Jump to content

Mandiant USA Cyber Security...HELP!


Recommended Posts

I have this thing on my laptop and no idea how to remove it. I have called a tech support line and they told me to go to a professional to have it fixed, but I don't have the money for that. After repeatedly trying safe mode w/ networking, and system restore, I was able to create a new user before it popped up again. The new user is fine and I can get on the internet but I know the malware is still on the computer. I can access safe mode from the new user but I can't download anything. It has been like that for a while but I didn't think it was anything serious until i heard that the reason was because it was another virus on my computer. I really need my computer for school and have a lot of things on it that i also need. So I need help figuring out how to remove the virus blocking my downloads and how to remove the malware blocking me from using my original user. Please Help!!

 

 

                 -Brandy

Link to post
Share on other sites

Can you run the following:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

If it will not run tell me what version of windows you are running... Vista, W7, W8 XP....

Link to post
Share on other sites

Do you have access to another PC to d/l FRST and a USB stick to run on the sick PC.. If so do this please....

 

Please download Farbar Recovery Scan Tool from here:                                                                  

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

 

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

 

On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

OK, make Kaspersky rescue cd on your spare PC, then we boot the sick PC from the CD and run Kaspersky as instructed....

 

Download Kaspersky Rescue Disk (iso)

  • Burn it to a cd or dvd, if you need a program to burn an ISO...use  Active@ ISO Burner
  • Configure your computer to boot from CD/DVD
     
    Note : If you do not know how to set your computer to boot from CD/DVD follow the steps here
     
  • Once you have the cd/DVD created, boot the computer up using it
  • Press any key to enter the menu
  • Select your language
  • Press 1 to accept the End User License Agreement
  • Select Kaspersky Rescue Disk. Graphic Mode
  • Click on the Start button located in the left bottom corner of the screen
  • Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Malware/Virus
     
     
    krd5.jpg If you can't find Kaspersky WindowsUnlocker, go to Terminal instead > type > windowsunlocker > choose 1 - Unlock Windows > Enter
     
     
  • When it's done, click on the Start button and start Kaspersky Rescue Disk utility
  • Click on My Update Center tab and press Start to download the latest update
  • Next, select the Object Scan tab
  • Put a check next to C:\ and any other local drives
  • Then click Start Objects Scan
  • Quarantine any malware found
  • Restart your computer and see if it boots up normally....

 

When booted back into Windows Navigate > Start > Computer > C:\Kaspersky Rescue Disck 10.0 Open the folder, inside is log from KRD run named "ScanObject" copy/paste that file to your reply.

Link to post
Share on other sites

Create the rescue cd by Kaspersky on your spare PC, boot the infected PC from the CD and follow the instructions.... Do not create the cd on the infected system...

 

It would be more beneficial to run FRST via a usb stick from the recovery environment, I only give the Kaspersky option because you have no usb memory stick...

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.