cancel
Showing results for 
Search instead for 
Did you mean: 
gradley
Level 7

Help required regarding potential ransomware infection

I was on the internet at the weekend and my browser (IE) diverted to the PCeU (Police Central e-crime Unit) page. Naturally I was suspicious and opened a separate IE window to carry out a search regarding this.  The results came up that this was ransomware and so immediately clicked the close button in the top right hand corner of IE, which brought up a separate window asking me to confirm that I wanted to close this window.  Automatically without thinking I clicked yes, but this had no effect.  I therefore opened the task manager and closed IE through this.

Following this I closed the other IE window I had opened and carried out a full scan using McAfee Live Safe, which found no infections.  I then checked my documents folders and everything appeared to be accessible, with nothing seeming to have been encrypted.  I then chose the shut down option which logger me off but hung on the shutting down screen, so after about 5-10 minutes I manually powered off.  On turning my computer back on again it started up as normal, which from what I have since read this virus will not allow if it infects your machine.  I then ran a full system scan again (which found nothing) following which I downloaded Malwarebytes Anti-Malware and ran (which also found nothing), and the ransomware window has not since reappeared.  I have also checked by IBM Trustee Raptor weekly report which has not picked up anything.

From what I have read the following should be done if this ransomware has infected my system:

  • restart computer in safe mode with networking
  • restore system to a time prior to infection
  • run a full system scan
  • run a separate anti-malware scan (i.e. Malwarebytes Anti-Malware)
  • restart computer as normal
  • run full system scan again
  • run separate anti-malware scan

Would it be best to carry out the above to make doubly sure that my system is not infected, or is there something else that I should do (like running McAfee GetSusp as well).

Any advice would be greatly appreciated as everything I have found in the internet relates to removing this after it has infected your system and locked it up completely.

System detail:

Desktop PC

OS - Windows 8.1

Browser - Internet Explorer

Anti-virus software - McAfee LiveSafe

0 Kudos
8 Replies
catdaddy
Level 20

Re: Help required regarding potential ransomware infection

,

              It seems to appear that you may have gotten lucky. The best thing to do is immediately 'Power off/Shutdown' for any clicking of your mouse can initiate installation. I would recommend running McAfee Getsusp also to play safe:

              You can access it and other Free Tools here:

             Just remember to enter your email address under 'Preferences' before scanning. Please apprise us of your results.

All the Best

Catdaddy

McAfee Community Moderator

Consumer Products

Cliff
McAfee Volunteer
0 Kudos
gradley
Level 7

Re: Help required regarding potential ransomware infection

Thanks,

I ran GetSusp at the weekend and am awaiting a response from McAfee.  I'll let you know what I hear back.

It did come up with one suspicious and one unknown, both of which I recognised.  So hopefully everything will turn out OK.

0 Kudos
catdaddy
Level 20

Re: Help required regarding potential ransomware infection

,

               That is good to hear. Keep us informed, for after 4-5 business days if not resolved. Please kindly post the 'Work Item ID#' we can contact someone from McAfee Labs on your behalf, and quite possibly expedite your issue

All the very Best,

CD

Cliff
McAfee Volunteer
0 Kudos
catdaddy
Level 20

Re: Help required regarding potential ransomware infection

I might add that if the Unknown programs are ones you may use on a regular basis, and cause no issues or not detected by your 'Real Time Scanning'. There might not be no reason for concern. Of course that depends on what the programs are.

Cliff
McAfee Volunteer
0 Kudos
exbrit
Level 21

Re: Help required regarding potential ransomware infection

There's an excellent removal guide for PCeU here: Remove Police Central e-crime Unit virus (Ukash Scam)

However, that may be not becessary now.

0 Kudos
catdaddy
Level 20

Re: Help required regarding potential ransomware infection

Great Suggestion Peter !  

Cliff
McAfee Volunteer
0 Kudos
gradley
Level 7

Re: Help required regarding potential ransomware infection

Hi,

Just to keep you up to date -

Even though the virus did not appear to have got through to my computer and locked me out I nevertheless carried out the first option in the removal guide as supplied by Ex_Brit.  Initially I recovered my machine to a date prior to initial issue then ran Malwarebytes Anti-Malware followed by HitmanPro, both of which found no issued.  Following this I fully updated all the windows updates and then ran Belarc Advisor, which did not flag up any issued regarding the installed updates.

I am assuming from this that I have been lucky and that the virus did not actually manage infect my computer in the first place but just froze an IE web page with the lock screen warning it generates.  I am still however awaiting a response from McAfee Labs regarding the GetSusp analysis results (Reference WorkItemID: 1707310), but as the two file names it came up with relate to programs that I recognise I am assuming that this will not be an issue.

Thank you for all your help.

0 Kudos
exbrit
Level 21

Re: Help required regarding potential ransomware infection

As long as you entered your email in GetSusp Preferences they bshould eventually let you know, it takes ages sometimes.

0 Kudos