We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

Tried to remove UK Police Ransomware and Vista not working - help!


entsal007
Resolved

Likes # 0

Hi there

My wife recently had her laptop (running Vista) infected with the UK Police Ransomware which was locking everything out. After some searching we came across the HitManPro malware removal app. We created a USB bootable of this and successfully ran a scan on the laptop, and it requested it delete the file 77cbc18d.exe which it advised was "suspicious". Many other methods had failed to get this far so it looked like a major success! However, now when we boot up the laptop it goes into Vista as far as asking for the user password, then comes up with the DOS command screen containing the following error message:

77cbc18d.exe is not recognized as an internal or external command, operable program or batch file.

I've tried the DOS Shutdown command, rebooted, etc but it continues to boot up into this same DOS window, and will not go into Windows at all.

Our problems are therefore: 1) Was removal of this file actually successful in removing the virus? 2) How can we fix the above DOS error message and successfully boot the PC into its normal Vista environment.

Many thanks for any help, tips or advice. We're relatively PC literate but not fantastic techies sorry.

Regards.

Like this post
RobCharles1981

Likes # 0

Go on youtube and search your problem there is a tutorial on there by "Britec09" who does very helping tutorials.

https://www.youtube.com/results?searchquery=UK+Police+Ransomware&oq=UK+Police+Ransomware&gsl=youtube.3...1273.1273.0.1965.1.1.0.0.0.0.73.73.1.1.0...0.0...1ac.2.11.youtube.WSCy0VSdAnQ

Like this post
entsal007

Likes # 0

I can select the Safe mode options, but whichever I choose it still puts me into the MS DOS window with same error message as above.

I typed MSCONFIG and disabled all items for startup, rebooted and it has still brought me back into the dreaded MS DOS box.

How can I get into admin mode via an MS DOS command, in order to do the SCANNOW?

Thanks

Like this post
Fruit Bat /\0/\

Likes # 1

1) Was removal of this file actually successful in removing the virus?

Partly it has removed the ransom screen message and lock up but the part of the virus starting the ransom screen is still there.

2) How can we fix the above DOS error message and successfully boot the PC into its normal Vista environment.

I think the way forward is to do a system restore to a point before the problem started. As you cannot get into Vista you will need to do it from the Advanced tools menu.

You need to look at Windows Repair Your Computer options.

  • Startup repair - This automatically fixes problems that are preventing Windows from starting
  • System Restore - This will Restore Windows to an earlier point in time
  • Windows Complete PC Restore - This will completely restore your entire PC - programs, system settings and files - from a back up that you have previously created (Available in Windows Vista Business, Enterprise and Ultimate editions only)
  • Windows Memory Diagnostic Tool - This checks your computer's memory hardware for errors
  • Command Prompt - This opens a Command Window

With the Complete PC Restore Option you must have made a backup of your system, either on your hard drive or on a set of DVDs, in order to use this option. If you don't have a backup then don't use this option

How you access the repair options will depend upon whether you have a Windows installation disk or whether your operating system came pre-installed by your PC manufacturer.

Pre-Installed Options NOTE

If no repair options are available your PC manufacturer may have replaced the tools or customised them. Check your Computer Manual before proceeding.

1/ Start your PC

2/ If your PC has one operating system Press and Hold the F8 key as your PC starts. If the Windows Logo appear you will need to start again

3/ If you have a dual boot system a Boot option menu will appear. Highlight the Windows operating system and Press the F8 key

4/ In both cases, if all has gone well, an Advanced options screen will now appear

5/ Highlight the repair Your Computer option and Press Enter

6/ Select a keyboard layout, and then Click the Next button

7/ Next select your user Name and Enter your Password, then Click OK

8/ The recovery options should now appear

Windows Installation Disk NOTE

1/ make sure your PC can boot directly from the Windows DVD. Obviously, most modern PCs can. With older machines you may need to check the PC's BIOS

2/ Start the PC

3/ Immediately insert the Windows DVD into the DVD drive

4/ A Black screen will appear with the words 'Press any key to boot from CD or DVD'

5/ Press Any key to start the booting process

6/ A new screen will now appear with a progress bar. The legend say's 'Windows is loading files'

7/ After a few minutes the Microsoft copyright window ill appear and another small progress bar will be visible

8/ You will next see a Blue curtained screen

9/ After a short while the Language option screen will appear

10/ Select your language and keyboard language and the Click the Next button

11/ At the bottom left of the next screen - the Install screen, Click on the Repair Your Computer option

12/ The System recovery options will now search for your Windows installation

13/ Once the Windows installation has been located, Highlight it and then Click the Next button

14/ You are now presented with the set of recovery options

15/ Click on the Option you require and follow the onscreen prompts

Like this post
entsal007

Likes # 0

Thank you Fruit Bat ... I've done this and having already inserted the Vista install disk it presents me with the option STARTUP REPAIR, upon selecting this it says the following...

Startup Repair Could Not Detect A Problem

And requests I click on Finish

Going to try SYSTEM RESTORE now from same menu...

But this comes back with ... No Restore Points Have Been Created On Your Computer's System Disk

Am I heading in the right direction??

Like this post
hiwatt

Likes # 1

System restore must have been turned off then or else the malware has turned it off?Start in safe mode choose CMD prompt.Right click run as administrator and then type sfc/scannow and see how that goes?

Like this post
entsal007

Likes # 0

Yes am in Safe mode with Command Prompt. Laptop just showing the usual MS DOS box with the error message in. Have tried right click within this box but doesnt offer an admin option (just mark, paste, select all, scroll, find). Outside this box right click doesn't come back with anything...

Like this post
hiwatt

Likes # 0

In safe mode you'll have to go to start/all programs/accessories and right click command prompt and choose run as administrator and then enter sfc/scannow

Like this post
Fruit Bat /\0/\

Likes # 0

no system restore point makes this hard.

You cannot run sfc and it would do no good anyway - you have a virus program that is booting with windows that needs to be removed.

This virus will have a random name making it hard to find.

do you have any docs, photos emails etc. on the machine that you are desperate to keep hold of? or is everything backed up?

If you can afford to lose all the data on the machine (due to having it backed up or nothing important on it) then the machine can be rest to factory condition.

Pleas give make and model for instructions on how to do this.

Like this post
hiwatt

Likes # 0

Maybe have to restore to factory settings from the advanced repair menu.There's an option to do this and save any files/user accounts?

Like this post
hiwatt

Likes # 0

Why not try as I said before.Safe mode with networking and do an online scan with eset http://www.eset.co.uk/ and run malwarebytes too?

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

The 13 most inspirational Tim Cook quotes