We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

PCeU Ransomware


Inside Edge
Resolved

Likes # 0

Hi, ....My PC has been infected with the PCeU virus and it's locked. I can't boot it to Safe Mode either so have been unable to run any malware removal software.

I have 2 bootable HDD's in the PC so I booted to the clean one and have been trying to scan the infected drive from there. However, Malwarebytes, SuperAntiSpyware and a couple of others don't seem to find anything on the infected drive except some tracking cookies. When the scans run, they specifically look at the registry of the clean drive i've booted from, but don't seem to scan the registry of the infected one - where I'm led to believe all the junk gets installed. I'm usingSuperantispyware to scan specific parts of the infected HDD right now but still nothing substantial detected. The Emisoft Emergency kit looked more promising yesterday as it was finding more stuff than the others but was still running it's scan after 10 hours or so and eventually crashed without completing. I couldn't make it's custom scan option work, so it kept going right through the clean drive first, including thousands of jpgs and music files.

I'm running XP

Any suggestions gratefully received.

Many thanks in advance.

Bernie

Like this post
lotvic

Likes # 0

If this ransomware blocks your screen when you start your computer in safe mode with networking, try starting your PC in safe mode with command prompt. from ClickHere - has screenshots

  1. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.

  2. In the opened command prompt type explorer and press Enter. This command will open explorer window, don't close it and continue to the next step.

  3. In the command prompt type regedit and press Enter. This will open the registry editor window.

  4. In the registry editor window you should navigate to HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

  5. In the right side of the window locate "Shell" and right click on it. Click on Modify. The default value data is Explorer.exe if you see something else written in this window remove it and type in Explorer.exe (you can write down whatever else was written in the value data section - this is a path of the rogue execution file) - use this information to navigate to the rogue executable and remove it.

  6. Restart your computer, download and install a legitmate anti-spyware software and perform a full system scan to eliminate any left remnants of Metropolitan Police scam.

If command prompt still won't open Windows, there are more ways to do remove the Ransomeware they are on the link I've posted and it tells you which files need to be deleted.

Like this post
lotvic

Likes # 0

oops, forgot the links ClickHere and also clickhere

Like this post
lotvic

Likes # 0

Perhaps you could skip 1, 2, 3 and navigate step 4 and then do step 5 from your good clean bootup harddrive

Like this post
Phil Ocifer

Likes # 0

I received this particularly nasty piece of ransom ware.

I cleared it off by the F8 method above and booting into safe mode with networking and selected the option to run System Restore back to the most recent good point (a couple of days earlier).

This worked, and the system came back up fine. I then downloaded super anti malware bytes (or whatever it is called) and did a scan and clean.

Seems to have cleared everything off fine and that was about 8 weeks ago.

I just thought I'd mention this, as I also investigated the methods above and thought "too much trouble".

Like this post
Inside Edge

Likes # 0

Hi All, ...thanks for the very prompt and useful ideas. I'm just headed home from work and will try these in a couple of hours and post back with the outcome.

By way of further information, when I tried F8 previously, I got the Advanced Options Menu up but when I selected Safe Mode (and later when trying Safe Mode with Networking), on pressing Enter, a progress bar came up which ran right to the end and stopped. Despite waiting several minutes, it seemed to hang there and never reached Safe Mode. I was wondering if the malware was causing that hang.

Nonetheless I'll try all your suggestions.

Thanks again

Like this post
Inside Edge

Likes # 0

Hi All, ...

Due to the infection apparently affectin my access to the Windows advanced boot menu, I opted to try the Kaspersky Rescue disk suggestion. It appears to have worked without any hitches. The disk was easy to create and I was able to boot to it right away. It took around 4 hours to scan my HDD but that's due to the fact that I didn't exclude any files at all from the scan and I have a lot of music, video and pics on the drive. It picked up lots of nasties and either quarantined or deleted them, ....I wasn't sure how it decided which to do ! The PC then booted normally and I've just run a scan with McAfee, my installed antivirus software. That's taken an age too, but it's only found one infection and dealt with it. I'll follow that with Antimalwarebytes and/or Superantispyware for good measure.

I sent a query to Superantispyware by the way and they said that it wouldn't be able to scan the registry entries on a secondary HDD as I was originally trying to do.

So, all seems to be well - thanks again to everyone for your responses, your help really is appreciated.

Bernie

Like this post  

Reply to this topic

This thread has been locked.



IDG UK Sites

LG G Watch review: Android Wear smartwatch is the best around, so far

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

See Glasgow 2014 in UHD as history is made