Metropoplitan police virus removal on encrypted drive (true)

April 20, 2014 at 10:28:35
Specs: Windows 7, 4
Hello, I am trying to remove this virus however at every corner my encrypted hard drive gets in the way , it is not discoverable by Kaspersky or windows defender offline. Hitmanpro only works with non encrypted drives, and anvisoft will not connect to the internet( I assume related to encrypted drive. I cannot start in safe mode but it will let me into the start up repair( cmd prompt sys restore etc). There are no system restores and it will not let me access anything on the hard drive (encrypted).

I still however have access to the start menu and can tab in some processes... Is there a workaround for this or am I buggered?

Any help would be much appreciated!

message edited by ll86


See More: Metropoplitan police virus removal on encrypted drive (true)

Report •


#1
April 20, 2014 at 19:29:35
I assume you've come across this:

http://malwaretips.com/blogs/metrop...

When using hitmanpro you need to run it after booting from a USB drive so the virus doesn't load.


Report •

#2
April 21, 2014 at 04:22:14
I have yes however hitman pro does not work with fully encrypted hard drives according to their FAQs ( true crypt).... I can get to the boot screen ( 123 ) and then it will state failed to boot for all options....

Report •

#3
April 21, 2014 at 04:31:59
"however hitman pro does not work with fully encrypted hard drives"

Is that referring to the Kickstart version?

Kickstart is the version required.


Report •

Related Solutions

#4
April 21, 2014 at 04:36:36
The drive must not be completely encrypted since you can get to command prompt. And you should be able to boot from a USB drive no matter what condition the hard drive is in. That's a totally separate deal. Are you sure the system files are properly set up on the USB drive to make it bootable and that it's the first drive in the boot order in bios setup?

Report •

#5
April 21, 2014 at 04:37:04
yes Kickstart version, I think its because it has problems identifying the encrypted drive?:

"Q-20: Can I use HitmanPro.Kickstart with a fully encrypted hard drive?
A-20: HitmanPro.Kickstart will not boot from a disk that has been fully encrypted with e.g. Bitlocker, TrueCrypt, or any other encryption program. If you try to do so, a failure message ‘Non-NTFS partition or encrypted disk detected’ will be displayed."

http://dl.surfright.nl/Kickstart-FA...


Report •

#6
April 21, 2014 at 04:38:28
I put it as the first drive in the bios setup. However it is a work computer and as such is encrypted using true crypt , does this mean it is fully encrypted?

Report •

#7
April 21, 2014 at 04:45:02
"However it is a work computer and as such is encrypted using true crypt"

Here are a couple of programs that may help.

TCExplorer
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://sourceforge.net/projects/tce...
http://www.codeproject.com/KB/files...
FAQ
http://www.codeproject.com/script/F...
TCExplorer is a portable software to import, export, delete, and rename files in TrueCrypt containers. TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device).
TCExplorer is small, simple and does not require any installation.

Portable TrueCrypt
http://www.softpedia.com/get/PORTAB...
http://www.softpedia.com/progScreen...
http://www.pendriveapps.com/truecry...
http://www.truecrypt.org/
http://www.hotbutteredit.com/video/...


Report •

#8
April 21, 2014 at 04:46:06
Your quote in # 5 says it won't boot from an encrypted drive. But you're not supposed to boot from the (encrypted) hard drive--you're supposed to boot from the USB drive. If you have it as the first boot device then the USB drive must not have bootable system files on it. I didn't check to see how that site recommended setting up the USB drive but I think that's where the problem is. I'll try to check that later if no one posts in. It's way late here.

Edit Oh I thought it was the virus that had encrypted the drive. Third party encryption is going to make things more difficult but I still think you're not actually booting from the USB drive.

message edited by DAVEINCAPS


Report •

#9
April 21, 2014 at 04:49:52

Report •

#10
April 21, 2014 at 04:52:51
Hi John , how do I use this TCexplorer to remove the UKASH virus? Sorry if I am being dumb...

Report •

#11
April 21, 2014 at 04:57:05
I can boot from cd or usb and have done for Kaspersky and windows defender , however they both will not scan the encrypted hard drive as they cannot identify it?

In the case of Kickstart I think it stops me from booting to save me the time of it not working due to truecrypt ( it detects it?)?

I have used the hitman pro to create the bootable usb and followed the instructions...

message edited by ll86


Report •

#12
April 21, 2014 at 05:00:35
"Hi John , how do I use this TCexplorer to remove the UKASH virus? Sorry if I am being dumb..."
Just a long shot, maybe it will help with the encryption side of things.

Report •

#13
April 21, 2014 at 05:05:06
With infections, you need to keep trying the different tools listed. Usb & safe mode are other choices.

Here is another to try,

Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#14
April 21, 2014 at 05:57:38
I am having trouble running the eset browser scanner as I can only tab ( not click as the metropolitan police window stays ontop if I move the mouse off preview..) and you have to tick a box to accept the T and Cs. ( in a normal window I could tab down and press enter but the popup window wont allow me to move past the address...

Report •

#15
April 21, 2014 at 09:19:08
Ok so after much faffing I think I have found the solution in malwarbytes chameleon:

https://www.malwarebytes.org/chamel...

Brilliant little thing as you can install it and run it while the virus is running

So what I did was I press the windows key and in the search box typed in the above address, and then its a bit fiddly but through using the preview box of the window ( as virus browser window is set to sit on top), the windows key and the tab key, you can navigate: the download and install and scan all with tab and enter . NB windows will disappear after each tab but just hover over the window again and press tab...

And viola I have my laptop back , thanks for all the help, if you ever find yourself with a computer with no usb/ cd ports / and/or an encrypted hard drive this may do you ...

If however you do have usb ports and a normal hard drive there are easier ways ( hitman pro - Kickstart)

message edited by ll86


Report •

#16
April 21, 2014 at 14:54:47
"And viola I have my laptop back"
Nice work, doubt if you are clean yet, I expect more stuff will be lurking.

Copy & Paste the contents of the Malwarebytes log please.


Report •

Ask Question