cancel
Showing results for 
Search instead for 
Did you mean: 

Re: West Yorkshire Police Virus

Jump to solution

since yesterday I am waiting for reply from dr.web, can you suggest any more possibilities

Re: West Yorkshire Police Virus

Jump to solution

Try resubmitting using this link to Dr Web https://vms.drweb.com/sendvirus/?lng=en You probably have to create a ticket first rather than emailing Vladimir direct.  I don't know any other service so stick with it.  It does work.

egghead
Level 7
Report Inappropriate Content
Message 113 of 124

Re: West Yorkshire Police Virus

Jump to solution

iwolf has pointed out the solution I had to adopt...

The virus encrypted all the music files on the infected machine, including the default sample music. All I had to do to get an original copy of an unencrypted file was to grab a copy of one of the sample music files from another PC.

I tell you, I've never listened to it before but "Sleep Away" by Bob Acri has never sounded so good! - On a Windows 7 machine, it can be found in C:\Users\Public\Music\Sample Music\Sleep Away.mp3

Perhaps a more ideal file (smaller filesize) would be one of the sample pictures in C:\Users\Public\Pictures\Sample Pictures. The Koala.jpg looks a pretty cute and suitable hero.

Apologies if I am teaching anyone to suck eggs (sorry ryko), but it may be worth explaining that although you can easily replace the corrupted (encrypted) files if you have original back up copies, the issue is you may not remove the infection if you do not use the appropriate scanning/fixing tool and you may not have backup copies of all files that have been encrypted.

The most important function is to stop and remove the infection and then recover any lost files. You will need antivirus/anti-malware tools to do this, and Dr Web or Kaspersky both provide a specific tool for this particular job. However as many sufferers do not have back up copies of files required to reverse the encryption this trojan performs, it hampers chances of recovering the files. Fortunately however as the trojan encrypts the sample music and pictures that come installed on Windows, it is much easier to get an unencrypted original of one of those files and hence restore your own files.

Good luck to anyone unfortunate enough to have been infected and troubled by this problem.

Hayton Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 114 of 124

Re: West Yorkshire Police Virus

Jump to solution

@egghead, that's a good summary of what needs to be done.

This particular attack appears to be winding down. That probably means there's a new variant about to be released.

btw, I see a user earlier in the thread posted a link to fixpcyourself (or something like that) which I hope no-one bothered to follow up. Nothing much wrong with the advice per se, but it's the same generic advice for absolutely everything (rkill + malwarebytes). Okay but not good enough.

egghead
Level 7
Report Inappropriate Content
Message 115 of 124

Re: West Yorkshire Police Virus

Jump to solution

Hayton wrote:

btw, I see a user earlier in the thread posted a link to fixpcyourself (or something like that) which I hope no-one bothered to follow up. Nothing much wrong with the advice per se, but it's the same generic advice for absolutely everything (rkill + malwarebytes). Okay but not good enough.


I thought it just looked like somebody peddling their own software in a spam like manner. Thing is, there is perfectly good and capable software available for free which we know definitely fixes the problem. The recommended fix for this particular problem (the encrypted files variant) is the Kaspersky or Dr Web tool. Then I would recommend updating and running your antivirus tool, and also having a sweep with something like the Microsoft Safety Scanner and old favourite Malwarebytes Anti Malware.

Some of the other recommended tools will definitely help clear an infecxted system, so give Combofix or the McAfee Stinger a run too.

Re: West Yorkshire Police Virus

Jump to solution

That post with a link has now been deleted.

Hayton Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 117 of 124

Re: West Yorkshire Police Virus

Jump to solution

egghead wrote:

I thought it just looked like somebody peddling their own software in a spam like manner.

Maybe. I went through the site and checked it for nuisances; it's a perfectly reasonable if slightly amateurish setup. There's no suspect software being peddled, no urging to phone premium-rate numbers for remote assistance, no links to malware sites. It just looks like someone set up a self-help site but hasn't got much beyond the basics yet. The only part of it that looked slightly fishy was the user-comments section. Some genuine, many not, if I'm any judge. And, yes, Mr Patel posted twice with two usernames to promote what may well be his pet project. Give him 6 out of 10 for a good effort, and at least not recommending anything that's going to mess up someone's system 🙂

The tools that work for the West Yorkshire Police variant may not work properly for the next variant. Each release of this ransomware has included some new refinement. I'm going to have to go back to that French security site I found and see if Malachi (or whatever his name is) has spotted anything new.

mdb1974
Level 7
Report Inappropriate Content
Message 118 of 124

Re: West Yorkshire Police Virus

Jump to solution

Hello all, found out I was infected with this virus last night at 11.30pm.  Finally managed to get to sleep at 4.00am by following Step 1 & Step 2 on this page (this links to a product other than a McAfee product - don't know if this is allowed).

What I did:

  1. Restarted in safe mode with networking
  2. Checked my file names - they didn't seem to be encrypted or renamed like other files mentioned in this thread
  3. Followed Step 1 & Step 2 in the above link (downloaded and run the applications)
  4. The applications found and removed a few viruses
  5. Restarted PC
  6. Removed Malware Bytes andvreinstalled McAfee (as Malwarebytes conflicts with it)
  7. PC seems (fingers crossed) fine.

I don't normally post in forums such as these (as you can see, 1st post) but seeing as how I've never had a virus before I thought I'd chip in and help others with this issue, as I sh*t myself when I saw the fake message. My PC is used for my work and is kept cleaner than clean, no dodgy 3rd party applications etc and I'm always careful about what I install - my anti-virus (always McAfee) is always kept upto date so I've no idea how I got infected with this virus. My PC has always run like a dream  with no issues at all.

Anyway, hope this helps and apologies for posting a link to a non-Mcafee link (I have no affiliation, honest).

I'll keep you posted if there are any further issues with my PC.

Cheers all.

Message was edited by: mdb1974 on 7/10/12 5:34:56 AM CDT

Re: West Yorkshire Police Virus

Jump to solution

mdb1974, the link appears to be OK so I will leave it in place.   Glad you are sorted out.

mdb1974
Level 7
Report Inappropriate Content
Message 120 of 124

Re: West Yorkshire Police Virus

Jump to solution

Cheers - My only question - Now I've run Malwarebytes - does this pretty much guarantee (within reasonable doubt based on other users' experiences) that the virus is gone from my PC?

Obvviously you can't guarantee, but you know what I mean...

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community