Computer problems!! PC EU virus.... :shock:


Pentaxophile

Link Posted 29/06/2012 - 09:35
OK - some one else was using the computer when my computer was infected with this 'ransomware' virus, but now it's impossible to get past the banner which appears when you load Windows.

For people who haven't heard of it, the PC EU virus loads a banner purporting to be from the police, claiming that your computer has been connected with illegal activities and requesting you pay a 100 fine or have your computer seized.

I can get into my C drive by starting the computer in Ubuntu, but can't locate the offending file myself. Has anyone had any experience of tracking it down? Otherwise I will just transfer my files and photos onto an external hard drive, and obtain a Windows CD to reinstall XP. (I don't suppose anyone has an old WIndows XP disk lying around do they? .....)
[link=https://500px.com/will_brealey/[/link]
Last Edited by Pentaxophile on 29/06/2012 - 09:37

DoctorJeff

Link Posted 29/06/2012 - 11:09
The first thing to try would be starting in "Safe Mode" - this might get you past the virus effect. If it does, then you can try to "Restore" the computer to an earlier date - i.e. one before the virus struck.
If you have access to a second machine, you could try linking the two with a USB cable, and using an anti-virus program on the good machine to clean up the problem one.
There are standalone removal tools for this virus - I think that IF I had to use one, I would install it on a memory stick and run it from that.
If you can find some kind soul with an XP disk, you will also need the product key to go with it - and if this is already registered to them this could cause a problem with Microsoft if they are still using the original installation.
I guess that I would start by a good Google search on the virus.
Geoff
Water can wear away a stone - but it can't cook lunch
X-5
istDS
K2000
P50.
Lenses Digital: 50-200, 18-55 KAF: 28-80.
Lenses KA & K: SMC-KA f2.0, SMC-K f1.4, SMC-K f1.7 Tokina KA 28-70 , SMC Pentax 70-210 F4, Sigma KA 75-300 , Hanimex 500mm Mirror, and the Tamron Adaptall-2 stuff.
and then there's all the M42 kit, and the accessories ...

Mike-P

Link Posted 29/06/2012 - 11:28
Link to youtube video on how to get rid of it
No equipment list here but thanks for taking an interest. My Flickr

Pentaxophile

Link Posted 29/06/2012 - 11:30
Cheers Geoff - was able to go straight into System Restore in Safe Mode. When completed, I will do a full system scan to remove any malware.
[link=https://500px.com/will_brealey/[/link]

Pentaxophile

Link Posted 29/06/2012 - 11:34
Mike-P wrote:
Link to youtube video on how to get rid of it

Cheers Mike, I did watch that vid yesterday - it says it won't let you go into safe mode, which is why I overlooked that option and went straight into trying to locate the virus myself running Linux off a CD. However I have managed to get the computer going in safe mode so perhaps I have a slightly different variant.
[link=https://500px.com/will_brealey/[/link]

Algernon

Link Posted 29/06/2012 - 12:00
Make sure that you have/recover your Windows Serial No. for
any install.

http://www.magicaljellybean.com/keyfinder/
is reliable and safe.
Half Man... Half Pentax ... Half Cucumber

Pentax K-1 + K-5 and some other stuff

Algi

Pentaxophile

Link Posted 29/06/2012 - 12:08
System restore didn't work so running a system scan within safe mode.

Won't a new XP disk have it's own serial number, Algi? (Hopefully I can avoid needing to reinstall but who knows!) Can't remember whether this PC came with a disk or not, or if so, where I put it

Would be tempted to upgrade to Win7 if I had to buy a new disk, but not sure if my version of Autocad (2007) would be compatible...
[link=https://500px.com/will_brealey/[/link]
Last Edited by Pentaxophile on 29/06/2012 - 12:09

Algernon

Link Posted 29/06/2012 - 12:46
A new retail disk will have a new serial number, but as long
as it's the same version of XP that you had i.e. Home, XP Pro
etc. you should be able to use the old S.No. because MS
License the CPU. I'm not sure what happens when it goes online
to register I presume that they will have a record of the CPU
serial and automatically allow it. At the worst you may have
to ring them up. The new S.No. can be saved until you need
to put XP on a new machine.

From memory I think MagicJellyBean can change the S.No. so
if all else fails and the old one won't work you can change
it to the new one.
Half Man... Half Pentax ... Half Cucumber

Pentax K-1 + K-5 and some other stuff

Algi

greynolds999

Link Posted 29/06/2012 - 13:15
Personally I would advise against connecting the machine to another - you might increase your problems.

I would try something like an AVG boot disk: link. You can copy it to whatever media your PC will boot from (may be CD only for an older machine).

Burn it to disk in a clean machine then set the infected one up to boot from disk in the BIOS.

But on the other hand, if your installation has been on your current machine for a while you might get a lot of other benefit with a clean install.

Do be aware though that some clever viruses hide themselves in the MBR so even that won't help!
My Photobucket

JohnX

Link Posted 29/06/2012 - 13:18
This any help? Tells you how to remove manually.

http://www.deletevirus.net/police-central-e-crime-unit-virus/
Last Edited by JohnX on 29/06/2012 - 13:18

JForeigner

Link Posted 29/06/2012 - 13:25
Can you download and install malwarebytes, then check for updates and install them. Then boot into safe mode, and run a full scan. This should find and delete the virus.

Gary
Armed with a K3, some M, A, FA, DA, and star lens. With an eye open for "just one more lens".

My PPG link

siliconchippy

Link Posted 29/06/2012 - 13:33
For info on this virus and it's removal got to

link

and follow the instructions.

A good antivirus/spyware/malware suite is the Comodo Internet Security and
System Cleaner suite of programs and they're free.

hope this helps
regards
Will
The first and the simplest emotion which we discover in the human mind is Curiosity.
Edmund Burke

steven9761

Link Posted 29/06/2012 - 13:55
JohnX wrote:
This any help? Tells you how to remove manually.

http://www.deletevirus.net/police-central-e-crime-unit-virus/

When I tried to access this on the office pc, TREND MICRO's security warning flagged this as a DANGEROUS SITE. Access it at your own risk!!

JohnX

Link Posted 29/06/2012 - 14:26
steven9761 wrote:
JohnX wrote:
This any help? Tells you how to remove manually.

http://www.deletevirus.net/police-central-e-crime-unit-virus/

When I tried to access this on the office pc, TREND MICRO's security warning flagged this as a DANGEROUS SITE. Access it at your own risk!!

Possibly because of the referance to viruses. I checked it out on my PC/Kaspersky anti-virus before I posted and nothing was flagged, but, agree this could be a double-bluff! Doesn't appear to be though, and I accessed it via a US Police site.
Last Edited by JohnX on 29/06/2012 - 14:26

steven9761

Link Posted 29/06/2012 - 14:32
I remember years ago, in the age of 1.44Mb floppy disks, I has a "magic bullet" disk for such eventualities. However, try as I might, I cannot find anything remotely similar for downloading onto a usb stick or memory card!!
Last Edited by steven9761 on 29/06/2012 - 14:32
Add a Comment
You must be registered or logged-in to comment.