1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hello and need help please "reveton trojan"

Discussion in 'Virus & Other Malware Removal' started by jam1980uk, May 11, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. jam1980uk

    jam1980uk Thread Starter

    Joined:
    May 11, 2012
    Messages:
    129
    Hello i only just joined your ste and i must say very good from what ive seen now i only found this site due to have a major problem so at least some thing good has come out of my "problem".
    I have the west yourshire virus or better called "THE REVETON TROJAN". im sure you heard of it please can you help me i cant do anything cant boot in safe mode really stuck.

    Thanks in advance for any help you can offer
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
  3. jam1980uk

    jam1980uk Thread Starter

    Joined:
    May 11, 2012
    Messages:
    129
    already tried that a few times m8 ctrl o don`t do any thing can`t boot into safe mode cant do anything.
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    If you have access to another system and a USB stick do the following:

    Download the Windows Defender Offline Tool and save to your Desktop.
    You will have to select the correct version for your system, either 32 or 64 bit

    [​IMG]

    Double click [​IMG] to run the tool, Windows 7 or Vista user right click and select "Run as Administrator"

    Read the instructions in the new window and select "Next"

    [​IMG]

    In the new window accept the agreement:

    [​IMG]

    In the new window select your USB Flash Drive, then select "Next"

    [​IMG]

    In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"

    [​IMG]

    In the new window accept the formatting alert by selecting "Next"

    [​IMG]

    Files will be Downloaded:

    [​IMG]

    Files will be processed and created

    [​IMG]

    Flash drive will be formatted and prepared

    [​IMG]

    Files will be added to the Flash Drive and the tool will be created.

    [​IMG]

    The procedure is finished and the Tool created, click on "Finish" to complete.

    [​IMG]

    Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required, Use F12 as it boots, change options...
    As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds.
    When complete do a full scan, deal with what it finds.
    When finished, remove the USB stick then press the Esc key to boot into regular windows.
    Navigate to the following file:
    "C:\windows\windows defender offline\support\mssWrapper.log" Open with notepad and copy and paste it into a reply.

    Kevin
     
  5. jam1980uk

    jam1980uk Thread Starter

    Joined:
    May 11, 2012
    Messages:
    129
    hello and thanks for your help im doing a scan at moment quck scan said there was 6 problems. i will update once it has done a full scan i hope i got the name of it right is it also know as west yorkshire police virus.
     
  6. jam1980uk

    jam1980uk Thread Starter

    Joined:
    May 11, 2012
    Messages:
    129
    did full scan it nearly finished then i got blue screen of death
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    Will it re-boot to Windows?
     
  8. jam1980uk

    jam1980uk Thread Starter

    Joined:
    May 11, 2012
    Messages:
    129
    can i first of all start by saying your awsome thank you so much after i did another full scan rebooted my comp and it booted up great i got this info hope it the right stuff..

    ERRORS_ONLY=0
    MAX_SIZE=5120
    APPEND=1
    MAX_LINE_SIZE=256
    -------------------------------------------------
    START 2012/05/16 19:10:39:593 TID:776 PID:724
    INFO 2012/05/16 19:10:39:593 TID:776 PID:724
    Binary architecture is x86
    INFO 2012/05/16 19:10:39:593 TID:776 PID:724
    UtilIsFileExists(C:\Windows\SysWOW64\ntdll.dll) returned 0x80070003
    INFO 2012/05/16 19:10:39:593 TID:776 PID:724
    CheckProcessorArchitecture returned 0x00000000
    INFO 2012/05/16 19:10:39:593 TID:776 PID:724
    Setting target OS key: "C:\Windows"
    INFO 2012/05/16 19:10:39:593 TID:776 PID:724
    SetRecoveryEnvironmentKey returned 0x00000000
    INFO 2012/05/16 19:10:39:593 TID:776 PID:724
    Searching for signatures. Default signature path: ""
    INFO 2012/05/16 19:10:39:593 TID:776 PID:724
    Searching for signatures at root of drives...
    WARNING 2012/05/16 19:10:39:593 TID:776 PID:724
    Missing definitions file in 'C:\mpam-fe.exe'
    WARNING 2012/05/16 19:10:39:593 TID:776 PID:724
    Missing definitions file in 'D:\mpam-fe.exe'
    INFO 2012/05/16 19:10:39:593 TID:776 PID:724
    Found definitions file in 'E:\mpam-fe.exe'
    INFO 2012/05/16 19:10:39:593 TID:776 PID:724
    Using signature path: "E:\mpam-fe.exe"
    INFO 2012/05/16 19:10:39:593 TID:776 PID:724
    SearchForSignatures returned 0x00000000
    INFO 2012/05/16 19:10:39:593 TID:776 PID:724
    Initializing offline environment and service...
    INFO 2012/05/16 19:10:57:515 TID:776 PID:724
    Launching user interface...
    INFO 2012/05/16 19:10:57:531 TID:776 PID:724
    Launched UI, waiting...
    START 2012/05/16 19:32:16:484 TID:780 PID:728
    INFO 2012/05/16 19:32:16:484 TID:780 PID:728
    Binary architecture is x86
    INFO 2012/05/16 19:32:16:484 TID:780 PID:728
    UtilIsFileExists(C:\Windows\SysWOW64\ntdll.dll) returned 0x80070003
    INFO 2012/05/16 19:32:16:484 TID:780 PID:728
    CheckProcessorArchitecture returned 0x00000000
    INFO 2012/05/16 19:32:16:484 TID:780 PID:728
    Setting target OS key: "C:\Windows"
    INFO 2012/05/16 19:32:16:484 TID:780 PID:728
    SetRecoveryEnvironmentKey returned 0x00000000
    INFO 2012/05/16 19:32:16:484 TID:780 PID:728
    Searching for signatures. Default signature path: ""
    INFO 2012/05/16 19:32:16:484 TID:780 PID:728
    Searching for signatures at root of drives...
    WARNING 2012/05/16 19:32:16:484 TID:780 PID:728
    Missing definitions file in 'C:\mpam-fe.exe'
    WARNING 2012/05/16 19:32:16:484 TID:780 PID:728
    Missing definitions file in 'D:\mpam-fe.exe'
    INFO 2012/05/16 19:32:16:484 TID:780 PID:728
    Found definitions file in 'E:\mpam-fe.exe'
    INFO 2012/05/16 19:32:16:484 TID:780 PID:728
    Using signature path: "E:\mpam-fe.exe"
    INFO 2012/05/16 19:32:16:484 TID:780 PID:728
    SearchForSignatures returned 0x00000000
    INFO 2012/05/16 19:32:16:484 TID:780 PID:728
    Initializing offline environment and service...
    INFO 2012/05/16 19:32:34:390 TID:780 PID:728
    Launching user interface...
    INFO 2012/05/16 19:32:34:406 TID:780 PID:728
    Launched UI, waiting...
    START 2012/05/16 20:24:01:656 TID:784 PID:732
    INFO 2012/05/16 20:24:01:656 TID:784 PID:732
    Binary architecture is x86
    INFO 2012/05/16 20:24:01:656 TID:784 PID:732
    UtilIsFileExists(C:\Windows\SysWOW64\ntdll.dll) returned 0x80070003
    INFO 2012/05/16 20:24:01:656 TID:784 PID:732
    CheckProcessorArchitecture returned 0x00000000
    INFO 2012/05/16 20:24:01:656 TID:784 PID:732
    Setting target OS key: "C:\Windows"
    INFO 2012/05/16 20:24:01:656 TID:784 PID:732
    SetRecoveryEnvironmentKey returned 0x00000000
    INFO 2012/05/16 20:24:01:656 TID:784 PID:732
    Searching for signatures. Default signature path: ""
    INFO 2012/05/16 20:24:01:656 TID:784 PID:732
    Searching for signatures at root of drives...
    WARNING 2012/05/16 20:24:01:656 TID:784 PID:732
    Missing definitions file in 'C:\mpam-fe.exe'
    WARNING 2012/05/16 20:24:01:656 TID:784 PID:732
    Missing definitions file in 'D:\mpam-fe.exe'
    INFO 2012/05/16 20:24:01:656 TID:784 PID:732
    Found definitions file in 'E:\mpam-fe.exe'
    INFO 2012/05/16 20:24:01:656 TID:784 PID:732
    Using signature path: "E:\mpam-fe.exe"
    INFO 2012/05/16 20:24:01:656 TID:784 PID:732
    SearchForSignatures returned 0x00000000
    INFO 2012/05/16 20:24:01:656 TID:784 PID:732
    Initializing offline environment and service...
    INFO 2012/05/16 20:24:19:468 TID:784 PID:732
    Launching user interface...
    INFO 2012/05/16 20:24:19:484 TID:784 PID:732
    Launched UI, waiting...
    INFO 2012/05/16 22:48:53:359 TID:784 PID:732
    Wait finished (UI signaled)
    INFO 2012/05/16 22:48:53:359 TID:784 PID:732
    RunCallisto returned 0x00000000



    But alot of my files and folders are LOCKED ??? how do i get round this please and thanks so much your a diamond
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    Can you run DDS and post the two logs...

    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.
    • When done, DDS will open two (2) logs
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.
    Information on A/V control HERE

    Kevin
     
  10. jam1980uk

    jam1980uk Thread Starter

    Joined:
    May 11, 2012
    Messages:
    129
    can i put this on usb and can you tell me a good free av please
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    Do you want to d/l and transfer DDS to the sick pc via usb stick, if so then yes.

    What exactly is the status of the sick PC. What is the OS, XP, Vista or Windows 7, is it 32 or 64 bit. Do you have Malwarebytes installed. Does it have an internet connection
     
  12. jam1980uk

    jam1980uk Thread Starter

    Joined:
    May 11, 2012
    Messages:
    129
    its xp 32 and it did have wireless but with the virus its knocked the drivers off and no dont have malwarebyts
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    Thanks for the information, OK do the following:

    Step 1

    Go Here and download DDS and save to your Desktop, this is a special version.

    (You can transfer this to the sick PC via USB)

    As you save the file re-name to DDS.com.

    Double click [​IMG] to run the program, Vista or Windows 7 users will have to accept the UAC alert.

    The screen will go red and you will see the following window:

    [​IMG]

    Expand "Advanced" check the boxes as shown, select start.

    Post the logs when it completes....

    Step 2

    Please download Farbar Service Scanner and run it on the computer with the issue.

    Make sure the following options are checked:

    • Internet Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    Let me see those logs..

    Kevin
     
  14. jam1980uk

    jam1980uk Thread Starter

    Joined:
    May 11, 2012
    Messages:
    129
    dont belive this oh i hate computer lol. i havent turned comp on since i messaged you the log file the other day i told you i got blue screen then redid scan managed to get onto comp got the log file message you turned off computer. just tried to start comp but my monitor wont come on must have wiped the driver for it any idears please
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    Will it boot to safe mode? Do you have your XP installation CD.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1052883