2 replies to this topic

[arunkumar]

PCEU virus affected Windows 7 - 32 bit - Urgent help required

---------------------------------------------------------------------------------------

 

safe mode, with network, command prompt not functioning.
 

It's office laptop and it's encrypted.

Note: I have only 7 more hours to login. Any immediate response would be appreciated and i'm trying to solve this for 5

hrs.

FRST result:

--------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by SYSTEM on MININT-1P3CA6P on 16-02-2014 15:25:42
Running from F:\
WIN_7 Service Pack 1 (X86) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

ATTENTION: Software hive is missing.
ATTENTION: Software hive is not loaded.
ATTENTION: System hive is not loaded.

========================== Services (Whitelisted) =================

==================== Drivers (Whitelisted) ====================

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

==================== One Month Modified Files and Folders =======

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.

==================== Restore Points  =========================

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 2037.95 MB
Available physical RAM: 1696.5 MB
Total Pagefile: 2037.95 MB
Available Pagefile: 1689.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.48 MB

==================== Drives ================================

Drive f: (SONY_16W) (Removable) (Total:14.46 GB) (Free:10.7 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: 97BE5B6A)
Partition 1: (Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=35 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14 GB) (Disk ID: 2387E12F)
Partition 1: (Not Active) - (Size=14 GB) - (Type=0C)

==================== End Of Log ============================

 

Search result:

------------------------

Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by SYSTEM at 2014-02-16 15:27:47
Running from F:\
Boot Mode: Recovery

================== Search: "services.exe" ===================

X:\Windows\winsxs\x86_microsoft-windows-s..s-

servicecontroller_31bf3856ad364e35_6.1.7601.17514_none_d1672a532b8b1a15\services.exe
[2010-11-20 00:38] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

X:\Windows\System32\services.exe
[2010-11-20 00:38] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

 

 

[----------------]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Kaspersky Windows Unlocker

• Download Kaspersky Rescue Disk (iso)
• Burn it to a cd or dvd, if you need a program to burn an ISO...use Active@ ISO Burner
• Configure your computer to boot from CD/DVD
• Note : If you do not know how to set your computer to boot from CD/DVD follow the steps here
• Once you have the cd/DVD created, boot the computer up using it
• Press any key to enter the menu
• Select your language
• Press 1 to accept the End User License Agreement
• Select Kaspersky Rescue Disk. Graphic Mode
• Click on the Start button located in the left bottom corner of the screen
• Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Metropolitan Police Virus Note: If you can't find Kaspersky WindowsUnlocker, go to Terminal instead > type > windowsunlocker > choose 1 - Unlock Windows > Enter

• When it's done, click on the Start button and start Kaspersky Rescue Disk utility
• Click on My Update Center tab and press Start to download the latest update
• Next, select the Object Scan tab
• Put a check next to C:\ and any other local drives
• Then click Start Objects Scan
• Quarantine any malware found
• Restart your computer and see if it boots up normally.

[----------------]

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic