 rkill3.jpg]" width="414" height="187" border="0" /></li></strong></strong></strong></strong></p><p><strong><strong><strong><strong></ol><br></strong></strong></strong></strong></p><p><strong><strong><strong><strong><br><<strong>>WARNING: Do not reboot your computer after running RKill as the malware process will start again , preventing you from properly performing the next step.</<strong>></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong>Download <a href="http://swandog46.geekstogo.com/avenger2/download.php" target="_blank"><span style="color: blue"><strong><u>avenger.zip</u></strong></span></a>... © by Swandog46 <ol> <li data-xf-list-type="ol">Unzip/extract it to a folder on your desktop.</li> <li data-xf-list-type="ol">Double click on <strong>avenger.exe</strong> to run it. Click "<strong>OK</strong>"...at the prompt.</li> <li data-xf-list-type="ol"><strong><span style="color: green">Check</span> </strong>the box... <strong>"Scan for rootkits"</strong></li> <li data-xf-list-type="ol"><strong><span style="color: darkred">Uncheck</span></strong> the box... <strong>"Automatically disable any rootkits found"</strong>...if checked.</li> <li data-xf-list-type="ol">Copy <strong>all</strong> of the text in the code box (below) and paste it in the text box in The Avenger<br /> [code]<br /> Files to delete:<br /> c:\documents and settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js<br /> <br /> Folders to delete:<br /> c:\documents and settings\Jane\Application Data\searchresultstb<br /> <br /> Registry keys to delete:<br /> HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*<br /> <br /> [/code]</li> <li data-xf-list-type="ol">Click the <strong>Execute</strong> button.</li> <li data-xf-list-type="ol">Click "<strong>Yes</strong>" at the 2 prompts:<ul> <li data-xf-list-type="ul"> <strong>"Are you sure you want to execute the current script?"</strong>.</li> <li data-xf-list-type="ul"> <strong>"First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?"</strong>.</li> </ul></li> <li data-xf-list-type="ol">Your PC will automatically reboot.<br /> <em><strong>Note:</strong> If the above script contains Drivers to delete: or Drivers to disable:, then <strong>The Avenger</strong> will require 2 (two) reboots to complete its operation.</em><br /> <em>If that is the case, it will force a <strong><span style="color: red">BSOD</span></strong> (Blue Screen of Death) <strong><span style="color: red">error</span></strong> ...on the first reboot. This is normal & expected behavior.</em></li> <li data-xf-list-type="ol">After your PC has completed the necessary reboots, a log should automatically open.<br /> If it does not automatically open, then the log can be found at %systemdrive%\<strong>avenger.txt</strong> (typically C:\<strong>avenger.txt</strong>).</li> </ol><p><strong>Please post the contents of the <span style="color: blue">avenger.txt</span> log, in your next reply.</strong></strong></strong></strong></strong></strong></strong></p></blockquote><p></p>
[QUOTE="Fiery, post: 95922, member: 9"] Please do the following in safe mode. If you don't know how to access safe mode, follow the instructions [url=http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true]here[/url] Download and run [color=blue][b]RKill[/b][/color] [url=http://download.bleepingcomputer.com/grinler/rkill.com][u][color=blue]Download mirror 1[/color][/u][/url] - [url=http://download.bleepingcomputer.com/grinler/rkill.exe][u][color=blue]Download mirror 2[/color][/u][/url] - [url=http://download.bleepingcomputer.com/grinler/iExplore.exe][u][color=blue]Download mirror 3[/color][/u][/url] [list][*]Save it to your Desktop. [*]Double click the RKill desktop icon. [*]It will quickly run. If it does not run, try another download link from above.[/list] <img title="RKILL Command prompt" src="http://malwaretips.com/images/removalguide/rkill2.png" alt="[Image: run-rkill-2.png]" width="507" height="256" border="0" /> [list] [*]When Rkill has completed its task, it will <[b]>generate a log</[b]>. You can then <[b]>proceed with the rest of the guide</[b]>.[/b][/b][/b][/b][/list][b][b][b][b] <img title="RKILL LOG" src="http://malwaretips.com/images/removalguide/rkill3.png" alt="[Image: XP Defender 2013 rkill3.jpg]" width="414" height="187" border="0" /></li> </ol><br> <br><[b]>WARNING: Do not reboot your computer after running RKill as the malware process will start again , preventing you from properly performing the next step.</[b]> Download [url=http://swandog46.geekstogo.com/avenger2/download.php][color=blue][b][u]avenger.zip[/u][/b][/color][/url]... © by Swandog46 [list=1] [*]Unzip/extract it to a folder on your desktop. [*]Double click on [b]avenger.exe[/b] to run it. Click "[b]OK[/b]"...at the prompt. [*][b][color=green]Check[/color] [/b]the box... [b]"Scan for rootkits"[/b] [*][b][color=darkred]Uncheck[/color][/b] the box... [b]"Automatically disable any rootkits found"[/b]...if checked. [*]Copy [b]all[/b] of the text in the code box (below) and paste it in the text box in The Avenger [code] Files to delete: c:\documents and settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js Folders to delete: c:\documents and settings\Jane\Application Data\searchresultstb Registry keys to delete: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32* [/code] [*]Click the [b]Execute[/b] button. [*]Click "[b]Yes[/b]" at the 2 prompts:[list][*] [b]"Are you sure you want to execute the current script?"[/b]. [*] [b]"First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?"[/b].[/list] [*]Your PC will automatically reboot. [i][b]Note:[/b] If the above script contains Drivers to delete: or Drivers to disable:, then [b]The Avenger[/b] will require 2 (two) reboots to complete its operation.[/i] [i]If that is the case, it will force a [b][color=red]BSOD[/color][/b] (Blue Screen of Death) [b][color=red]error[/color][/b] ...on the first reboot. This is normal & expected behavior.[/i] [*]After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\[b]avenger.txt[/b] (typically C:\[b]avenger.txt[/b]).[/list] [b]Please post the contents of the [color=blue]avenger.txt[/color] log, in your next reply.[/b][/b][/b][/b][/b][/b][/b] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
