Im writing this on my mobile because XP anti spyware has taken over my computer. Its disabled everything because i got an infection this morning and wont let me disable it. My only option is to pay $59 to licence it. How do i turn it off so my installed antivirus can take over and heal it?

It sounds to me like you have a virus pretending to be anti spyware

im always told to restart machine in safe mode then run anti spy and anti virus to clean it off

not much help but hope its some use

Its Malware.

Download malware bytes or adaware and then run that, let it scan your machine and it should clean the pox off of it.

Im writing this on my mobile because XP anti spyware has taken over my computer. Its disabled everything because i got an infection this morning and wont let me disable it. My only option is to pay $59 to licence it. How do i turn it off so my installed antivirus can take over and heal it?

You cant.

You have been infected with Ransomware, the latest Virus "trick".

Ok so maybe "you cant" is a bit strong, but my usual response is to reformat the hard drive and re-install windows from scratch.

Recovery if possible is VERY involved.

There are ways of saving your data, but it involves new hard drives, external USB hard drive caddies and Linux which may be out of your comfort zone.

Whatever you do - DONT give them any money, they are NOT a legitimate company.

Its Malware.

Download malware bytes or adaware and then run that, let it scan your machine and it should clean the pox off of it.

If its the pox I think it is, it wont let you run any executables, saying that it has disabled that for your safety and security.

Worth a try but...

Whatever you do - DONT give them any money, they are NOT a legitimate company.

and also, dont type your credit card details in anywhere or any bank details, dont check your online banking.

I suspect Soulkiss is probably right it wont let you do anything or download anything.

If it were me I'd grab any data off it that I needed then format the thing and start again. It'll probably be quicker than faffing about trying to clean it.

Remember that your AV software is more than likely disabled, so anything you take off it might also be infected, just be careful.

and also, dont type your credit card details in anywhere or any bank details, dont check your online banking.

I suspect Soulkiss is probably right it wont let you do anything or download anything.

If it were me I'd grab any data off it that I needed then format the thing and start again. It'll probably be quicker than faffing about trying to clean it.

Remember that your AV software is more than likely disabled, so anything you take off it might also be infected, just be careful.

agreed

rip your data and refresh the machine...

If you are gonna re-install I would reccomend installing Windows 7. This is not only a much better and safer OS but will also give you the option of keeping your old Windows installation and therefore all your data.

whats the program called, we can google it for ya and find the removal instructions!

Some of this ransomeware actually encrpyts your files, so that they can't be recovered by booting into Linux.

Back up your media and do a full format + fresh instal of windows whatever. If its an old machine stick to winxp, if newer go for win7.

And stop browsing thai-ladyboy ProN :p

And if you do that there is a good chance that you will just re-infect your Windows7 install from the XP one...

Every file on your old installation HAS to be regarded as suspect.

Fortunately the files you will most likely want to keep will be pictures/music/movies and so less likely to have been infected, but even so, should be checked out before you try to run them.

Yer, probably should have said that too. Although as the files are stored in a Windows.old folder it is unlikley the Ransomware will be active unless it it "re-installed" from the infected files. This was probably done by installing a dodgy program and in order to do this on Windows 7 it would need to get around the user account control.

It it was a business computer with sensitive date on I wouldn't reccomend leaving the infected installation on there but if it was my PC I'd risk it.

Obviously it is the OPs own choice the weigh the risks up.

I should state however I have had no actual experience with this type of virus so there is a chance I am talking complete crap.

I had that last year - took the PC to the menders who charged me 40 quid. (Or was it 35?...not sure now.) But then the menders are only next door to me.

I had that last year - took the PC to the menders who charged me 40 quid. (Or was it 35?...not sure now.) But then the menders are only next door to me.

Did they re-install Windows or just remove the virus?

I had this very same one yesterday, rang my daughter who is an It specialist. She had it as well, she came over, started comp up in safe made, downloaded malwarebyte, scanned and removed the pesky virus and comp was fixed, apparently loads of computers are getting it. Its a clever virus and most people panic and hand over their money.

Daryl.

Yer, probably should have said that too. Although as the files are stored in a Windows.old folder it is unlikley the Ransomware will be active unless it it "re-installed" from the infected files. This was probably done by installing a dodgy program and in order to do this on Windows 7 it would need to get around the user account control.

It it was a business computer with sensitive date on I wouldn't reccomend leaving the infected installation on there but if it was my PC I'd risk it.

Obviously it is the OPs own choice the weigh the risks up.

I should state however I have had no actual experience with this type of virus so there is a chance I am talking complete crap.

The danger isn't of cross-infection, as you say, different folder etc.

The danger is the infected files being accessable to the user(s) of the machine who may, some time in the future, go into that folder and the execute an infected file, forgetting the danger...

To start your computer in safe mode switch it on and keep pressing F8, then click on safe mode with networking, start i.explorer or firefox, google malwarebytes.com download it and then run quick scan, worked for our computers. Sorry if this is teaching you how to suck eggs but I didn't know how to start in safe mode.

Daryl.

To start your computer in safe mode switch it on and keep pressing F8, then click on safe mode with networking, start i.explorer or firefox, google malwarebytes.com download it and then run quick scan, worked for our computers. Sorry if this is teaching you how to suck eggs but I didn't know how to start in safe mode.

Daryl.

Might work, didn't with the last one of these I had to deal with.

But well worth a try.

Minimum recommendation from me is to bin the hard drive, you want nothing from it.

Learn a lesson, think about what you need to retain and build a backup strategy about that.

Minimum recommendation from me is to bin the hard drive, you want nothing from it.

Learn a lesson, think about what you need to retain and build a backup strategy about that.

Binning the HDD is a little overkill perhaps? Simply formatting it would do the job, so long as no one tries to recover data from the old partition table.

Ok, A bit of an update. I'm back on the computer and it looks like only one user profile is infected as I used an old one and it seems OK.

I've managed to download and start scanning with Malwearbytes but I'm concerned that if it asks me to buy it at the end I'll have to enter credit card details to do so. Can someone confirm that Malwarebytes is freeware? Or at least that it'll be quarantined enough to buy a licence?

The computer I'm on was specially built for my old company and has 4 harddrives all backing each other up and running various different software. "Just binning it" isn't an option. :)

More later when Malwarebytes has done its thing...

C

Had one of these at work last week. This may help, it may not (depending on the lurgy) and it involves jumping into the registry, so only do this if you are confident in what you are doing.

If you can, use PSLIST to query the running processes from another PC - there may well be something like "UYDYHBKFDIetc.exe"
Look at HKCU\Software\Windows\Current Version\RunOnce for that exe (or a well random named one)
Note the file path to that exe and delete the value.
This shouldn't cause any damage as items listed in RunOnce are removed on next login/boot. This virus writes itself back into RunOnce to avoid being found in Run - sneaky!
Okay, now logout and log back in again. The fake AV program should not now be running.
Browse to the folder you noted from the RunOnce command and delete the offending item.
Now update your AV and scan away

update: just seen your update as I was typing this.
As it's in one profile, you can load that profiles ntuser.dat reg hive and and go to HKU\hivename\Software\etc

As I said at the top of the post - this may work, it may not work, and don't go into the registry unless know what you're up to

HTH

Ok, A bit of an update. I'm back on the computer and it looks like only one user profile is infected as I used an old one and it seems OK.

I've managed to download and start scanning with Malwearbytes but I'm concerned that if it asks me to buy it at the end I'll have to enter credit card details to do so. Can someone confirm that Malwarebytes is freeware? Or at least that it'll be quarantined enough to buy a licence?

The computer I'm on was specially built for my old company and has 4 harddrives all backing each other up and running various different software. "Just binning it" isn't an option. :)

More later when Malwarebytes has done its thing...

C


Yep, it's freeware unless you go for the 'bells and whistles' version.

For what you're seeking to rectify though the freeware one should do it.


hth, Trev

Ok, A bit of an update. I'm back on the computer and it looks like only one user profile is infected as I used an old one and it seems OK.

I've managed to download and start scanning with Malwearbytes but I'm concerned that if it asks me to buy it at the end I'll have to enter credit card details to do so. Can someone confirm that Malwarebytes is freeware? Or at least that it'll be quarantined enough to buy a licence?

The computer I'm on was specially built for my old company and has 4 harddrives all backing each other up and running various different software. "Just binning it" isn't an option. :)

More later when Malwarebytes has done its thing...

C

As long as you pressed pressed free download you won't be charged, it just doesn't download the full version.

Daryl

I had something similar a while back and so logged on my laptop with a different user and did a system refresh, or whatever its called, to an earlier date. It seems to have taken it off and all has been well since.

I got this also, dont suppose you had visited the review site lately? Its a pain in the ar$e but very simple to cure.
As already stated, run in safe mode, download the free version of mailwarebytes, scan and it should clear it.
Warning to everyone the site reviewcentre.com is riddled with this virus.

Ok, (he says fingers crossed) it looks like its gone. :)

Malwearbytes was useless and didn't touch it.

but a simple reset back to three weeks ago got rid of it. All working tickety boo.

Now I have to revisit one of two sites I visited this morning so hopefully it's not that one. (prof photographers site, nothing to do with Thai ladyboys :) ).

C

Did they re-install Windows or just remove the virus?
TBH Lenny, I don't know, but I did notice a new shortcut on my desk top for 'reg cure'.

TBH Lenny, I don't know, but I did notice a new shortcut on my desk top for 'reg cure'.

Probably not then.

Ok, (he says fingers crossed) it looks like its gone. :)

Malwearbytes was useless and didn't touch it.

but a simple reset back to three weeks ago got rid of it. All working tickety boo.

Now I have to revisit one of two sites I visited this morning so hopefully it's not that one. (prof photographers site, nothing to do with Thai ladyboys :) ).

C

Erm no,

Run something like spybot or adaware and install Microsoft Security Essentials.

This could have been sitting on your machine for a while.

+1 I'd be surprised if it hasn't infected your restore points

This virus has the ability to electrocute you, don't touch the keyboard! In fact don't go in the same room 'cos the mouse will run across the floor, up your trouser leg, and ram itself up your rrrsss so quick, you'll be the one doing the squeaking. If you have your Mum on Windows Messenger, go round to her house and shoot her, you'll be saving the rest of the planet from hemorrhagic fever, the film 'Outbreak' is nothing compared to this mutha! :rolleyes:

I can only assume most of the so called "IT guys" on this thread are all in cahoots to wind you up, because how they could possibly post the advice posted if it were in all seriousness, based upon the information you gave, completely beats me!

Malwearbytes was useless and didn't touch it.

Odd, thats normally the most powerful / best at removing those kind of things.

Even if you've done a restore. I'd be worried you havent got rid of it, they are normally sneaky b*stards and take some cleaning off. Which is why I suggested the full monty i.e. format and restore.

I'd be inclined now you have it running to run malware bytes again or try adware or the other one is spybot search and destroy. Dont be so sure you've got rid of it...

download a few of the anti spyware jobbys, one at a time and try them, just cos one didn't pick anything up doesn't mean another won't. I use super anti spyware, as well as microsoft security essentials, but they don't always pick every thing up, download from filehippo.com, hth

Done the Spybot Search and destroy thing and alls well. :) That virus was less painful than the common cold :)

Now you watch it come back and bite me in the ****! :)

C

Some of the early variants of this type of malware where nothing more than an executable and a run on startup registry entry, which created the pop up every 30 minutes, then took you to website to enter your credit card details if you clicked on "buy" the software. So long you had the sense not to buy the software, the malware itself was pretty harmless to the PC, just annoying pop ups. It could be that was all you had. You'll soon find out.

I had this and with the use of tips via a search on google, managed to get rid of it for the most part but my laptop never really recovered. Lots of lagging. I saved all my media etc and then wiped the HD reinstalled windows as well as a partition for Ubuntu. I do most of my internet trawling now via the Ubuntu and only go back to windows for office etc. Works well for me.

I've got Linux Mint on my media centre PC, recommended by someone on here. It only gets switched on occasionally to watch iPlayer or a DVD, so I was fed up of it doing half an hour of updates to Windows, Anti-Virus and every other bit of software every time I switched it on.

I had this and with the use of tips via a search on google, managed to get rid of it for the most part but my laptop never really recovered. Lots of lagging. I saved all my media etc and then wiped the HD reinstalled windows as well as a partition for Ubuntu. I do most of my internet trawling now via the Ubuntu and only go back to windows for office etc. Works well for me.

Same here.

If ubuntu had any office software that actually worked I'd be laughing, seems openoffice and the like are fine for the person who does next to nothing, or the uber-geek who does everything... but complete sh*te for the person who's about in the middle!

Only other thing I use windoze for is solidworks.

Same here.

If ubuntu had any office software that actually worked I'd be laughing, seems openoffice and the like are fine for the person who does next to nothing, or the uber-geek who does everything... but complete sh*te for the person who's about in the middle!

Only other thing I use windoze for is solidworks.

If you must use Windows Chris, have a play with VirtualBox - runs windows inside your Ubuntu install.

+1 for Malwarebytes
I had a "Windows Recovery" ransomeware on my computer that hid all my files and programs this morning.

I downloaded Malwarebytes and followed the instructions off their website to get rid of the problem and then downloaded an .exe off the website to unhide everything. Took me three hours! but I am hopefully clear and up and running again.

I downloaded it from http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery which had all the insturction on what to do on their page.

+1 for Malwarebytes
I had a "Windows Recovery" ransomeware on my computer that hid all my files and programs this morning.

I downloaded Malwarebytes and followed the instructions off their website to get rid of the problem and then downloaded an .exe off the website to unhide everything. Took me three hours! but I am hopefully clear and up and running again.

I downloaded it from http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery which had all the insturction on what to do on their page.

Personally I would back up my data and do a reformat/reinstall

But then I am paranoid that way.

Personally I would back up my data and do a reformat/reinstall

But then I am paranoid that way.

+ 1

reformat your hard drive/reinstall windows, get it up all up and running, configure and install all your programs ect ect, then take an image of the Hard Drive.
Next time you happen to get infected reformat and reload the image.
But always keep a backup or two of your important data on an external drive or some form of media and transfer back across.

I recommend http://clonezilla.org/ for a free quite simple to use utility.