XP holding me to ransome - Page 3 - SV650.org

04-04-11, 10:37 AM

Quote:

Originally Posted by timwilky

Minimum recommendation from me is to bin the hard drive, you want nothing from it.

Learn a lesson, think about what you need to retain and build a backup strategy about that.

Binning the HDD is a little overkill perhaps? Simply formatting it would do the job, so long as no one tries to recover data from the old partition table.

04-04-11, 11:01 AM

Ok, A bit of an update. I'm back on the computer and it looks like only one user profile is infected as I used an old one and it seems OK.

I've managed to download and start scanning with Malwearbytes but I'm concerned that if it asks me to buy it at the end I'll have to enter credit card details to do so. Can someone confirm that Malwarebytes is freeware? Or at least that it'll be quarantined enough to buy a licence?

The computer I'm on was specially built for my old company and has 4 harddrives all backing each other up and running various different software. "Just binning it" isn't an option.

More later when Malwarebytes has done its thing...

C

phi-dan · 04-04-11, 11:08 AM

Had one of these at work last week. This may help, it may not (depending on the lurgy) and it involves jumping into the registry, so only do this if you are confident in what you are doing.

If you can, use PSLIST to query the running processes from another PC - there may well be something like "UYDYHBKFDIetc.exe"
Look at HKCU\Software\Windows\Current Version\RunOnce for that exe (or a well random named one)
Note the file path to that exe and delete the value.
This shouldn't cause any damage as items listed in RunOnce are removed on next login/boot. This virus writes itself back into RunOnce to avoid being found in Run - sneaky!
Okay, now logout and log back in again. The fake AV program should not now be running.
Browse to the folder you noted from the RunOnce command and delete the offending item.
Now update your AV and scan away

update: just seen your update as I was typing this.
As it's in one profile, you can load that profiles ntuser.dat reg hive and and go to HKU\hivename\Software\etc

As I said at the top of the post - this may work, it may not work, and don't go into the registry unless know what you're up to

HTH

04-04-11, 11:11 AM

Quote:

Originally Posted by Berlin

Ok, A bit of an update. I'm back on the computer and it looks like only one user profile is infected as I used an old one and it seems OK.

I've managed to download and start scanning with Malwearbytes but I'm concerned that if it asks me to buy it at the end I'll have to enter credit card details to do so. Can someone confirm that Malwarebytes is freeware? Or at least that it'll be quarantined enough to buy a licence?

The computer I'm on was specially built for my old company and has 4 harddrives all backing each other up and running various different software. "Just binning it" isn't an option.

More later when Malwarebytes has done its thing...

C

Yep, it's freeware unless you go for the 'bells and whistles' version.

For what you're seeking to rectify though the freeware one should do it.

hth, Trev

04-04-11, 11:13 AM

Quote:

Originally Posted by Berlin

Ok, A bit of an update. I'm back on the computer and it looks like only one user profile is infected as I used an old one and it seems OK.

I've managed to download and start scanning with Malwearbytes but I'm concerned that if it asks me to buy it at the end I'll have to enter credit card details to do so. Can someone confirm that Malwarebytes is freeware? Or at least that it'll be quarantined enough to buy a licence?

The computer I'm on was specially built for my old company and has 4 harddrives all backing each other up and running various different software. "Just binning it" isn't an option.

More later when Malwarebytes has done its thing...

C

As long as you pressed pressed free download you won't be charged, it just doesn't download the full version.

Daryl

04-04-11, 11:18 AM

I had something similar a while back and so logged on my laptop with a different user and did a system refresh, or whatever its called, to an earlier date. It seems to have taken it off and all has been well since.

04-04-11, 12:11 PM

I got this also, dont suppose you had visited the review site lately? Its a pain in the ar$e but very simple to cure.
As already stated, run in safe mode, download the free version of mailwarebytes, scan and it should clear it.
Warning to everyone the site reviewcentre.com is riddled with this virus.

04-04-11, 02:13 PM

Ok, (he says fingers crossed) it looks like its gone.

Malwearbytes was useless and didn't touch it.

but a simple reset back to three weeks ago got rid of it. All working tickety boo.

Now I have to revisit one of two sites I visited this morning so hopefully it's not that one. (prof photographers site, nothing to do with Thai ladyboys

).

C

Stingo · 04-04-11, 02:20 PM

Quote:

Originally Posted by L3nny

Did they re-install Windows or just remove the virus?

TBH Lenny, I don't know, but I did notice a new shortcut on my desk top for 'reg cure'.

L3nny · 04-04-11, 02:32 PM

Quote:

Originally Posted by Stingo

TBH Lenny, I don't know, but I did notice a new shortcut on my desk top for 'reg cure'.

Probably not then.

04-04-11, 11:01 AM	#22
Berlin Guest Posts: n/a	Re: XP holding me to ransome Ok, A bit of an update. I'm back on the computer and it looks like only one user profile is infected as I used an old one and it seems OK. I've managed to download and start scanning with Malwearbytes but I'm concerned that if it asks me to buy it at the end I'll have to enter credit card details to do so. Can someone confirm that Malwarebytes is freeware? Or at least that it'll be quarantined enough to buy a licence? The computer I'm on was specially built for my old company and has 4 harddrives all backing each other up and running various different software. "Just binning it" isn't an option. More later when Malwarebytes has done its thing... C

04-04-11, 11:08 AM	#23
phi-dan Member Join Date: Apr 2009 Location: going up Camborne hill coming down Posts: 251	Re: XP holding me to ransome Had one of these at work last week. This may help, it may not (depending on the lurgy) and it involves jumping into the registry, so only do this if you are confident in what you are doing. If you can, use PSLIST to query the running processes from another PC - there may well be something like "UYDYHBKFDIetc.exe" Look at HKCU\Software\Windows\Current Version\RunOnce for that exe (or a well random named one) Note the file path to that exe and delete the value. This shouldn't cause any damage as items listed in RunOnce are removed on next login/boot. This virus writes itself back into RunOnce to avoid being found in Run - sneaky! Okay, now logout and log back in again. The fake AV program should not now be running. Browse to the folder you noted from the RunOnce command and delete the offending item. Now update your AV and scan away update: just seen your update as I was typing this. As it's in one profile, you can load that profiles ntuser.dat reg hive and and go to HKU\hivename\Software\etc As I said at the top of the post - this may work, it may not work, and don't go into the registry unless know what you're up to HTH __________________ Was: Red curvy S: crash bungs, double bubble screen, fenda extenda, HEL front lines, OEM belly pan Now: Blue FZ6 Fazer

04-04-11, 11:18 AM	#26
FG1 Guest Posts: n/a	Re: XP holding me to ransome I had something similar a while back and so logged on my laptop with a different user and did a system refresh, or whatever its called, to an earlier date. It seems to have taken it off and all has been well since.

04-04-11, 12:11 PM	#27
irons Guest Posts: n/a	Re: XP holding me to ransome I got this also, dont suppose you had visited the review site lately? Its a pain in the ar$e but very simple to cure. As already stated, run in safe mode, download the free version of mailwarebytes, scan and it should clear it. Warning to everyone the site reviewcentre.com is riddled with this virus.

04-04-11, 02:13 PM	#28
Berlin Guest Posts: n/a	Re: XP holding me to ransome Ok, (he says fingers crossed) it looks like its gone. Malwearbytes was useless and didn't touch it. but a simple reset back to three weeks ago got rid of it. All working tickety boo. Now I have to revisit one of two sites I visited this morning so hopefully it's not that one. (prof photographers site, nothing to do with Thai ladyboys ). C

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
The screws holding the plastics on	shonadoll	SV Talk, Tuning & Tweaking	15	08-02-09 10:43 PM
Rear Brake Pad Holding Pin Seized	madeye	SV Talk, Tuning & Tweaking	9	14-12-08 02:49 PM
Avoid Points by Holding More Than One Licence	I'm_a_Newbie	Bikes - Talk & Issues	10	22-09-07 02:11 PM
Those clips holding the brake pads in...	tigersaw	SV Talk, Tuning & Tweaking	4	09-02-06 01:31 PM