PC is locked by Police Virus * Help Needed

PES 2009PES 2009 Posts: 1,146
Forum Member
✭✭✭
I got that Your PC is locked by the police, send £100 to Police etc virus.

Cannot use the infected PC at all, everytime I boot up the message comes up. Can't even boot into safe mode as exactly the same message pops up.

Message looks like this one.

http://malwaretips.com/blogs/wp-content/uploads/2012/10/west-yorkshire-police-virus.jpg

Any help would be gratefully received.
«134

Comments

  • flagpoleflagpole Posts: 44,641
    Forum Member
    I think i'd be tempted to try a system restore to an earlier time.

    but what i would try is not the main concern. I'm sure there is information out there.
  • max99max99 Posts: 9,002
    Forum Member
    Take a look over on BleepingComputer. They usually have full removal guides for this kind of ransomware. Search for the exact name of the scam or some of the key phrases from the message.
  • PES 2009PES 2009 Posts: 1,146
    Forum Member
    ✭✭✭
    flagpole wrote: »
    I think i'd be tempted to try a system restore to an earlier time.

    but what i would try is not the main concern. I'm sure there is information out there.

    Can't even do a system restore when I try in safe mode the police pop up comes up straightaway.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    PES 2009 wrote: »
    Can't even do a system restore when I try in safe mode the police pop up comes up straightaway.

    you can do it from the recovery console / command prompt.

    but the other advice is better.
  • njpnjp Posts: 27,583
    Forum Member
    ✭✭✭
    PES 2009 wrote: »
    I got that Your PC is locked by the police, send £100 to Police etc virus.

    Cannot use the infected PC at all, everytime I boot up the message comes up. Can't even boot into safe mode as exactly the same message pops up.

    Message looks like this one.

    http://malwaretips.com/blogs/wp-content/uploads/2012/10/west-yorkshire-police-virus.jpg

    Any help would be gratefully received.
    Safemode with command prompt, then combofix (read the disclaimers first!) sorted this problem on a PC I was asked to fix.

    In that case, the dodgy files to be deleted were these, which my manual inspection missed:

    ...\AppData\Roaming\msconfig.dat
    ...\AppData\Roaming\msconfig.ini
  • TheBigMTheBigM Posts: 13,125
    Forum Member
    ✭✭
    Depending on your method of backup, either restore an image you know to be clean or reinstall windows and reload your data from your backup.

    ...You do have a backup scheme in place riiight? ;)
  • Mr TeacakeMr Teacake Posts: 6,593
    Forum Member
    I restarted in safe mode then ran MSCONFIG and unticked all dodgy looking startup programs and it was that simple to fix. I also performed scans.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    TheBigM wrote: »
    Depending on your method of backup, either restore an image you know to be clean or reinstall windows and reload your data from your backup.

    ...You do have a backup scheme in place riiight? ;)

    Everytime we get one of these threads someone says that.

    i imagine how helpful it seems to the OP.
  • TheBigMTheBigM Posts: 13,125
    Forum Member
    ✭✭
    flagpole wrote: »
    Everytime we get one of these threads someone says that.

    i imagine how helpful it seems to the OP.

    It will help them the next time they're in a similar mess and they may well advise their friends/family to do the same.

    You guys can give the OP a fish, I want to teach them how to fish.
  • JeffG1JeffG1 Posts: 15,243
    Forum Member
    ✭✭
    TheBigM wrote: »
    You guys can give the OP a fish, I want to teach them how to fish.
    Maybe they already know how to fish, and find your post arrogant in the extreme.
  • njpnjp Posts: 27,583
    Forum Member
    ✭✭✭
    TheBigM wrote: »
    You guys can give the OP a fish, I want to teach them how to fish.
    No, we are advising them of the availability of suitable nutcrackers. You are suggesting that they invest in a sledgehammer, and use it to resolve any similar problems in the future.
  • max99max99 Posts: 9,002
    Forum Member
    On the other hand, advising someone on the importance of backups is possibly the single most important piece of computer-related advice that they will ever be given.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    max99 wrote: »
    On the other hand, advising someone on the importance of backups is possibly the single most important piece of computer-related advice that they will ever be given.

    there's a time and a place.

    it's a bit like helpfully telling someone who's just lost someone in a car crash how important seatbelts are.

    but specifically it is completely off topic.
  • max99max99 Posts: 9,002
    Forum Member
    flagpole wrote: »
    there's a time and a place.

    it's a bit like helpfully telling someone who's just lost someone in a car crash how important seatbelts are.

    but specifically it is completely off topic.

    There's never a bad time to tell someone they should have a backup. Never.
  • TheBigMTheBigM Posts: 13,125
    Forum Member
    ✭✭
    flagpole wrote: »
    there's a time and a place.

    it's a bit like helpfully telling someone who's just lost someone in a car crash how important seatbelts are.

    but specifically it is completely off topic.

    Restoring from a clean image is off-topic? It would have solved the problem with minimal fuss and therefore must surely be on-topic.

    Whilst any anti-malware software might make it seem like it's gone away, you really don't know what damage has been done in the meantime.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    TheBigM wrote: »
    Restoring from a clean image is off-topic? It would have solved the problem with minimal fuss and therefore must surely be on-topic.

    You perfectly well the op doesn't have a system image. don't play dumb.
  • PES 2009PES 2009 Posts: 1,146
    Forum Member
    ✭✭✭
    Mr Teacake wrote: »
    I restarted in safe mode then ran MSCONFIG and unticked all dodgy looking startup programs and it was that simple to fix. I also performed scans.

    Wish it was that simple as I mentioned in the opening post safe mode is not an option as the Police Pop Up comes up in safe mode as soon as it boots into windows.
  • PES 2009PES 2009 Posts: 1,146
    Forum Member
    ✭✭✭
    A windows reinstall is a last resort but looks like it may be the only option to me as I just can't get rid of the bugger.
  • the sandmanthe sandman Posts: 621
    Forum Member
    ✭✭
    First time I've heard of the police virus.
  • TheBigMTheBigM Posts: 13,125
    Forum Member
    ✭✭
    First time I've heard of the police virus.

    Perhaps Andrew Mitchell was behind it? :D
  • LION8TIGERLION8TIGER Posts: 8,484
    Forum Member
    Have a look at method 3 here.
  • mossy2103mossy2103 Posts: 84,307
    Forum Member
    ✭✭✭
    max99 wrote: »
    On the other hand, advising someone on the importance of backups is possibly the single most important piece of computer-related advice that they will ever be given.
    Along with:

    A backup is only a backup if you can restore from it

    (something that a SCO Unix Support person once told me)
  • PES 2009PES 2009 Posts: 1,146
    Forum Member
    ✭✭✭
    LION8TIGER wrote: »
    Have a look at method 3 here.

    Already tried a couple of boot scanners, Kaspersky Rescue Disk and HitmanPro. Both were unable to detect the virus and did pretty much fek all.
  • max99max99 Posts: 9,002
    Forum Member
    Can you actually do anything when Windows starts in Safe Mode? Can you run Task Manager, Explorer, MSConfig, Regedit, etc.? How about running RKill - use the renamed iexplore.exe version if necessary.

    If nothing runs, do you get an error message when you try and run them? You sometimes need to repair the .exe association in order to get programs to run.

    This type of malware is usually pretty easy to remove - as long as you can access Safe Mode and/or things like Task Manager and MSConfig. The malware often just consists of a few files hidden in a handful of common locations. If you know what you're looking for, it's easy to spot and remove them. Booting from a Linux Live Disk will help, but only if you know what you're doing.
Sign In or Register to comment.