Tezuka
It says that my computer has been infected with a virus and it is associated with "kulitut.vbs"...How can I stop this crazy thing happening in my PC?
Plaese explain and elaborate the steps...
thanks!
Answer
Info and how to remove it is here.
http://pointblank.i.ph/blogs/pointblank/2008/02/07/how-to-remove-imgkulot-and-how-to-avoid-infecting-your-hard-drive-partitions-and-other-secondary-storage-devices/
Info and how to remove it is here.
http://pointblank.i.ph/blogs/pointblank/2008/02/07/how-to-remove-imgkulot-and-how-to-avoid-infecting-your-hard-drive-partitions-and-other-secondary-storage-devices/
So I've been battling this ransomware virus, and i really need someone who knows software?
going to c
---Some of this info probably isn't necessary to fix my problem, but i'm putting in as much as possible just in case.---
Long story short, my computer (windows7) was infected with a virus that displays a fake warning from the FBI for non-existant piracy, and tells me I need to give some random crooks $200 to unlock my computer. I couldn't get off the screen to do anything.
I got around it by booting the computer in 'safe mode with command prompt' and I lifted the virus's restrictions to my registry editor and task manager using .vbs files. Then, still in safe mode, I ran a virus scan and manually ripped out a bunch of malicious files that the scan missed. I also used regedit to delete some items in my registry that were just random strings of lowercase letters and numbers, which i read was a trait i could use to identify the malicious software.
Well now the fake warning/lockout page doesn't show up when i boot my computer normally, but my desktop icons are missing. My colorful background is there, and i can run all my stuff just fine using the start menu, but there are no icons and i can't click and drag my mouse across the desktop to make a blue box. Task manager says 'explorer.exe' is running.
While i was typing this a popup message came up, and it says it's from Malwarebytes, the program i used to scan when i was still in safe mode. It says "[Shell_NotifyIcon] Failed to perform desired action. Error Code: 1008". 'Shell' was an item in the registry that i was told to check the value of, and make sure it was set to 'Explorer.exe'. It was set to "explorer.exe' so i changed it.
I also deleted some empty folders that i probably shouldn't have, I think they were in myusername>AppData>Local>Temp, and they looked somthing like this:
[3439-1239-4948-3829-3929-3938]
There were five or six of them. Im an idiot so i didn't back anything up before i began fixing, and for complex reasons system restore is not an option.
THANKS for taking the time to read this. I'm really getting burnt out about this whole thing and I need some help.
I'm sorry I've worded this so crappily, my actual problem is hidden in the 4th paragraph of the question. I suspect the virus might be totally gone and I've just torn out something important by mistake.
Answer
I'm assuming all of your account on your computer are infected. Luckily, new accounts are not.
Log into your administrator account. Even though you can't see it, hit the windows button and R to bring up the run menu in the background and type "cmd" to bring up your command prompt and type the following without quotes and ():
"net user USERNAME(make up one) /add"
then
"net localgroup Administrator USERNAME(same as before) /add"
This will create a new account that is free of the "ransom-ware" on normal login and in safe mode.
Restart your computer and open up in safe mode under the new user account, re-run malwarebytes (go into safemode with networking if you need to update malewarebytes)
This should recognize and remove it, Also, if you have spybot S&D and MSE (microsoft security essentials) I would recommend running them as well.
This worked for me and it took me days to figure out. Good luck.
I'm assuming all of your account on your computer are infected. Luckily, new accounts are not.
Log into your administrator account. Even though you can't see it, hit the windows button and R to bring up the run menu in the background and type "cmd" to bring up your command prompt and type the following without quotes and ():
"net user USERNAME(make up one) /add"
then
"net localgroup Administrator USERNAME(same as before) /add"
This will create a new account that is free of the "ransom-ware" on normal login and in safe mode.
Restart your computer and open up in safe mode under the new user account, re-run malwarebytes (go into safemode with networking if you need to update malewarebytes)
This should recognize and remove it, Also, if you have spybot S&D and MSE (microsoft security essentials) I would recommend running them as well.
This worked for me and it took me days to figure out. Good luck.
Powered by Yahoo! Answers
Comments :
Post a Comment