Ransomware - PCEU virus

[Fiery]

Open the program, under the setting tab, there
Should be an option to turn realtime protection check off

 

[Fryern]

Open the program, under the setting tab, there
Should be an option to turn realtime protection check off

Uninstalled it.Combofix then ran produced a txt file which hope to get to you soon

 

[Fryern]

Text file hopefully attached

Close to Friday here so time for bed.

I look forward to hearing from you.

 

[Fiery]

Please download the file that I have attached in the bottom of this reply. Save transfer it to your PC. Right click the file and select Run as Administrator . Let it run for a while.

After the process has been completed, please attach the logs that are produced. Then reboot your PC and see if you are able to connect to the internet.

 

[Fryern]

A little confused. Put the program on the desktop right clicked and chose Run as Admin. Then asks for permission to run. Click ok and that is the end of it.

Before I binned MSE checked the logs and found this - see attached

 

[Fiery]

Ok, we are heading to system recovery again. Delete the old fixlist.

Open notepad and copy & paste the following:

start
Folder: c:\users\Chris\AppData\Roaming\Microsoft\Windows\Recent
Folder: c:\users\Chris\AppData\Roaming
nointegritychecks off:
end

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

---

While in system recovery, goto the command prompt and type (Please note the spaces in between the words and the dashes!)

sfc /scannow /offbootdir=c:\ /offwindir=c:\windows

 

[Fryern]

So what am I doing with fixlist.txt that is now on the PC desktop?

Sorry but we have gone back to page one.

 

[Fiery]

Put the fixlist.txt on the USB, then boot the system recovery, start FRST in command prompt like before and click fix

 

[Fryern]

sfc /scannow /offbootdir=c:\ /offwindir=c:\windows

sfc(sp) /scannow(sp)/offbootdir=c:\(sp)/offwindir=c:\windows

have I missed any (sp)

 

[Fryern]

The log

Everything but the internet appears ok - but I've not tried the internet

Not sure the log is much use. Was 2nd run

 

[Fiery]

sfc /scannow /offbootdir=c:\ /offwindir=c:\windows

sfc(sp) /scannow(sp)/offbootdir=c:\(sp)/offwindir=c:\windows

have I missed any (sp)

That is correct.

Was the fixlist.txt on the USB with FRST? The fix didn't run.

 

[Fryern]

The fixlist was on the USB and I think it ran. It produced a big log which unfortuately I over wrote with the next attempt. I did try to upload it here but it timed out.

Everything appears to work other than getting an internet connection. I have tried both ethernet and wireless.
Device mgr says both are working.


Is there any point in running it again and the script?

 

[Fiery]

It is preferred that you run the FRST script since I turned off an important security function on your PC to let Combofix run.

Please download Complete Internet Repair from here and transfer it to your PC. Make sure you are not running the program from the USB

• Unzip all the files to the desktop
• Double click the Complete Internet Repair folder with the unzipped files on your desktop
• Double click on CIntRep.exe
• Place a checkmark next to the following entries:
  • 
    Reset Internet Protocol (TCP/IP)
    Repair Winsock (Reset Catalog)
    Renew Internet Connections
    Flush DNS Resolver Cache
    Repair Internet Explorer 6.0.2900
    Clear Windows Update History
    Repair Windows / Automatic Updates
    Repair SSL / HTTPS / Cryptography
    Reset Windows Firewall Configuration
    Restore the default hosts file
    Repair Workgroup Computers view
• Click Go!
• Select file to get the log once the program has finished
• Reboot your computer
• Check your internet access

 

[Fryern]

I am getting a message that says 'please insert the last disk of the Multi-volume set'.

Guess I cannot unzip the file.Program must have been dumped. Please can you send an unzipper which I can take from the Mac to the PC -

btw The fixlog was about 250 pages which is why it would not unload.

 

[Fiery]

Ok, don't attach that log then, I know it has been ran

I have uploaded the .exe file to here. See if you can run it

 

[Fryern]

Hi

The zipped files seem to have confused the Mac. At the moment it does not want to recognised any USB flash drives.

Need to work on that. I have the .exe on the Mac just a case of getting it to the USB.

:huh:

 

[Fiery]

Hi

The zipped files seem to have confused the Mac. At the moment it does not want to recognised any USB flash drives.

Need to work on that. I have the .exe on the Mac just a case of getting it to the USB.

:huh:

Ok.. let me know how that goes. I don't know how to work a Mac unfortunately. Maybe try restarting your Mac

 

[Fryern]

I restart the Mac everytime I need to remove or plug in a flash drive. It didn't ever recognise the drives names but you could add/transfer or remove data.

Now, the drives and existing data are being seen by the PC as before. So a question for you. If I reformat a flash USB on the PC (I coming to doing that) I think that will be FAT32 format. Is that correct? It is my sons old Mac so I will give him a call too.
Maybe I should try reformat on the Mac.

Onwards and upwards.......

 

[Fryern]

Hi Again,

Got the Mac to wake up. Putting it totally to sleep - power off overnight - and it now finds the USB. I remember HP printers can be the same.


I will have attached the log next post - timing issues. Please note Explorer is 9.0.8112.

Over to you. We must be very close but we are not on line yet.

Keep

 

[Fryern]

Hopefully the log in txt