Well you could still check to see if there's a restore point available before all this happened. Alternatively follow Step 4 in that link and post those various logs where they say for analysis.
They are far better equipped than we are in troubleshooting these things.
If the restore trick works then make sure to toggle System Restore off and then back on to delete the infected restore point and then update everything.
The Trojan that installed the Police malware has also, quite probably, contacted a C&C server to download other malware. You may have got your files back but from the sound of it you were infected with unknown malware. Malwarebytes (if that's what it was) may have cleaned out most of it but you need to scan your system with another anti-virus product to be sure. McAfee's Stinger might pick up something but it only covers a subset of malware. If you run GetSusp that will pick up any unknown files on your system but may produce false positives. You also have to go through the McAfee Support process afterwards to deal with any suspect files, and at the moment going to Support is not perhaps your best option.
Your best bet is probably to download and run Microsoft's Safety Scanner. Windows Defender is not available as a download for Vista since it's an integral part of the operating system. I've checked a few forums for a workaround but if it's been modified by the malware you may need to find a way to repair it from within Windows. I'm still looking and will edit this or do a follow-up if I find anything.
As noted above, since these are Windows and Microsoft settings that have been tampered with you should look for a Microsoft repair tool, if one is available. The best place to find out might be on one of the Microsoft Vista forums - try HERE. There is a thread HERE specifically about difficulties re-installing Windows Defender which includes a user's suggestion to replace a whole bunch of registry information. Do that at your own risk, and only after backing up the registry (there is a utility, ERUNT, which some people say is best for that).
For an article about repairing Windows Vista without reinstalling the OS go to
For system recovery options in Vista see
Microsoft's Baseline Security Analyzer will check your system for security-related problems, including any missing updates. It reports, but does not fix, problems.
As for your AV, the best advice is probably to uninstall it and reinstall after you've done all the above.
Interesting to see others have recently had this trojan downloaded onto their systems. 2 days ago I got this, however Kaspersky detected them (evetonA) and stated that they had been deleted. The difference was that I put my laptop into standby for 2 days after until I restarted, thus the exe file was never executed until then. The usual lock up happened with the usual 'illegal activity warning' bull****, same happened in safe mode and then it must of corrupted a boot file or encrypted it as the boot manager keeps coming up when booting up, stating a file can not be accessed. Having it sent off to have Vista reinstalled as this laptop required you to make your own backup cd with software provided, which I completely forgot abou, more fool me!
Thanks for the post.
I just got infected today and managed to restore to an earlier date.
Can you please explain in more detail what you mean by "If the restore trick works then make sure to toggle System Restore off and then back on to delete the infected restore point and then update everything."
Sorry in advance, but I am very new to these things.
Cheers mate !
What I think Ex_Brit meant was, you should find a restore point that pre-dates the infection and go back to that point. Having got back to a clean state, disable System Restore. That removes all the existing restore points. The only reason to do this is that after you got infected the system may have set up a restore point containing infected files - so you could accidentally at some stage in the future roll your system back to an infected state - not a good idea. Of course, having deleted all your restore points but with a clean system, you want to start saving restore points again, so you turn System Restore back on.
You've now restored to the system situation as it was a few days or perhaps weeks ago. There may have been updates from Microsoft in that period, and these will certainly have to be reloaded to get you back to where you should be. I'm not sure if updates from companies like McAfee, Adobe, or whoever need to be reloaded, but it doe no harm to check you've got the latest versions of any programs you use. It's often because a program hasn't been updated for a while that you get infected in the first place.
See these for how to disable System Restore -
(XP, Vista. Needs updating.)
Hi Hayton / Peter
Thanks both for your help.
I've tried to delete all restore points but the one from last night still remains (tried through CCleaner as well with same result as the latest one is disabled for system safety).
Will it be safe to wait until a new restore point is created in the next few days , then I can delete the one from last night ?
On a separate note, I definitely delete all my cookies, passwords, history etc... before I picked up the virus.
Shall I still worry about my login details being stolen through the trojan ?
Thanks again guys.
Were you using Disc Cleanup to remove all but the last Restore point? If you actually turn off System Restore, that will remove all restore points.
Usually the best way to achieve that is to right-click Computer on your desktop or in the Start Menu (My Computer in XP), select Properties and go to the System Protection tab (from memory I think it's System Restore tab in XP).
There should be no reason to employ CCleaner to achieve this. I'm always leery of such things as they can remove essential elements of the system along with the non-essential stuff.
Sorry I missed that last bit. You might, as a precaution, change all passwords for anything on your machine or websites that have passwords stored on your machine as cookies.
Although with this kind of infection I don't think they are in the business of stealing anything other than your money in order to unlock it.
It's wise to change passwords periodically anyway