Virus: PC stuck on the page that asks for money

Robox1 · *Last edited by Robox1; 06-05-2012 at 15:21.*

Browsing the net I untapped popup on various casino and poker that I think have infected my PC because all of a sudden you are stuck on a page that asks for payment $ 100 to avoid penalties because on my pc there are files protected by copyright blah blah blah .....

At each reboot I find this screen where you quit (doing ctrl alt del) and also by starting in safe mode.

Tips on how to solve the problem without a format?

[I tried with kaspersky rescue disk 10 but I had the same problem described here:

http://forum.kaspersky.com/index.php?showtopic=236625

I booted an OS from another hd but unfortunately ComboFix (from what I understand the only remedy with kaspersky windows unloker rtipo to solve this problem) scans only the operating system started, not even another disc and it does not seem to be configurable in this sense]

h9dlb · 06-05-2012, 15:54 | posts: 26 | Location: Leeds England

I had this too - use system restore to a date before it happened and the problem is gone

Phragmeister · 06-05-2012, 16:21 | posts: 1,161 | Location: UK

Try a scan with Malwarebytes and Trojan Remover.

Then purge all your temp files and such using CCleaner.

I also recommend installing Ad Muncher too, best ad remover on the net.

Watcher · 06-06-2012, 01:08 | posts: 1,989 | Location: Canada

Not sure if you have the issue below? You can try Kaspersky Xorist Decryptor :

http://www.majorgeeks.com/Kaspersky_...tor_d7732.html

Quote:

Malware of the family Trojan-Ransom.Win32.Xorist is designed for unauthorized modification of data on a victim computer. It makes computers uncontrollable or blocks its normal performance. After taking the data as a “hostage” (blocking it), a ransom is demanded from the user.

The victim is supposed to deliver the ransom to the pirate, who is promising to send in return a program which would release the data or restore normal performance of the computer.

EpicLoss · 06-06-2012, 07:52 | posts: 831 | Location: Midlands/UK

firefox+noscript+adblockPLUS = clean and safe browsing

k1net1cs · 06-06-2012, 17:38 | posts: 3,328

Quote:

Originally Posted by AlcapwN

firefox+noscript+adblockPLUS = clean and safe browsing

You forgot Ghostery in that equation.

Supatitanman · *Last edited by Supatitanman; 06-06-2012 at 19:41.*

download this first:
http://support.kaspersky.com/faq/?qid=208282173

burn that to a CD-R using a tool like IMGBURN *DO A FULL SCAN NOT JUST BOOT SECTOR*

- reboot to safemode after that is run and done

then install malwarebytes and do a full scan and it should be taken care of. Also I like to clear the cache before I use malwarebytes full scan and take care of unnecessary startup items as well. PM me if you have any issues

EDIT: to be more technical you could also boot in to the OS using hirens mini XP and delete the .exe of the virus usually in your appdata or programdata folders.

this is risky but the most efficient way is to also redo your MBR depending on what OS you have there are dozens of tools that can do that for you.

Robox1 · 06-07-2012, 12:22 | posts: 52

I managed to boot into Safe Mode with Command Prompt and I started from the command line ComboFix I had moved to c: and I solved the problem .... then I did a scan with malwarebite, Emsisoft malware, superantispyware, antivir (tomorrow and do another session another 3-4 programs) and strangely none of these I found nothing (except a few false positive that I have always been detected and I know for sure it's clean)

But now there's a problem: the screen of your desktop background but has no files and folders (if you go looking in the desktop folder in Windows Explorer the files are present) ..... you know how I can fix?

I also tried:

- Use a rescue of the arrangement of icons with icon restoreer
- Delete iconcache.db
- Replace explorer.exe with a downloaded

but nothing ...: tips on how to solve?

Phragmeister · 06-07-2012, 15:04 | posts: 1,161 | Location: UK

You may have accidentally unchecked this setting -

*On desktop* Right-Click > View > Show Desktop Icons

If it's already checked, uncheck it, then check again.

"Check-ch-check-check-check-ch-check it out. What-wha-what-what-what's it all about ..."

Pill Monster · 06-09-2012, 06:17 | posts: 20,519 | Location: NZ

Quote:

Originally Posted by Robox1

I managed to boot into Safe Mode with Command Prompt and I started from the command line ComboFix I had moved to c: and I solved the problem .... then I did a scan with malwarebite, Emsisoft malware, superantispyware, antivir (tomorrow and do another session another 3-4 programs) and strangely none of these I found nothing (except a few false positive that I have always been detected and I know for sure it's clean)

But now there's a problem: the screen of your desktop background but has no files and folders (if you go looking in the desktop folder in Windows Explorer the files are present) ..... you know how I can fix?

I also tried:

- Use a rescue of the arrangement of icons with icon restoreer
- Delete iconcache.db
- Replace explorer.exe with a downloaded

but nothing ...: tips on how to solve?

It's been ages since I used it so I could be wrong. but I think that's a side effect of running Combofix.
Pretty sure it says something about that when the program runs....

jbmcmillan · 06-09-2012, 15:12 | posts: 822 | Location: Langley,B.C. Canada

This thread describes how to use unhide.exe for a similar problem.
http://www.bleepingcomputer.com/forums/topic404928.html

soldier1st · 06-16-2012, 10:07 | posts: 196 | Location: Enterprise NX01

Quote:

Originally Posted by k1net1cs

You forgot Ghostery in that equation.

Ghostery slows down browsing so not usin it for that reason. do not track plus/adblock plus/better privacy/adblock popup addon/element hiding helper is what i would use.

Mufflore · 06-16-2012, 22:07 | posts: 9,554 | Location: UK

Strange, Ghostery causes no browsing speed issues here.
CPU use spikes to around 10 to 15% momentarily when loading a webpage.
You may have another issue.