Police Virus - Wont boot 0x0000007B BSOD

[shabooga]

Hello,

My father called me regarding a notice on his computer that was preventing him from using it. It looked like it was from the Canadian Police and asked him to pay $100 because he had been viewing "illegal materials". I asked him to reboot into safe mode and run Malwarebytes which he did. Now the computer will not boot at all. It gets stuck on a BSOD 0x0000007B. Tried to do a system restore and it fails.I have run FRST 64 bit edition and I have attached the log file to this post. Any assistance would be appreciated as I am now thinking my only option is to start from scratch and install the os from the start.

I cannot run OTL and aswMBR in Normal Mode or Safe Mode because I cannot boot the computer.

Thank you in advance.

 

[Fiery]

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Let's give this a try first.

On your clean PC, download the following file by right-clicking it and select save as

[attachment=5408]

and save it onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Then attempt to boot normally.

 

[shabooga]

Hi Fiery,

Thank you for your prompt response. Unfortunately it still doesn't boot. Attached is the log that was generated.

Thanks again.

 

[Fiery]

Ok, let's try this.

On your clean PC, download the following file by right-clicking it and select save as

[attachment=5410]

and save it onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

 

[shabooga]

Ok, let's try this.

On your clean PC, download the following file by right-clicking it and select save as



and save it onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

No Luck

 

[Fiery]

While in system recovery, have you tried a startup repair?

 

[shabooga]

While in system recovery, have you tried a startup repair?

Yes and unfortunately that fails as well. Am I going to have to wipe out and start from scratch?

 

[Fiery]

Let's try one more thing before you wipe and reformat.

Do the same as before, but with this fixlist.txt.

[attachment=5415]

Afterwards, download the other fixlist.txt in the following post and run it as well.

 

[Fiery]

[attachment=5416]

 

[shabooga]

Thank you so much for you help Fiery. Unfortunately it didn't work but I appreciate your efforts.

 

[Fiery]

Unfortunately, I would suggest you to reformat if you wish to resolve this quickly.

You can use the Kaspersky Rescue disk to retrieve any files that you may have on the hard-drive before you reformat. Here are the instructions to create the rescue disk. http://malwaretips.com/Announcement-Computer-won-t-boot-up-Hard-to-remove-malware-Learn-how-to-create-and-use-a-Kaspersky-Rescue-Disk

Once you are in, you can transfer files from your harddrive onto an USB

 

[shabooga]

Unfortunately, I would suggest you to reformat if you wish to resolve this quickly.

You can use the Kaspersky Rescue disk to retrieve any files that you may have on the hard-drive before you reformat. Here are the instructions to create the rescue disk. http://malwaretips.com/Announcement-Computer-won-t-boot-up-Hard-to-remove-malware-Learn-how-to-create-and-use-a-Kaspersky-Rescue-Disk

Once you are in, you can transfer files from your harddrive onto an USB

Hi Fiery,

I'm in no rush to get this resolved. If you still have ideas/patience then I'm willing to continue trying things.

 

[Fiery]

I suggest you make a Kaspersky Rescue Disk and run a scan with it. PLease note that you'll need wired connection for it to receive updates.

Also, while in the Rescue Disk, I would like to see the malwarebytes log to see what it removed/ deleted. While in the Rescue disk, you can access your drive through the terminal and transfer the log onto your USB. The log is located in C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs. Please try to find the most recent one.

 

[shabooga]

I suggest you make a Kaspersky Rescue Disk and run a scan with it. PLease note that you'll need wired connection for it to receive updates.

Also, while in the Rescue Disk, I would like to see the malwarebytes log to see what it removed/ deleted. While in the Rescue disk, you can access your drive through the terminal and transfer the log onto your USB. The log is located in C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs. Please try to find the most recent one.

Hi Fiery,

I've run Kaspersky Rescue Disk and it found ransomeware. I've also attached the only mbam log file that existed. The computer still blue screens and reboots.

 

[Fiery]

On your clean PC, download the following file by right-clicking it and select save as

[attachment=5449]

and save it onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Try rebooting normally

 

[shabooga]

Still not working. Here is the log:

 

[Fiery]

Darn, I suggest you should reinstall windows

 

[shabooga]

Darn, I suggest you should reinstall windows

OK thanks for your efforts.

 

[Fiery]

You're welcome.

Take care