Ransomeware ICE CCC

[Jonny B]

Hey there, I'm in a bit of a pickle. I was Looking up the ICE information and notices the Ransomeware on my search. After looking up the comparison posted on "3 Easy Ways to Remove The ICE Cyber Crime Center Virus" page to see if any of the text was similar. after noting they were identical and (after a panicked tapping of my mic and camera) I began to try the steps posted in the site. Safe Mode would reset within seconds of user select screens loading, and after creating the Kickstart drive and scanning in Safe Mode, I found the system's Window's Firewall would not allow outside communications from the Hitman program. I managed to get the file name of this virus's program, but failed to copy it, or it's directory information. At present, I am attempting to try and get these particular pieces of data for reference in a future post, but any help offered will be accepted gladly.

Note: The PC infected is and older model, ACER Aspire One, so I hoe this helps in pointing out what Options I have.

 

[g3n-h@ckm@n]

Hello Welcome , is it possible to run the computer in command prompt ?

 

[Jonny B]

Unfortunately, No form of Safe Mode will run, Command Prompt Included, Said PC is next to me running the 4th scan as we speak with the HitmanPro Kickstart. I have to keep an eye on it to write the file name and location to try and help narrow it down If I need to set the drive in another PC>

Amendment: The file has been located, but before HitmanPro Kickstart could finish the classification on the first scan, I received an error screen (much like a blue Crash Screen).
File Name is 0nbjrjhnb.cpp, located in C:\Documents and Settings\All Users\Application data

 

[g3n-h@ckm@n]

ok ,do that with another computer

Download here: http://www.telecharger.sosvirus.net/gen-hackman/7pe_x___86_E.exe
Select whether you want to create a Live CD or Live USB Key.
===============================
If you choose CD:
Wait a few seconds, writing software will open.
Insert a CD into your drive and click "BURN ISO"
(Normally the file to burn is already selected)
if USB:
insert a USB key in a holder (minimum 512 MB)
The installation may take 1-2 minutes
Iso to USB opens, click on "Browse" and selects "Win7Rescue.iso" that is placed on your desktop.
choose the corresponding letter to your usb key below, and leave the default file system.
checks the "Bootable" box, then click burn, then answer "yes" to the following two messages.
a window will warn you that the operation was successful.
Once completed, ejects the key PC and then inserted into the diseased pc.
===================================
You will need a wired keyboard (not wireless) not working on the bios
Then change the startup of your PC by putting the patient first boot cd in the bios
How to? : http://translate.google.com/translate?sl=fr&tl=en&js=n&prev=_t&hl=fr&ie=UTF-8&u=http://www.commentcamarche.net/faq/7322-booter-sur-cd-changer-sequence-de-boot
Start the patient on the pc cd or usb key
Lets make up the full desktop display

Logically FirefoxPortable let you come and read here to take the script to paste which is below

Start OTLPE.exe that is on your desktop:
Select the window that opens, the corresponding installation folder to the patient Windows (C: \ windows or d: \ windows or ...): click on the Windows folder and then click ok
To the question "Do you wish to load remote user profile (s) for scanning? "=> Yes
Select "Automatically Load All Remaining Users box? "And click OK
OTLPE opens ... Just put the 4 boxes on the left to "All" and do not touch anything else.


In the box under "Custom Scans / Fixes" paste this text:


HKCU\Software
HKLM\SoftwareHKCU\Software\Microsoft\Command Processor / s
HKLM\Software\Microsoft\Command Processor / s
%Homedrive%\*
%Homedrive%\*.
%USERPROFILE%\*
%USERPROFILE%\*.
%ALLUSERSPROFILE%\*
%ALLUSERSPROFILE%\*.
%LocalAppData%\*
%LocalAppData%\*.
%UserProfile%\Local Settings\Application Data\*
%UserProfile%\Local Settings\Application Data\*.
%PROGRAMFILES%\*
%ProgramFiles%\Google\Desktop\Install / s
%PROGRAMFILES%\*.
%Systemroot%\Installer\*.
%Systemroot%\Temp\*.Exe / s
%Systemroot%\system32\*.Dll /lockedfiles
%Systemroot%\system32\*.Exe /lockedfiles%Systemroot%\system32\*.In*
%Systemroot%\Tasks\*
%Systemroot%\Tasks\*.
%Systemroot%\system32\Tasks\*
%Systemroot%\system32\Tasks\*.
%Systemroot%\system32\drivers\*.Sy* /lockedfiles
%Systemroot%\system32\config\*.Exe / s
%Systemroot%\ServiceProfiles\*.Exe / s
%Systemroot%\system32\*.Sys msconfig
activex
/Md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/Md5stop
netsvcs
safebootminimal
safebootnetwork

Click Analysis.
At the end of the scan, two Notepad will open with the report and OTL.txt extra.txt
Host them one by one on http://cjoint.com then give the two links found on the forum or in the discussion where you made help.
They are also at the root of the partition where Windows is installed (C: \ OTL.txt ... or D: \ OTL.txt .... and the accompanying Extra)

 

[Jonny B]

Is that compattible with Windows XP?

 

[g3n-h@ckm@n]

yes

 

[Jonny B]

Just a moment. The scan from the Kickstart appears to be working, so allow me one moment of your patience. As a precaution, however, I am following through with the instructions provided.

Amendment: The program Preformed the Removal without flaw this time, and am currently moving to preform the following steps to ensure a complete removal of the virus. Thank you sincerely for your assistance

 

[g3n-h@ckm@n]

ok as you want , no problem

sorry for the text , I'm french and I have little problems with certains words

 

[Jonny B]

Not to worry, my friend. Americans can be overrated sometimes.

 

[g3n-h@ckm@n]

hum....lol

but if the computer starts normally now you don't need to do what's above , we can disinfect directly