Help with a computer virus!?

[271]

I have a virus on my laptop. Whenever I open up Windows normally, a screen will appear from a page claiming to be the "e-police" branch of the Metropolitan Police asking me to pay a £100 fine immediately. I cannot get off the page without shutting down my laptop. The only way I'm able to access the Internet is by running Windows in safe mode with networking. Anyway, I googled the virus to see if anybody else was experiencing the same problem (as it happened it's quite a popular one) and to see if I could find a way to get rid of the thing. One user suggested accessing the Internet via safe mode with networking, googling an antivirus software called "Combofix", saving it to the desktop and running it. Another user backed him up, saying it worked, so I decided to give it a try. However, when I clicked "Download" on the software and then clicked "run", a message appeared saying: "InstallConverter_TSV35DRSB.exe contained a virus and was deleted". Similar messages pop up on EVERY SINGLE (free) antivirus software I attempt to download. My next idea was to try and reset my laptop to a date before it became infected with the virus. I can't remember exactly what it said when I tried this but it was something like "you have infections in your disks, ensure they are cleaned before attempting a system restore". Long story short I'm really, really stuck here. None of the solutions other people have used have worked for me because my laptop simply won't allow me to do anything without displaying one of those stupid messages. PLEASE can anyone help!? I was thinking about whether to try and reset my laptop to factory settings (I only use it for the Internet really, all my work files and stuff are on a separate device so I'm not bothered about losing all my applications) but surprise, surprise, everything I read on the Internet on how to do it didn't work when I tried it. Any help anybody can give would be heavily appreciated.
PLEASE NOTE: I cannot download any sort of antivirus software!!!! @rootbrian2000 the malwarebytes software doesn't work, the same message just pops up as soon as I attempt to download it, although I appreciate all the help
Thanks so much for all the help guys! I appreciate it all, however I managed to reset my system to its factory settings so no harm done :-) thanks again!

[rootbrian2000]

You basically have ransomware on your machine that is demanding to be wired a fee of some sort. You can get rid of it using malwarebytes.

Download it, install it, let it update the definitions, run a FULL SCAN, then once it completes, click next to see the results. Right click in the list and choose Select All, then click Remove. You'll be prompted to reboot, do that. Once done, everything should be back to normal. You could also grab the other utilities in the Downloads section of the website too.

As an alternative, you could switch your operating system to Linux Mint, where all of the crapware you have to deal with periodically, will come to an end. It's easy to use and install too, comes with just about everything a computer should have. It has firefox by default, you can even get skype, google chrome too. I'll link it. It's free.

[Rahil]

Hey, it is a "Ransomware" and it will ask you to pay money. Please, restart your Laptop and after BIOS, press "F8" key to boot into the safe mode, and choose "Safe Mode with Networking" option from boot Menu. And Login to your Laptop, and open your web browser, then download "Spybot - Search & Destroy" and after download get complete, just install it, and scan your Laptop with this security tools. This tool can be used along side of Antivirus program, and it is safe, no conflict.

Remember "Ransomware", cannot run in Safe Mode, because Ransomware is functionally dependent on Service Pack, and Service Pack gets loaded only in Normal Mode not in Safe Mode. Good Luck

[David]

This is ransomware and is probably giving you false alerts about every file you download.
Here is are some instructions that should work, you will need a 32MB flash drive
http://www.bleepingcomputer.com/virus-re...ransomware
Or this
http://www.malwareexperts.com/west-yorks...m-removal/
HTH
David

[TEX4S]

malwarebytes

[deboerdn2000]

well safe mode with networking is correct but looks like it might be hijacking the browser as well. if you can get it through another computer then power to you but if not you might have to reinstall. http://botcrawl.com/how-to-remove-the-po...e-malware/ these are the steps to manually remove it which you may have to do. always do this in safe mode. always keep antivirus running.

[megh]

just download a antivirus from other pc and install it in safe mode

antivrus download links are given down in the questions lol

[Nahum]

Have you tried downloading the software from another (clean) computer and transferring it by CD-R or flash drive? Be certain to run scans on flash drives every time you insert them onto a clean computer.

If you can't even run safe mode to do a proper scan, or the ransomware is interfering in other ways, download either of the following rescue discs, and burn it to CD-R:
Kaspersky http://rescuedisk.kaspersky-labs.com/res...updatable/
AVG http://www.avg.com/us-en/226386

You will still need to fix whatever settings the ransomware changed, which may be possible by just using System Restore.

[Satyam]

Yes, its a ransomware. Okay, don't panic. You said you've got your files secured. Even the worst case could be a complete hard drive format and OS re-installation (remember, the worst), you have nothing to worry about. I am assuming that your system isn't allowing you to install other Antiviruses (as you've said).

To disinfect the system without any antivirus program function, you need to be sure about which malware (ransomware, to be specific in your case) has infected the system. Your case looks like a case of 'Trojan-Ransom.Win32.Xorist'. A 'Trojan-Ransom.Win32.Digitala' is also possible. So..ummm.. the first thing I'd recommend is assuming its one of these two and trying to disinfect the system.

'Trojan-Ransom.Win32.Xorist' can be cured by XoristDecryptor and 'Trojan-Ransom.Win32.Digitala' needs Digitacure. Of course, you haven't heard about any of these utilities. They are 'virus fighting utilities' provided by Kaspersky for free. I am sure you've heard about Kaspersky and its reputation.
You can download XoristDecryptor (600KB) and Digitacure (120KB) from http://support.kaspersky.com/us/viruses/utility# .These are small utilities programmed to detect and eliminate specific threats from a system. I am sure you won't be facing any difficulties in running them. Download the .exe files of both of them (in Safe Mode-Networking, of course).
How to use XoristDecryptor http://support.kaspersky.com/us/2911
How to use Digitacure http://support.kaspersky.com/us/3043

Basically, it looks like its either a Trojan-Ransom.Win32.Xorist or a Trojan-Ransom.Win32.Digitala.
PLEASE NOTE that it can be others like Trojan-Ransom.Win32.Rannoh, Trojan-Ransom.Win32.Rector or Trojan-Ransom.Win32.Rakhni, though the chances are quite less. If the XoristDecryptor and Digitacure don't work for you, try RannohDecryptor, RectorDecryptor, and RakhniDecryptor. You'll be able to download them from the same page and even a quick and easy article on how to use them. So, basically, try,

1)- XoristDecyptor
2)- DigitaCure
3)- RannohDecryptor
4)- RectorDecryptor
5)- RakhniDecryptor

though I am pretty sure that it'll only need XoristDecryptor and DigitaCure, there's nothing wrong in taking some extra care.

Some of these tools will require you to locate atleast one file that is encrypted by the ransomware. You'll find methods of finding such files in the 'Use the' articles given on the page.I am also giving names of a few other utilities that might be helpful as well. TDSSKiller (which simply scans and removes rootkits), and klwk (which helps in running of antivirus programs even if a malware is blocking it). All the utilities are small is size, can be found on the same page with articles giving instructions on how to use them.

Now, you being not so used to of such situations, THERE ARE CHANCES THAT YOU MIGHT NOT FIND THE ENCRYPTED FILES NEEDED BY THESE UTILITIES. All except DigitaCure, TDSSKiller and klwk need the encrypted file. The main suspect, Trojan-Ransom.Win32.Xorist, which needs XoristDecryptor needs the encrypted file too, and I doubt that this might leave you as helpless as you were before. If this is the situation, you need a complete antivirus program to scan and fix threats for you. And if the Ransomware isn't allowing you to install new antivirus programs, it is the time to use Kaspersky Rescue Disk.

Kaspersky Rescue Disk, in simple words, is an Antivirus in a bootable media (a blank CD/DVD or a blank USB Flash Drive). You can boot through it, and scan your system for threats and remove them, and as you haven't booted through the hard drive, they threats can't cause any malfunctioning. This is usually the second to last thing I'd like to do (the last being formatting the hard drive).

What is Kaspersky Rescue Disk https://support.kaspersky.com/4162
Download Kaspersky Rescue Disk http://rescuedisk.kaspersky-labs.com/res...cue_10.iso
How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it? https://support.kaspersky.com/8092
How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?
https://support.kaspersky.com/8093

You can try downloading the Rescue Disk and burning it to a USB Drive or a CD/DVD from your own computer, but if it doesn't allows, you'll need another system (maybe a friend's or an internet cafe) to make things work.
Read the articles, and try what you can. Too much of reading for you, but that's life brother.
Hope that it helps.

[Bill P]

Follow the advice already offered but start the computer in 'Safe Mode with networking' instaed of normal. In Safe Mode things like viruses aren't loaded so the internet is accessible to download things like Malwarebytes.