Articles

Solved System Cleaner 8.02 pop up

September 26, 2012 at 06:50:10
Specs: Windows Vista

Last night i received a pop-up that stated that I had downloaded something illegal and that it was freezing my computer. Unless i got some sort of paycard at Walgreens or come other place and pay $200, that I would lose all my files. It cited laws and had a government seal at the top. Is this for real?

See More: System Cleaner 8.02 pop up

Report •


✔ Best Answer
September 27, 2012 at 07:42:07

I had the same problem last night and I called my anti- spyware software provider and this is what they told me. Restart in safe mode. Go to Folder Options. Show Hidden files. Then go to your C drive in My computer. open foler App Data, then open Local folder. Then open Temp folder and look for this file. IRB700.exe This is the file containing the ransom ware virus. Right click on the file and change the file name by adding PCtools
after .exe (IRB700.exe.pctools)Then go to your Run window and type in MSconfig. Then under selective startup open start up tab or boot tab at the top and look for a file that should say UNkown with the same file path as above C/AppData/Local/Temp/Irb700.exe. Uncheck this file and retstart in normal mode. Your computer should be unblocked now. Immediately update your virus software and run a full system scan and quarantine any additional infections.


#1
September 26, 2012 at 07:49:34

No. It's a scam. Ignore it.

Report •

#2
September 26, 2012 at 07:57:44

Can't ignore it, won't let me get online. Need to somehow delete it.

Report •

#3
September 26, 2012 at 11:29:49

sounds like ransom-ware. Don't pay for It, don't ever give out your card to something like this. If you are able to, switch to safe mode and run the following

rkill, emisoft deep scan and malwarebytes. I suspect this is a variation on the ukash kit.

:: mike


Report •

Related Solutions

#4
September 26, 2012 at 11:52:02

I have the same problem and am not even able to log on to safe mode.

Report •

#5
September 27, 2012 at 07:42:07
✔ Best Answer

I had the same problem last night and I called my anti- spyware software provider and this is what they told me. Restart in safe mode. Go to Folder Options. Show Hidden files. Then go to your C drive in My computer. open foler App Data, then open Local folder. Then open Temp folder and look for this file. IRB700.exe This is the file containing the ransom ware virus. Right click on the file and change the file name by adding PCtools
after .exe (IRB700.exe.pctools)Then go to your Run window and type in MSconfig. Then under selective startup open start up tab or boot tab at the top and look for a file that should say UNkown with the same file path as above C/AppData/Local/Temp/Irb700.exe. Uncheck this file and retstart in normal mode. Your computer should be unblocked now. Immediately update your virus software and run a full system scan and quarantine any additional infections.

Report •

#6
September 27, 2012 at 10:12:07

Thanks soundwdj! I tried everything I could think of to get this off of my Dad's laptop, and your instructions worked perfectly. Thanks again!

Report •

#7
September 27, 2012 at 19:14:59

Does anyone know the steps for Windows 7? I can't follow #5's path. :-(

Report •

#8
September 27, 2012 at 19:41:09

Wow soundwdj...thx so much! I was a little skeptical because it looked so easy but it worked! Hogheaven....I kinda had to search around for the right temp file but once you find it, it's easy from then on.

Report •

#9
September 27, 2012 at 19:45:02

That is the correct file path for Windows 7.

Report •

#10
September 27, 2012 at 19:57:10

But I don't even have an App Data Folder to my knowledge.......

Maybe I'm looking in the wrong place. I'm a novice at the guts of these machines. There is no My Computer in Windows 7 so I went into Control Panel/Administrative Tools but don't see anything like what was indicated.

Report •

#11
September 27, 2012 at 21:40:04

Hogheaven42ess
"But I don't even have an App Data Folder to my knowledge"

That's why you have Search.

All about it is in Help and Support.

Or, this one is a beauty.

UltraSearch
http://www.softpedia.com/get/File-m...
http://www.softpedia.com/progScreen...
http://www.jam-software.com/ultrase...


Report •

#12
September 28, 2012 at 00:21:43

I still need help with this for Windows XP. When I do Safe mode, and then select XP, the "System Cleaner 8.02" page takes over before I can check files or start a Norton scan. Any more ideas? Am I missing something that would slow things down when I'm in Safe mode?
Once "System Cleaner" pops up, I can't see anything else.

Report •

#13
September 28, 2012 at 00:43:52

Gnossos, try this way.

1: In Safe mode, do a search for IRB700.exe

2: Right click on IRB700.exe & rename. Now it will read this > IRB700.exe.pctools ( copy & paste, then you can't go wrong )

3: Whilst in Safe mode > Start > Run, Copy & Paste > MSconfig & hit > Enter.

4: Click > Selective startup, open Startup tab or Boot tab at the top and look for a file that should say UNkown with the same file path as above C/AppData/Local/Temp/Irb700.exe. ( Or where ever your operating system has it ) Uncheck this file and then click > Normal startup. Click > Apply & OK.

5: Reboot


Report •

#14
September 28, 2012 at 00:59:17

Johnw, when I press f8 at startup, I get a bunch of choices on a page including "Safe Mode". Among the other choices are:

Safe Mode with Command Prompt
Safe Mode with Networking
Debugging Mode
Reboot.

When I select "Safe Mode", I am taking to a page which says "Please select the operating system to start:

Microsoft Windows Recover Cosole
do not select this [debugger enabled]
Microsoft windows XP Professional

at the bottom of the page it says "for troubleshooting and advanced startup options for Windows, press F8. (but F8 just takes me back to the previous page.)

When I select the XP Professional choice, I now get a quick DOS-like scrolling and a message that Windows has had to shut down, with some error location info. I think the virus has now messed up my hard drive and I'm screwed.


Report •

#15
September 28, 2012 at 01:07:50

Microsoft windows XP Professional is the right choice.

" I think the virus has now messed up my hard drive"
Looks like it.

Lets try System Restore & then Safe mode again for IRB700.exe. I shall do some research while you are trying that.

I have had good results using in Normal or Safe Mode, different to Last Known Good Configuration in Safe Mode.
http://www.microsoft.com/windowsxp/...
http://bertk.mvps.org/index.html
http://bertk.mvps.org/html/safemode...
System Restore is accessed the following way:
1. It's a good practice to shut down all other applications before using System Restore, as it requires a full-system reboot to complete the installation. Connecting to the internet is not required, however. So shut all applications. Then click "Start."
2. Start > All Programs > Accessories > System Tools > System Restore. Then the program will load.


Report •

#16
September 28, 2012 at 01:15:45

Here you go Gnossos.

SMFixer
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.sergiwa.com/modules/mydo...
http://www.addictivetips.com/window...
Windows Safe Mode Fixer.
SMFixer is a handy and reliable utility designed to fix Windows Safe Mode issues.
Many viruses corrupt Windows Safe Mode so you cannot boot in safe mode to remove them. This handy tool repairs Windows Safe Mode and gives you back the full control over your computer.
How to use it? Click FIX button and your computer will restart immediately. Please save any unsaved work before you click FIX button. After restart hit F8 key to boot in Safe Mode.


Report •

#17
September 28, 2012 at 01:39:49

johnw, I appreciate the effort, but when I read something like:

"It's a good practice to shut down all other applications before using System Restore, as it requires a full-system reboot to complete the installation. Connecting to the internet is not required, however. So shut all applications. Then click "Start".

it makes no sense, because I can't do ANYTHING like shutting down applications. And I'll have to be VERY fast to get to my Start button before the virus grabs control of the display...

Likewise with the SMFixer. How do I download a program when I can't get rid of the System Cleaner screen?

I was able to get past the 'windows had to shut down' thing by using "Last Known Good Configuration". I'll see if I can get to System Restore fast enough.

Thanks again. (sorry about slow response--I wasn't expecting such fast help)


Report •

#18
September 28, 2012 at 01:56:36

Tried 4 times, but can't get to System Restore. Was only fast enough to click on >Start>Accessories before the 'System Cleaner 8.02' grabbed control of the display. Each time that happens, I have to do a hard shut down and start again.

Can I do anything from "Debugger" or from "Reboot" that would help?


Report •

#19
September 28, 2012 at 02:50:19

"Can I do anything from "Debugger" or from "Reboot" that would help?"
Don't know, time to change tack.

Download this onto a good comp, put it on a thumb drive & see if you can run it.

Run ESET & post the log please.
http://www.eset.eu/online-scanner
http://www.eset.com/us/online-scanner
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
How can I view the log file from ESET Online Scanner?
http://www.eset.eu/eset-online-scan...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.


Report •

#20
Report •

#21
September 28, 2012 at 02:55:46

Another way is to take the drive out & slave it to a good comp & clean it up from that comp.

Will need more info about your infected drive ( laptop or PC, ide or sata etc ) & the same details for the host comp.


Report •

#22
September 28, 2012 at 03:44:55

johnw, many thanks for your time and effort. I'm giving up for tonight. Tomorrow I will probably bite the bullet and take it into a shop. Both the infected computer and the one I'm now typing on are laptops, but the good one is my wife's and I'm reluctant to mess with it!

Thanks again. I'll try to report what happens next.


Report •

#23
September 28, 2012 at 05:06:44

This morning I just pressed F8 while it booted up and got into Safe Mode. I then did a system restore to a week ago and everything seems fine again. This might save a bunch of steps.

Report •

#24
September 28, 2012 at 11:03:30

Hello

I have the virus clean system 8.02. I do not have anti-virus spyware. Help

Thank you

Cec


Report •

#25
September 28, 2012 at 11:25:01

I did what hogheaven42ess did and it work. Thanks

Report •

#26
September 28, 2012 at 19:59:43

This is what I did. First I turned off my computer and start in safe mode and you do this by restarting your computer and pressing F8 and choose safe mode. It doesn't matter if is safe mode with network or regular safe mode. If you are using Windows 7 go to start icon and go to search and type : msconfig and click on startup tab. Look for the program that has IRB700 and uncheck it or disable it. Then turn off your computer and re start again on regular mode and this should let you start your computer. After that just run your virus program and it should now find it and delete it. For Windows XP, instead of going to search at the botton of start, go to start and then go were it says run and type msconfig and follow the other steps. Hope this works for all of you as it worked for me.

Report •

#27
September 28, 2012 at 23:25:33

For the person trying to "beat" the System Cleaner to get to the System Restore program, you will need to turn off your wireless adapter by pushing the button that is on your keypad or laptop shell somewhere or somehow disable your network connection (in safe mode)... When my wireless/LAN connection was down, the program wouldn't launch, but as soon as I turned on my network connection, it launched and I had to shut down the computer and start all over... Hope this helps a little @ least!

Report •

#28
September 29, 2012 at 08:11:29

Sound the only thing I would add is that if you have multiple users set up the file path is a little different C:\users\'username'\App Data... that's where the nasty bugger was on mine. Excelent help though. Just glad I had an alternate access to look this up lol.

Report •

#29
September 29, 2012 at 10:03:44

Update: Took my infected laptop to a tech who reported back last night that all is well, though she had some trouble clearing my "Windows is shut down" problem that I mentioned in post #14. Apparently all is well with that laptop, and I'll pick it up today.

BUT...the laptop I'm now using, which was connected to the same router when I had the Systeme Cleaner 8.02 problem, is giving me frequent "Internet Explorer has stopped working" pop-ups. Instead of shutting down IE, it seems to restart it with the same URL. sometimes. I wasn't using this laptop much before, so I can't be sure this is a new problem, but I'm wondering if it has something to do with the System Cleaner 8.02 virus.. I updated Norton last night and ran a full scan, but I'm still getting the 'IE has stopped working' pop-ups.


Report •

#30
September 29, 2012 at 10:08:02

I meant to thank hofb99 for the suggestion in #27. Didn't get a chance to try it before turning that laptop over to the tech, but it sounds like a good idea.

Report •

#31
September 29, 2012 at 14:21:52

Gnossos
"but it sounds like a good idea"

So before you connect the laptop fixed by the tech, clear the router out by holding the reset button in for the number of seconds the manual says.

Hack lets intruders sneak into home routers
http://tinyurl.com/4pz64fc
http://compnetworking.about.com/od/...
If you haven't changed the default password on your home router, let this recent threat serve as a reminder.


Report •

#32
September 29, 2012 at 16:58:03

Thank you, soundwdj!!! It took me a little while to find the little bugger (irb700.exe) but once I did your instructions worked perfectly. You saved me so much time and headache!

Report •

#33
September 29, 2012 at 17:02:43

Anybody else having trouble finding irb700.exe, just use this.

UltraSearch
http://www.softpedia.com/get/File-m...
http://www.softpedia.com/progScreen...
http://www.jam-software.com/ultrase...


Report •


Ask Question