Digital Spy

Search Digital Spy
 

DS Forums

 
 

Help/Warning:'Policeman' Virus(?)


Reply
Thread Tools Search this Thread
Old 14-05-2013, 17:48
Angela_Jenkins
Forum Member
 
Join Date: May 2013
Posts: 4

With thanks in advance for any help, we are once again locked out of our other laptop (Vista)
This virus screen has a policeman at the top & attempts to get us to pay a fine for abusing media copyright &/or browsing porn.
We have 'Chameleon' & 3 Rkill versions on a usb, ready to use as soon as we have logged on via F8 Safe Network.

We've got Rkill to start scanning a few times, but the virus always intervenes.

We think this virus may have arrived with the 'System Care Antivirus' virus. We feel like 'Babes in the WWW Woods.
Angela_Jenkins is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 14-05-2013, 19:45
LION8TIGER
Forum Member
 
Join Date: May 2005
Posts: 7,277
http://forums.digitalspy.co.uk/showt...596&highlight=
LION8TIGER is offline   Reply With Quote
Old 14-05-2013, 20:29
woodbush
Forum Member
 
Join Date: Apr 2008
Location: Scottish Borders
Posts: 27,763
This thread may help.

http://forums.digitalspy.co.uk/showt...ighlight=virus
woodbush is online now   Reply With Quote
Old 14-05-2013, 21:40
Sick Bullet
Forum Member
 
Join Date: Mar 2006
Location: Chadderton
Posts: 9,047
Pretty common now that it seems to be popping up a lot, safe mode then restore works for this.
Sick Bullet is offline   Reply With Quote
Old 14-05-2013, 22:31
platelet
Forum Member
 
Join Date: May 2002
Location: GL51 0EX
Posts: 7,005
http://www.bleepingcomputer.com/virus-removal/ is your best bet if you have any problems. They have many many guides on removal and an excellent forum where people will take you through step by step
platelet is offline   Reply With Quote
Old 14-05-2013, 22:39
iangrad
Forum Member
 
Join Date: Mar 2006
Posts: 768
There are loads of methods of removing virus / malware on the net
BUT could you ever trust that PC again --- not likely for anything personal and NEVER for online banking !

Bite on the bullet and do a full reinstall from the recovery section of your HDD - PC will run better as a result as a bonus LOL
iangrad is offline   Reply With Quote
Old 15-05-2013, 23:46
Angela_Jenkins
Forum Member
 
Join Date: May 2013
Posts: 4
Thank you all for your help. I have tried ALL the solutions via links recommended here.
Actually made & used a rescue CD, which SEEMED to boot OK & then ran Chameleon & Rkill from a USB stick.
After several hours of Malware downloading & scanning, the computer was working again, but some split Explorer screens were deformed. Attempting to adjust the boundaries with touch pad and buttons, so that files could be copied from one sector to another by dragging did not work, so I shut down, waited a few moments & rebooted again.
Only to find the Cheshire police ransom ware still blocking every move. In desperation I've tried the recovery discs I made when the machine was new, but the ransom ware blocked these too.
Finding out how these work for an Acer Aspire 5738 running Vista, via the web is a task for tomorrow.
Any further help at all will still be greatly appreciated however.
Angela_Jenkins is offline   Reply With Quote
Old 15-05-2013, 23:59
scumble
Forum Member
 
Join Date: Oct 2008
Posts: 918
You tried safe mode and restore, and it didn't work?

So long as you have a restore point set a decent interval in the past, it should definitely work.
scumble is offline   Reply With Quote
Old 16-05-2013, 00:10
LION8TIGER
Forum Member
 
Join Date: May 2005
Posts: 7,277
Actually made & used a rescue CD, which SEEMED to boot OK & then ran Chameleon & Rkill from a USB stick.
In desperation I've tried the recovery discs I made when the machine was new, but the ransom ware blocked these too.
Finding out how these work for an Acer Aspire 5738 running Vista, via the web is a task for tomorrow.
On these occasions have you gone into the BIOS or boot order and put your CD/DVD drive as the first to boot from ?
If not try it with the rescue disk, which one is it by the way ?
LION8TIGER is offline   Reply With Quote
Old 16-05-2013, 00:56
max99
Forum Member
 
Join Date: Jun 2005
Posts: 8,631
In desperation I've tried the recovery discs I made when the machine was new, but the ransom ware blocked these too.
Finding out how these work for an Acer Aspire 5738 running Vista, via the web is a task for tomorrow.
Any further help at all will still be greatly appreciated however.
You should be able to run the factory recovery by selecting the Acer eRecovery on the Start / Programs Menu, or by pressing Alt and F10 together as soon as you switch on the computer.

This will erase everything and revert the computer back to exactly how it was when first bought, so ensure you backup any important files first.

When the recovery is completed, you'll need to ensure Windows and your AV software is fully up-to-date. Do this before copying your files back on. Also, and most importantly, spend a little time reading up on the basics of online security:

http://security.gt500.org/prevention
max99 is offline   Reply With Quote
Old 16-05-2013, 15:06
iangrad
Forum Member
 
Join Date: Mar 2006
Posts: 768
What Max99 said + when you get it back up and running download " microsoft security essentials"
its excellent and free -- no need for any of the other thing you mentioned on USB stick !
iangrad is offline   Reply With Quote
Old 16-05-2013, 18:55
Zenith
Forum Member
 
Join Date: Dec 2002
Location: East London
Posts: 2,846
What Max99 said + when you get it back up and running download " microsoft security essentials"
its excellent and free -- no need for any of the other thing you mentioned on USB stick !
MSE does not stop this malware.
Zenith is offline   Reply With Quote
Old 17-05-2013, 02:28
LION8TIGER
Forum Member
 
Join Date: May 2005
Posts: 7,277
MSE does not stop this malware.
I doubt most Antivirus will stop it, I think the trick is to have your computer set up so as you never come across it.
LION8TIGER is offline   Reply With Quote
Old 17-05-2013, 12:27
Zenith
Forum Member
 
Join Date: Dec 2002
Location: East London
Posts: 2,846
I doubt most Antivirus will stop it, I think the trick is to have your computer set up so as you never come across it.
Any suggestions?

I have caught this malware twice now. How do I set my pc up to never come across it?
Zenith is offline   Reply With Quote
Old 17-05-2013, 12:35
curiousclive
Forum Member
 
Join Date: Dec 2011
Location: Slough, UK
Posts: 371
Any suggestions?

I have caught this malware twice now. How do I set my pc up to never come across it?
More a case of being more careful in what you install and what links you click on.

Getting the paid for version of Malwarebytes is also worth it as it runs in real time to help protect you.
curiousclive is offline   Reply With Quote
Old 17-05-2013, 12:51
Zenith
Forum Member
 
Join Date: Dec 2002
Location: East London
Posts: 2,846
More a case of being more careful in what you install and what links you click on...
Well that's the problem isn't it. When you do a Google search, how do you know which sites not to click on? This was how I got this malware, by simply visiting a site thrown up by a Google search.
...Getting the paid for version of Malwarebytes is also worth it as it runs in real time to help protect you.
This is what I was going to do, but a poster in another thread said that you cannot run Malwarebytes with real-time protection, as well as MSE, even though they detect different viruses/malware.

Don't know how accurate this is. Has anyone actually tried running both?

edit...this was the post:-

http://forums.digitalspy.co.uk/showp...4&postcount=26
Zenith is offline   Reply With Quote
Old 17-05-2013, 13:39
The Rat
Guest
 
Join Date: Feb 2007
Posts: 5,914
Well that's the problem isn't it. When you do a Google search, how do you know which sites not to click on? This was how I got this malware, by simply visiting a site thrown up by a Google search.
Traditionally, a lot of the shit you get through Google was in the paid ads. Using MVPS hosts goes a long way to rendering Google's sponsored garbage useless. It also has additional protection from general "bad" sites.

Furthermore as a habit, I recommend not using Google search results more than a couple of pages deep. PageRank works such that it has *some* site quality filtering. Note, this is not a hard and fast fact, but can be statistically relevant with large index sets in the PageRank algorithm.

This is what I was going to do, but a poster in another thread said that you cannot run Malwarebytes with real-time protection, as well as MSE, even though they detect different viruses/malware.

Don't know how accurate this is. Has anyone actually tried running both?

edit...this was the post:-

http://forums.digitalspy.co.uk/showp...4&postcount=26
You can run both MSE and Malwarebytes side-by-side without any problem.

Dave
The Rat is offline   Reply With Quote
Old 17-05-2013, 14:30
LION8TIGER
Forum Member
 
Join Date: May 2005
Posts: 7,277
Any suggestions?

I have caught this malware twice now. How do I set my pc up to never come across it?
As Dave says above MVPS does a great job, in fact I think I started using it from a link he left some time ago.

Well that's the problem isn't it. When you do a Google search, how do you know which sites not to click on? This was how I got this malware, by simply visiting a site thrown up by a Google search.
I use WOT to filter Google search results, it sometimes flags up safe sites as not being safe but in my experience it never says a site is safe when it isn't.

Ad blocking can be useful as well.

Edit: A sandboxed web browser offers some protection also.
LION8TIGER is offline   Reply With Quote
Old 17-05-2013, 14:32
liamhere
Forum Member
 
Join Date: Mar 2007
Location: birmingham U.K
Posts: 1,923
Avast Free Works For Me....get A Alert And Just Close The Page....fast
liamhere is offline   Reply With Quote
Old 17-05-2013, 14:48
rhumble
Forum Member
 
Join Date: Sep 2011
Location: Birmingham
Posts: 53,744
Reboot into safe mode,,,,go into start up programs and there should be a file you don't recognise, delete it, run your anti virus checker to make sure its gone, (ideally do a boot time scan) and then start up in normal mode.

This virus is just a screen that happens when you try to start up, because the virus is in start up you will always see the policeman screen unless you get rid of it out of your start up programs.

Do not fear you have not looked at or done anything wrong on the internet, but it is a clever virus and many people have paid the fine in fear. Do not worry
rhumble is offline   Reply With Quote
Old 17-05-2013, 16:11
Knarf44
Forum Member
 
Join Date: Jul 2004
Location: Back in Brazil
Posts: 3,741
There's a very good tutorial for removing this virus and a few others on the "Britec09" YouTube Channel. In fact there's a lot of good stuff on that channel including software reviews all explained in a way even the non-techiest of non-techiest people can follow.
Knarf44 is offline   Reply With Quote
Old 17-05-2013, 16:27
liamhere
Forum Member
 
Join Date: Mar 2007
Location: birmingham U.K
Posts: 1,923
FYI, turn pc off and disconnect from web....and start pc and the screen won't come on
only once you connect...and then try system restore
liamhere is offline   Reply With Quote
Old 17-05-2013, 16:51
rhumble
Forum Member
 
Join Date: Sep 2011
Location: Birmingham
Posts: 53,744
FYI, turn pc off and disconnect from web....and start pc and the screen won't come on
only once you connect...and then try system restore
This will not delete the virus though,,,,,it has to be deleted from the start up programs as this is where the virus is.

as long as the virus is deleted from the start up, then you will be able to restart your pc as normal. Run a virus checker to make sure it has gone.

When I had the virus, I did all of what I have posted and never had to use system restore
rhumble is offline   Reply With Quote
Old 17-05-2013, 23:46
Zenith
Forum Member
 
Join Date: Dec 2002
Location: East London
Posts: 2,846
Thanks The Rat & LION8TIGER for those suggestions.

It does take more than the "standard" suggestions to keep this malware away. Unfortunately there are other posters who simply say "keep your AV up to date, keep your windows up to date, don't visit porn sites, & don't download unknown files & you will be OK".

This is obviously not the case. This malware can be caught simply by visiting a website, so the extra precautions you suggested are needed to make it harder to contract this malware.

edit...thanks also to those above & on the other thread who said it's OK to run Malwarebytes real-time protection with MSE.
Zenith is offline   Reply With Quote
Old 18-05-2013, 09:49
Thine Wonk
Forum Member
 
Join Date: Mar 2009
Posts: 10,138
Thanks The Rat & LION8TIGER for those suggestions.

It does take more than the "standard" suggestions to keep this malware away. Unfortunately there are other posters who simply say "keep your AV up to date, keep your windows up to date, don't visit porn sites, & don't download unknown files & you will be OK".

This is obviously not the case. This malware can be caught simply by visiting a website, so the extra precautions you suggested are needed to make it harder to contract this malware.

edit...thanks also to those above & on the other thread who said it's OK to run Malwarebytes real-time protection with MSE.
Simply by visiting a website using a vulnerable machine, without the latest Java, with the java plugin enabled in the browser etc.

Are your UAC settings correct, are unnecessary plugins removed from the browser. Do you keep your browser, flash, java, PDF readers etc up to date. Do you disable software you don't use in the plugins?

The vast majority of these are exploited via the Java browser plugin. If you don't need it uninstall it, if you need Java on the machine disable the browser plugin. If you need it in the browser use multiple browsers, one for the thing you absolutely need it for and then another browser for the rest of your browsing.

Obviously you also need to do Windows updates as efficiently as you can when they come out.

If you had malware once and didn't do a full re-install then you're at higher risk as it's very difficult to completely remove it and you're never quite sure what else it did on the system.
Thine Wonk is offline   Reply With Quote
 
Reply



Thread Tools Search this Thread
Search this Thread:

Advanced Search

 
Forum Jump


All times are GMT +1. The time now is 14:53.