Bundespolizei virus . cannot remove from Pc

September 1, 2011 at 10:32:24
Specs: Windows XP
Bundespolizei virus what should I do to clear ? Is this a WWW issue or is it just here in Germany ? If its WWW its serious and Web ISP,s must do something about it , or their business income is going to be negative !!

What is the way to get rid of it ?? The bloggs so far suggest ways that DO NOT work .

This issue has totally locked up my computer . Is this the end of WWW ? I cannot even start it in safe mode !! So, I am Web incapacitated, until someone gets a solution for this ...

Could it be a form of Terrorism to end the West World Web ??? or IBM /DELL/APPLE plot to sell more computers ???
How many others out there have the same problem ??

Personally , I now have No web access until I can solve this virus . Is anyone working on this ?

ie . Can the Official German Bundespolizei comment ? To see why they have been hijacked by a www. virus in their name ?
Can they please make a statement about this as it is Defamation to people targetted ! ( Accusations of illegal / child pornography / terrorist communicationss. etc ?)




See More: Bundespolizei virus . cannot remove from Pc

Report •


#1
September 2, 2011 at 22:34:15
crandel1,

BundesPolizei Ukash is just another malware issue. Some are more difficult to solve than others.

Please use a computer to which you can download the following tool, and place it on a USB flash drive (or removable media). Also, use Notepad, make a copy of these instructions to use them in the infected computer, and also place the info on the USB flash drive.

Please download MiniRegTool:
http://download.bleepingcomputer.co...

Now, plug in the USB flash drive in the infected computer, and place the MiniRegTool folder on the Desktop, as well as the instructions you saved to Notepad.

Unzip the folder by right-clicking and selecting: Extract all…
Then, follow the prompts.

In the new folder created (MiniRegTool), double-click MiniRegTool.exe

Copy/paste the following into the large blank area:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603 HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache

Tick the Query Keys radio button.

Press Go, and post the information produced (Result.txt)
The Result.txt is also found in the newly created MiniRegTool folder on the Desktop.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#2
September 3, 2011 at 10:29:19
Sorry . This doesnt/cant work . I cannot even get to desktop on the infected computer . Even in safe Mode I get the same Bundspolizei banner /screen .
Maybe I need some kind of boot disk .

Report •

#3
September 3, 2011 at 13:17:13
crandel1,

Let's try a couple of alternatives before booting from a disk...

Please press Ctrl Alt Delete at the same time.
Task Manager should open.
Click 'File' at the top and select: 'New Task (Run...)'

In the 'Create new task' promp, type in: explorer.exe

Can you get to the Desktop and access the USB drive?

If not...

Once again, press Ctrl Alt Delete at the same time.
Task Manager should open
Click 'File' at the top and select: 'New Task (Run...)'

In the 'Create new task' promp, type in: http://www.google.com/
Does your Default web browser open, or does BundesPolizei take over once again?

Post back on whether any of the above worked.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

Related Solutions

#4
September 3, 2011 at 15:14:55
If you can do this much:

Press Ctrl Alt Delete at the same time.
Task Manager should open.
Click 'File' at the top and select: 'New Task (Run...)'
In the 'Create new task' promp, type in: regedit.exe

The Registry Editor screen should open.
Expand a Registry key by clicking on the [+] to the left of the following:

[+]HKEY_LOCAL_MACHINE
[+]SOFTWARE
[+]Microsoft
[+]Windows NT
[+]CurrentVersion
Winlogon

Click on the 'Winlogon' folder to open
On the right panel, look for the Name 'shell'

To the right of 'shell', under Data, what is there?

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#5
September 9, 2011 at 08:43:42
From Redgedit following your path ,To the right of Shell is
C:\Documents and settings\Chris\Application Data\jashla.exe

ps. I heard jashla was not good so turned it off from File Manager . This allowed me to get to Explorer .


Report •

#6
September 9, 2011 at 15:10:39
Good job, crandel1!!


Can you run the following program using Task Manager, or normally, if possible:

Please download SystemLook from the link below:
http://jpshortstuff.247fixes.com/Sy...

Save the file to the Desktop

Double-click 'SystemLook.exe' to run it.
Copy the following into the open textfield:

:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603  
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache


:filefind
jashla.exe


Click the 'Look' button to start the scan.
When finished, a Notepad window opens with the results of the scan.

Please post the SystemLook.txt in your reply.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#7
September 9, 2011 at 20:00:53
I found jashla.exe by searching my C drive . i deleted it from C: & Waste bin . is this sufficient ? or does this thing hang around in other forms ?

All seems to work ok now .


Report •

#8
September 9, 2011 at 20:14:04
I get .......SystemLook_x64.exe is not avalid Win 32 application

Report •

#9
September 9, 2011 at 20:19:58
Please try the link once again.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#10
November 22, 2011 at 01:53:24
Hi! I did all as you said but now i'm stock, i don't know what to do after the scan.
It is written
SystemLook 30.07.11 by jpshortstuff
Log created at 10:43 on 22/11/2011 by Administrateur
Administrator - Elevation successful
And then many things under REG

Report •

#11
December 7, 2011 at 16:15:41
Hello i followed these instruction to remove this virus but it still will not allow me to write regedit because that screen disapears sooo fast and the virus banner appears leaving me with nothing to do to access my desktop. what else can i do to remove this virus i tried everything but the banner still appears. I tried safe mode with command but thats all works and it flash very quick at the screen im suppose to write regedit but it flash so fast i cant write anything and the banner virus appears again. what do i do?

Report •

#12
December 10, 2011 at 08:58:05
As soon as you logged in with your user name and password, try quickly to press again CTR+ALT+CANC and look for processess crteated by your account; hoping they are few, close the one that seems not "regular"... i mean leave explorer but delete "ashaja", or "mchmash" or programs with strange names if created by your account (not by Administrator or System)

Report •


Ask Question