Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
This discussion is locked
90055 Views 123 Replies Latest reply: Sep 10, 2012 10:07 AM by Hayton RSS Branched to a new discussion. Go to original post 1 ... 5 6 7 8 9 ... 13 Previous Next
  • Ex_Brit Volunteer Moderator 59,584 posts since
    May 6, 2004
    Currently Being Moderated
    60. May 25, 2012 6:17 AM (in response to taurus28050)
    Re: West Yorkshire Police Virus

    Well you could still check to see if there's a restore point available before all this happened.  Alternatively follow Step 4 in that link and post those various logs where they say for analysis.

     

    They are far better equipped than we are in troubleshooting these things.

     

    If the restore trick works then make sure to toggle System Restore off and then back on to delete the infected restore point and then update everything.


    https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-143933-5189/78-49/Peter.gif
    Toronto • Canada
    Volunteer Moderator
    I can't help you privately - please post in the Forums
    Use Advanced Forum Search To Find Answers
    Beta Test McAfee Products For PC & MAC
    How To Fix File Associations in Windows
    XP & Office 2003 End-Of-Life - 08 April, 2014
    Anti-Spyware/Malware & Hijacker Tools
  • Hayton Volunteer Moderator 4,600 posts since
    Sep 27, 2010
    Currently Being Moderated
    61. May 25, 2012 7:19 AM (in response to taurus28050)
    Re: West Yorkshire Police Virus

    The Trojan that installed the Police malware has also, quite probably, contacted a C&C server to download other malware. You may have got your files back but from the sound of it you were infected with unknown malware. Malwarebytes (if that's what it was) may have cleaned out most of it but you need to scan your system with another anti-virus product to be sure. McAfee's Stinger might pick up something but it only covers a subset of malware. If you run GetSusp that will pick up any unknown files on your system but may produce false positives. You also have to go through the McAfee Support process afterwards to deal with any suspect files, and at the moment going to Support is not perhaps your best option.

     

    Your best bet is probably to download and run Microsoft's Safety Scanner.  Windows Defender is not available as a download for Vista since it's an integral part of the operating system. I've checked a few forums for a workaround but if it's been modified by the malware you may need to find a way to repair it from within Windows. I'm still looking and will edit this or do a follow-up if I find anything.

     

    As noted above, since these are Windows and Microsoft settings that have been tampered with you should look for a Microsoft repair tool, if one is available. The best place to find out might be on one of the Microsoft Vista forums - try HERE. There is a thread HERE specifically about difficulties re-installing Windows Defender which includes a user's suggestion to replace a whole bunch of registry information. Do that at your own risk, and only after backing up the registry (there is a utility, ERUNT, which some people say is best for that).

     

    For an article about repairing Windows Vista without reinstalling the OS go to

    http://support.microsoft.com/kb/936212

     

    For system recovery options in Vista see

    http://windows.microsoft.com/en-us/windows-vista/what-are-the-system-recovery-op tions-in-windows-vista

     

    Microsoft's Baseline Security Analyzer will check your system for security-related problems, including any missing updates. It reports, but does not fix, problems.

     

    As for your AV, the best advice is probably to uninstall it and reinstall after you've done all the above.


    Volunteer Moderator  Leeds, UK
    No PM's please
  • mrh Newcomer 1 posts since
    May 25, 2012
    Currently Being Moderated
    62. May 26, 2012 8:27 AM (in response to Hayton)
    Re: West Yorkshire Police Virus

    Interesting to see others have recently had this trojan downloaded onto their systems. 2 days ago I got this, however Kaspersky detected them (evetonA) and stated that they had been deleted. The difference was that I put my laptop into standby for 2 days after until I restarted, thus the exe file was never executed until then. The usual lock up happened with the usual 'illegal activity warning' bull****, same happened in safe mode and then it must of corrupted a boot file or encrypted it as the boot manager keeps coming up when booting up, stating a file can not be accessed. Having it sent off to have Vista reinstalled as this laptop required you to make your own backup cd with software provided, which I completely forgot abou, more fool me!

  • tot Newcomer 3 posts since
    May 28, 2012
    Currently Being Moderated
    63. May 28, 2012 8:02 PM (in response to Ex_Brit)
    Re: West Yorkshire Police Virus

    Hi Peter

     

    Thanks for the post.

    I just got infected today and managed to restore to an earlier date.

    Can you please explain in more detail what you mean by "If the restore trick works then make sure to toggle System Restore off and then back on to delete the infected restore point and then update everything."

     

    Sorry in advance, but I am very new to these things.

     

    Cheers mate !

  • Hayton Volunteer Moderator 4,600 posts since
    Sep 27, 2010
    Currently Being Moderated
    64. May 28, 2012 9:16 PM (in response to tot)
    Re: West Yorkshire Police Virus

    What I think Ex_Brit meant was, you should find a restore point that pre-dates the infection and go back to that point. Having got back to a clean state, disable System Restore. That removes all the existing restore points. The only reason to do this is that after you got infected the system may have set up a restore point containing infected files - so you could accidentally at some stage in the future roll your system back to an infected state - not a good idea. Of course, having deleted all your restore points but with a clean system, you want to start saving restore points again, so you turn System Restore back on.

     

    You've now restored to the system situation as it was a few days or perhaps weeks ago. There may have been updates from Microsoft in that period, and these will certainly have to be reloaded to get you back to where you should be. I'm not sure if updates from companies like McAfee, Adobe, or whoever need to be reloaded, but it doe no harm to check you've got the latest versions of any programs you use. It's often because a program hasn't been updated for a while that you get infected in the first place.

     

    See these for how to disable System Restore -

    http://support.microsoft.com/kb/310405   (XP)

    http://www.sevenforums.com/tutorials/81500-system-restore-enable-disable.html (Windows 7)

    http://www.mcafee.com/us/downloads/free-tools/disabling-system-restore.aspx 

    (XP, Vista. Needs updating.)

     

    Message was edited by: Hayton on 29/05/12 03:16:50 IST

    Volunteer Moderator  Leeds, UK
    No PM's please
  • Ex_Brit Volunteer Moderator 59,584 posts since
    May 6, 2004
    Currently Being Moderated
    65. May 29, 2012 4:48 AM (in response to Hayton)
    Re: West Yorkshire Police Virus

    Thanks Hayton for explaining it.

     

    tot - yes that is what I meant, is that OK?


    https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-143933-5189/78-49/Peter.gif
    Toronto • Canada
    Volunteer Moderator
    I can't help you privately - please post in the Forums
    Use Advanced Forum Search To Find Answers
    Beta Test McAfee Products For PC & MAC
    How To Fix File Associations in Windows
    XP & Office 2003 End-Of-Life - 08 April, 2014
    Anti-Spyware/Malware & Hijacker Tools
  • tot Newcomer 3 posts since
    May 28, 2012
    Currently Being Moderated
    66. May 29, 2012 6:44 AM (in response to Ex_Brit)
    Re: West Yorkshire Police Virus

    Hi Hayton / Peter

     

    Thanks both for your help.

     

    I've tried to delete all restore points but the one from last night still remains (tried through CCleaner as well with same result as the latest one is disabled for system safety).

    Will it be safe to wait until a new restore point is created in the next few days ,  then I can delete the one from last night ?

     

    On a separate note, I definitely delete all my cookies, passwords, history etc... before I picked up the virus.

    Shall I still worry about my login details being stolen through the trojan ?

     

    Thanks again guys.

    Tot

  • Ex_Brit Volunteer Moderator 59,584 posts since
    May 6, 2004
    Currently Being Moderated
    67. May 29, 2012 6:54 AM (in response to tot)
    Re: West Yorkshire Police Virus

    Were you using Disc Cleanup to remove all but the last Restore point?     If you actually turn off System Restore, that will remove all restore points.

     

    Usually the best way to achieve that is to right-click Computer on your desktop or in the Start Menu (My Computer in XP), select Properties and go to the System Protection tab (from memory I think it's System Restore tab in XP).

     

    There should be no reason to employ CCleaner to achieve this.   I'm always leery of such things as they can remove essential elements of the system along with the non-essential stuff.


    https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-143933-5189/78-49/Peter.gif
    Toronto • Canada
    Volunteer Moderator
    I can't help you privately - please post in the Forums
    Use Advanced Forum Search To Find Answers
    Beta Test McAfee Products For PC & MAC
    How To Fix File Associations in Windows
    XP & Office 2003 End-Of-Life - 08 April, 2014
    Anti-Spyware/Malware & Hijacker Tools
  • Ex_Brit Volunteer Moderator 59,584 posts since
    May 6, 2004
    Currently Being Moderated
    68. May 29, 2012 7:50 AM (in response to Ex_Brit)
    Re: West Yorkshire Police Virus

    Sorry I missed that last bit.   You might, as a precaution, change all passwords for anything on your machine or websites that have passwords stored on your machine as cookies.

     

    Although with this kind of infection I don't think they are in the business of stealing anything other than your money in order to unlock it.

     

    It's wise to change passwords periodically anyway

     

    Message was edited by: Ex_Brit on 29/05/12 8:50:19 EDT AM

    https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-143933-5189/78-49/Peter.gif
    Toronto • Canada
    Volunteer Moderator
    I can't help you privately - please post in the Forums
    Use Advanced Forum Search To Find Answers
    Beta Test McAfee Products For PC & MAC
    How To Fix File Associations in Windows
    XP & Office 2003 End-Of-Life - 08 April, 2014
    Anti-Spyware/Malware & Hijacker Tools
  • tot Newcomer 3 posts since
    May 28, 2012
    Currently Being Moderated
    69. May 29, 2012 7:47 AM (in response to Ex_Brit)
    Re: West Yorkshire Police Virus

    Hi Peter

     

    Brilliant.

    All done and I've uninstalled CCleaner as well.

    Thanks again for all your help again - all sorted for the bank holidays !!!

     

    Cheers mate !!!!!!!!!!!!!!!!

1 ... 5 6 7 8 9 ... 13 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points