Really stubborn police virus

[IanT]

Unfortunately I do not have another Windows computer. My experiments so far have entailed two bus trips to an Internet cafe already. I can try a couple more things but then will have to get help in.
I do not have a CD burner and do not know whether I could use one at work or the Internet cafe, the Kapersky solution is up in the air.
I am running things with the Internet disconnected most of the time.
I am really sorry for bad etiquette but I have had to tick aswMBR LOG even though nothing will connect to a USB port and Internet unavailable.

 

[Fiery]

Hi IanT and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a USB/flash drive.
</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst.exe</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>

 

[IanT]

Thanks for that. I will try that tomorrow. One more question? Does having more than item of software on your flash drive complicate things or cause conflicts?

 

[Fiery]

It should not conflict

 

[IanT]

It should not conflict

Another point. When I first got this I blindly tried to sort it out myself. In safe mode I had the option of a full system wipe or a limited system wipe (128 mb). I went for the limited wipe. I should add that we are in the middle of building works and I cannot find the original Windows 7 disc. Have I done any damage or would the shell have prevented me modifying anything anyway?

 

[Fiery]

limited system wipe usually reinstalls your operating system but saves your personal file. However, different manufacturers have different types of system wipes so I'm not 100% sure what your's did. Who is the manufacturer and what is the model of your PC?

You don't need the windows 7 CD at the moment, just run Farbar Recovery Scan Tool. We can get a copy of windows 7 legally online (without the CD-key though but we can use it to repair system files if needed)

 

[IanT]

I have copied Notepad text. Where do I paste to?
Is it possible to use the internet now to send this?
Is the text file itself safe to send from another computer?
As per instructions, I have avoided clicking "fix".

 

[Fiery]

You can directly post the notepad text onto your next reply.

It is safe to send it from another computer.

 

[IanT]

I realise I did not provide computer information. It is:
Fujitsu Siemens Amilo
Intel Pentium Dual Core

 

[IanT]

Bearing in mind that I am practically computer illiterate, I have copied text but do not know where to paste it to or how to paste it. The good news is that Farbar got in.

 

[IanT]

If I can get that copied and pasted text to you it will not be until tomorrow so I will just copy some screen messages in case they are helpful:
FRST.exe - corrupt file
The file or directory C:\ProgramData\as98213.txt is corrupt and unreadable. Please run the Chkdsk utility.
Also:
Same message without C: store program data

 

[Fiery]

Hi,

Where are you getting the "C:\ProgramData\as98213.txt is corrupt and unreadable" error message?

Were you able to scan with FRST? If so, there is a log in your USB called FRST.txt. On another computer, open that file, copy the content and paste it in the box where you write your replies to me.

To copy and paste, click anywhere in the file, press ctrl A and it will highlight everything. Then open this forum and in the box where you type your messages to post onto this forum, right click anywhere in the box and select paste. Everything should be copied over and then hit the post reply button

 

[IanT]

Thanks so much for all your help. In the end it was faster and more convenient for me to get a guy to help and everything seems OK now. That is not to detract from the excellent advice you gave me. You guys perform an invaluable service.

 

[Fiery]

Ok, thanks for letting me know

Cheers!