Simviation Forums

[Mass]

Hey all.

Unfortunately I have managed to pick up a virus on my computer. It is the Metropolitan police e-crime unit virus, a ransomware which has locked my computer unless I run it in safe mode which I am currently doing.

In order to try to rid my self of this demon I have followed insstructions from the internet however I can only go so far. The infected item, frustratingly, is windows explorer. The instructions I have followed is to start with safe and command prompt, force rename explorer so that I can use it, then download and replace explorer with a new non-infected version. However when I come to replace it I am told I cannot. I give the neccessary permissions as the computer administrator but then it blocks me from doing so anyway.

My question therefore is whether it is safe or even possible for me to use command prompt to force delete explorer and then re-install it from a USB drive onto which I can download a clean version.

Thankyou for any help with this matter, I am becoming a big red frustrated angry ball of rage! 

Mass

[ozzy72]

Mass do you have any AV or AM software already installed on your PC? Also when the pop-up comes up does it offer you the chance to "buy" the fix?

[Mass]

Yes the pop-up takes over the screen and locks the computer. In the pop-up which claims to the the police they ask for a

[ozzy72]

How familiar are you with the registry?

[Mass]

Not hugely but I've done a few bits and bobs so I should be able to pick it up.

[ozzy72]

Okay you need to look in HKEY_LOCAL_MACHINE/SOFTWARE and the CURRENT USER/SOFTWARE for an entry that clearly doesn't belong. It'll use some sort of entry to fire up the program on start-up. Be careful, mess it up and your PC will be doomed. It might be worth trying to look up what keys they use with this nice little program

[Mass]

I was following the instructions from here
http://www.deletevirus.net/police-centr ... nit-virus/
which instructed me to a similar area of the registry to what you suggested.

I am struggling to find another item which I could delete which would be easier as they tell me to replace explorer with a clean version that I am unable to do.

[ozzy72]

Once you've disabled the key it shouldn't start then you can let your software do the honours

[Mass]

Im unable to disable it at the moment though. This is where i get stuck.

[Mass]

YAY!!

Ive done it! Woohoo! All safe and sound again!

Thankyou so much for your help Ozzy, very very much appreciated!

8-)
Mass

[UnkieDude]

Do you have a clean backup of your operating system?  If not, I HIGHLY recommend you create one.  I have not one, but three backups of my operating system.  This was expensive in the hardware department, but well worth it.

Three  1TB MyBook drives from Western Digital make up my backup protocol.

Alpha:  Backup of OS just after full install and update of Windows.  AV and maintenance programs installed.  That's it.  This drive is only pulled out if I want a "clean" install of Windows 7 Ultimate.

Beta:  Backup of OS, OS updated, all programs installed and OS tweaks performed.  Music, movies, game stuff included on this drive.

Charlie:  Same as Beta.

Beta and Charlie get swapped out monthly.  If something goes wrong I only lose that month's progress.

These backups are in addition to my an on-board 1TB drive used as a running drive for music, movies and such.  My OS runs on a 120GB Sata SSD drive with FSX on another.

I know this is a bunch of different drives and cost a lot, but it works for me.  Saved me a time or two over the last couple of years.

Short of my insanity, two WD MyBooks should do.  You need at LEAST two backups and rotate them so as to not lose both at the same time.  Store backup drives in a firebox along with important papers.

Hope this helps.

The Bad Unkie Has Contributed.  Some.

[Mass]

I don't have a backup of the OS itself but I do have 2 external HDDs with the contents of the computer all backed up. So it wouldn't have been the end of the world as my stuff is safe, just highly irritating!

Would you suggest backing up the OS itself then?

Thanks for the advice! 
Mass

[UnkieDude]

I would recommend it.  Then put it away for future need.  Go back over my post and see how I've taken into account most contingencies.  My protocol works for me, your mileage may vary.

Remember.  BackUp Or Die!

The Bad Unkie Strikes Back!

[ozzy72]

Glad to hear you're all sorted We've not come across this one at work yet but I'll probably do a bit of homework this weekend ready for when one of the sales numpties decides to infect their laptop