GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


Windows Police Pro

2 posters

descriptionWindows Police Pro EmptyWindows Police Pro19th October 2009, 12:27 am

more_horiz
Hopefully someone will be able to help me.
Looks like I got infected with Windows Police Pro
Following are few items that are happening on the PC
- Windows POP up
- unable to use taskmanager
- Windows Police Pro pops up messaged that system is infected and wants to download a full version
- PC re-sets if I'm connected to internet.

Any sugestions will be appreciated

Thank you,

~Adam

descriptionWindows Police Pro EmptyRe: Windows Police Pro19th October 2009, 12:40 am

more_horiz
Please download exeHelper

  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

descriptionWindows Police Pro EmptyRe: Windows Police Pro19th October 2009, 1:04 am

more_horiz
Thanks for your help
Run the exeHelper twice

Results from 1st. run:
exeHelper by Raktor
Build 20091018
Run at 20:47:41 on 10/18/09
Now searching...
Checking for numerical processes...
Deleting file C:\Documents and Settings\All Users\Application Data\90652830\90652830.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\90652830
Deleting file C:\Documents and Settings\All Users\Application Data\33579633\33579633.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\33579633
Checking for bad processes...
Killed process Windows Police Pro.exe
Checking for bad files...
Deleting file C:\WINDOWS\system32\AVR09.exe
Deleting file C:\WINDOWS\system32\~.exe
Deleting file C:\WINDOWS\system32\winupdate.exe
Deleting file C:\WINDOWS\system32\41.exe
Deleting file C:\WINDOWS\system32\winhelper.dll
Deleting file C:\WINDOWS\system32\pump.exe
Deleting file C:\WINDOWS\system32\calc.dll
Deleting file C:\Program Files\Windows Police Pro\Windows Police Pro.exe
Checking for bad registry entries...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Log from the 2nd run:
exeHelper by Raktor
Build 20091018
Run at 20:57:39 on 10/18/09
Now searching...
Checking for numerical processes...
Deleting file C:\Documents and Settings\All Users\Application Data\03915220\03915220.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\03915220
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

descriptionWindows Police Pro EmptyRe: Windows Police Pro19th October 2009, 12:10 pm

more_horiz
Hello.
Okay, we've made a dent big enough to allow us to start slicing away at this malware.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

descriptionWindows Police Pro EmptyRe: Windows Police Pro

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum