Police warning shock

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Yesterday I suddenly got a web page pop-up which told me I was being
investigated by the police, and I would be subject to a fine if £xxxxxxx if
I did not pay £100 in the next 72 hours!
This is obviously an attempt at a scam, but one I have not seen before.
However it has locked my PC and Icannot get rid of the web page although I
can get into safe mode and have run Malwarebytes without any success.
I have put a digital photo of the page on photobucket  belowuploaded with my
laptop.
If anyone knows more and can help me to get rid of this, i would be most
grateful

http://s74.photobucket.com/albums/i278/quilljar/Exposure /

Quilljar


Re: Police warning shock

For information.
I have googled this problem and discovered several so-called remedies. some
may work, others beware they want to sell you anti virus programs. I ran
Malwarebytes again, this time in QUICK SCAN  while in Safe mode and the
results came up as two ransomeware items removed. This seems to have done
the trick.
I have always found Malwarebytes to work well.
Q



Re: Police warning shock

quilljar wrote:
 
Quoted text here. Click to load it

Follow the instructions on this page:

http://trojan-killer.net/interpol-department-cybercrime-virus-removal /

Or this one:

http://trojan-killer.net/computer-locked-violating-law-great-britain /

This looks like a some-what new infector (seems to have been introduced
only 6 weeks ago?).

Does anyone know if this particular piece of ransomware gets onto a
system via social-engineering techniques - or is it leveraging a known
OS or browser vulnerability?

Re: Police warning shock

On Sun, 23 Sep 2012 09:35:49 -0400, Virus Guy wrote:

Quoted text here. Click to load it

A friend of mine picked this up a couple of weeks ago. The only unusual
activity that had previously indulged in was that her teen-age lad had
downloaded something using Bittorrent.

A full scan with MBAM got rid of it. Four nasties were removed, if I
recall correctly.



--
"One of the painful things about our time is that
those who feel certainty are stupid, and those with
any imagination and understanding are filled with doubt
and indecision" -Bertrand Russell, 1872-1970

Re: Police warning shock

Aardvark wrote:
 
Quoted text here. Click to load it

That doesn't tell us if the torrent'd file was the culprit - unless the
file was a piece of software (game, hack/crack, etc) or a media file
that directed the user to obtain the "proper" codec.

Re: Police warning shock

On Sun, 23 Sep 2012 11:47:59 -0400, Virus Guy wrote:

Quoted text here. Click to load it

No, although from what little I recall of the phone convo, I suspected
the download was somehow to blame.

Quoted text here. Click to load it

As soon as I read your post, I tried to phone her to refresh my memory.
No answer :-(.

I'll get back to you with more info as I get it.



--
"One of the painful things about our time is that
those who feel certainty are stupid, and those with
any imagination and understanding are filled with doubt
and indecision" -Bertrand Russell, 1872-1970

Re: Police warning shock

On Sun, 23 Sep 2012 11:47:59 -0400, Virus Guy wrote:

Quoted text here. Click to load it

Well, I've now discovered that it wasn't a Bittorrent download as I had
originally mis-remembered.

She phoned me today and told me her son had downloaded, installed and
played the following game:

<http://www.thedd.co.uk/banger-heat.htm

I'll ask her to upload the executable to somewhere so I can download and
take a look at it.



--
"One of the painful things about our time is that
those who feel certainty are stupid, and those with
any imagination and understanding are filled with doubt
and indecision" -Bertrand Russell, 1872-1970

Re: Police warning shock

Aardvark wrote:

Quoted text here. Click to load it

Comodo says the site is okay:
http://siteinspector.comodo.com/public/reports/6051528

So does Mcafee:
http://www.siteadvisor.com/sites/http%3A//www.thedd.co.uk/banger-heat.htm


Re: Police warning shock

The wretched Police page came back today and what is more, it comes up in
all three Safe Modes too , so I cannot get to Malwarebytes to attack it.

I do like to tackle these problems myself and am willing have a go. I am on
my laptop tonight.
any suggestions welcome
Q


Re: Police warning shock

On 09/25/2012 03:04 PM, quilljar wrote:
Quoted text here. Click to load it

can you get a copy of antivir's boot disk?
--
A stupid man's report of what a clever man says can never be accurate,
because he unconsciously translates what he hears into something he
can understand. -Bertrand Russell
Registered Linux User #393236

Re: Police warning shock



can you get a copy of antivir's boot disk?

Sorry Max,
I don't know what you mean?
I don't have any kind of boot disc
Quilljar

Re: Police warning shock

On 09/25/2012 05:13 PM, quilljar wrote:
Quoted text here. Click to load it

Avira AntiVir Rescue System
http://www.avira.com/en/downloads#tools
--
A stupid man's report of what a clever man says can never be accurate,
because he unconsciously translates what he hears into something he
can understand. -Bertrand Russell
Registered Linux User #393236

Re: Police warning shock

quilljar submitted this idea :
Quoted text here. Click to load it

Use your good computer to download the disk image Max gave you the URL
to. Burn the image to disc and use it to boot your bad computer. After
that, IIRC, you just follow the prompts.

You may have to access your CMOS Setup program to avail yourself of the
CD boot option, but in most cases you wouldn't have to.



Re: Police warning shock

On Tue, 25 Sep 2012 21:49:23 -0400, FromTheRafters

Quoted text here. Click to load it

    Kaspersky boot CD has a registry-editor. You can manually
repair the registry from it, if the scan does not do the job.

    http://support.kaspersky.com/viruses/rescuedisk

    []'s
Quoted text here. Click to load it
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Re: Police warning shock


Quoted text here. Click to load it

    BTW, the Kaspersky bootdisk has an utility for removing
ransom-ware. Here explains how to use it:

    http://support.kaspersky.com/faq/?qid=208285998

    You can access the net while using the bootdisk, if you have a
standard modem ---> (router) ----> PC connection, and follow the
instructions.
    The utility is called WindowsUnlocker. You must do a full scan
after using it.
    []'s

    
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Re: Police warning shock

quilljar wrote:
 
Quoted text here. Click to load it

I would suggest that if you know what files to delete, that you boot
into DOS mode (press F8 key during boot-up) so you would have a true
command-line interface to access your file-system.  But since you're
probably running an NT-based OS, that option isin't available to you.

So your next option would be that you have your OS installed on a FAT32
volume, so that you can boot into DOS as your second OS besides your
NT-based OS.  What's that?  You say that you didn't install your OS on a
FAT32 volume that already had DOS 7.1 pre-installed on it first?

Well, in that case, remove the infected hard drive from what-ever
machine we're talking about and connect it as a slave or secondary drive
to a known/good (trusted) PC and run anti-what-ever software to scan the
attached drive and remove any mal-files it detects.

A good AM/AV program would have the ability to scan the registry of an
attached drive and neutralize any offending registry entries, but again
like I said -> AV software is bullshit and doesn't have that feature.

Re: Police warning shock

I have all my files backed up on a separate external HD. Would it be OK to
take out my infected disk and re-format it using my trusty laptop and then
re-install Windows 7?
I daresay that wd be child's play to a pro, but it would be a first for me.
Q

.


Re: Police warning shock

quilljar wrote:
Quoted text here. Click to load it

I'm no expert, Q, but if you are willing to reformat and reinstall
Windows 7, I believe there is no need to remove your hard drive first!


Re: Police warning shock




quilljar wrote:
Quoted text here. Click to load it

I'm no expert, Q, but if you are willing to reformat and reinstall
Windows 7, I believe there is no need to remove your hard drive first!


I am also no expert, but I have no way of communicating with my HD because
the wretched ransomware web page comes up whatever I try. It will not allow
me to get into any safe mode nor bring up a command line, not that I would
know what to do if it did!
Q


Re: Police warning shock

quilljar wrote:
Quoted text here. Click to load it

Do you have a retail copy of Microsoft Windows 7 - or a rescue CD made
when yo first got your computer?

If so, can't you boot from it?  Have you set your BIOS to boot from a
CD?  See http://www.hiren.info/pages/bios-boot-cdrom

Site Timeline