heini, I was infected with the ICE on August 22 and am having much difficulty getting any of the "net" suggestions to work. My machine is a 7-y-o Compaq Presario with the XP operating system. This machine has been a stand alone for over 15 months and was re-connected to the net on August 18. I use to use the Uniblue MalWare and the Avast systems to maintain a "clean machine", unfortunatley both subscriptions had lapsed and did not catch the Trojan. Avast wants $160 to walk me through the intial process to the point where it can reconnect to the net where they will clean and restore the system.
But I'm a cheap retiree with a very old machine that will be replaced next year, please share links to any suggestions that work.
Good Luck shipmate!
Did you try to invoke System Restore from within Safe Mode - that's worth a try. See page 1 for some links to BleepingComputer forums where they specialize in this sort of thing.
Yes, with all three safe modes. C prompt opens as C:\Windows>, but refuses to accept the system restore opitions offered on the Malware discussion boards. I even downloaded the Hitman and tried to recommended safe mode options, but could not get the Hitman to open.
Thanks for your reply.
Post on the recommended BleepingComputer forum saying what you've tried and see what they suggest. They've got some pretty good experts over there.
That at least will be free. Your alternative with McAfee is their paid virus removal service.
My issues is slightly different. I get to Safe Mode commands. I select Safe Mode with Command Prompt. The laptop runs through the files and the pops up my login screen in safe mode. I enter my login and password. After this is where I have the problem.
After I hit enter, my laptop logs in and only pops the command prompt screen up for less than a second or two.Then begins to automatically shut down.
Any tips on how to get by or arround this. I have tried the other safe modes and get the same result.
I have nothing to suggest other than what has already been said in the thread. If you can get to Safe Mode is System Restore available to you? If not follow previous suggestions, or maybe someone else will post with ideas.
I just finished removing the virus from my computer which was infected the 15th. It was really pretty simple.. First if you pay attention when you log on you'll notice a cmd window right before the lock screen. It makes the call to the virus.exe aka the lock screen. Use this to get the name of the file thats infected your computer (the first few characters are fine). Then use some sort of bootable media (USB, CD, PXE) to boot into linux (any OS works, I prefer linux) open up a terminal type " cd .. " to go up a directory then type " ls " to list all files. You should see "OS:" or "C:/" (the name of the hard drive for your computer) type " cd OS/Users/[Infected Username Here] " then type " find -name [the first few characters of the program being called by the cmd line right before lock screen]* " MAKE SURE YOU TYPE THE *. If you coppied the characters right you should see a .exe file that starts with those characters you typed in preceeded by a filepath. use cd to navigate to the folder containing the virus then type mv [VirusFileName.exe] [VirusFileName.exe.Virus].
Now reboot the computer you'll get a black screen and a cmd window when you log in complaining about the file name you changed. Hit Ctrl+Alt+Del start task mgr then click file new task. A window will pop up type in explorer to bring up the user interface. Now click the start menu and type regedit and hit enter. Expand HKEY_CURRENT_USER then expand Software Expand Microsoft and select command processor. Click the AutoRun property in the right hand pane then right click it and select modify and delete the path, this will stop the cmd prompt from trying to execute the virus every time cmd is run. Now in the scroll list on the left find Windows NT (under Software>Microsoft) and expand it, then CurrentVersion and select winlogon. You'll see a property called Shell in the right pane and it's set to cmd.exe change it to explorer.exe.
As simple as that, all you have to do is locate the virus file you renamed to .exe.Virus and delete it (the reason for not deleting it is on the off chance its NOT the file we need to remove it still exists and we can rename it to .exe)
Hope this helps someone and sorry if its not the clearest just msg me on here and I'll try to get back to you.
Safe surfing everyone,