SOLVED Cheshire police virus help please

[Boss colemanator]

Please note: To anyone else who has received this virus, it is 100% a scam - the police do not operate like that. I recommend you view this guide on how to remove it.

Hello recently I received the cheshire police virus (a hoax to con you out of £100 that locks down your pc).

I have tried doing a system restore which was unsuccessful on 3 attempts. On the 3rd, it restarted and said system restore was unsuccessful but the windows 7 laptop loaded up and I was not greeted by the cheshire message. But none of my applications worked apart from notepad and paint. I assumed the virus was still active somehow.


Then I tried msconfig on cmd and I found a suspicious unknown random letter file called bdflhvmy located in another odd folder in local then in appdata.

I attempted to locate this file in documents however in appdata, local did not exist.


This is about as far as I can go without expert advice. I would appreciate any help soon thankyou!

 

[TrainableMan]

Use my advice at the start of THIS post.

 

[Boss colemanator]

I cannot access the internet to download it. When I open internet explorer a blank white box appears, and chrome wont open. Thanks.

 

[TrainableMan]

You will likely need to use another unaffected computer (friend, neighbor, even at your local school or library) to download TDSSKiller & RKILL to a USB flash drive. Then you boot your computer into safe mode and run them off the flash drive.

 

[Boss colemanator]

I put RKill, TDSSKiller and MalwareBytes on a usb. I only managed to get RKill to work though. It changed a few things but when I restarted the PC none of my applications worked still. Thanks.

 

[TrainableMan]

TDSSKiller would not run? What error did you get? It is important to run TDSSKiller to remove the rootkit portion. And all RKill does is stop the virus from running until reboot ... you must actually get your anti-virus program to remove the virus so it cannot restart again. It is important you run all three programs in the same safe mode session: TDSSKiller, RKill, and then MBAM or other anti-virus software.

 

[Boss colemanator]

TDSSKiller would not run? What error did you get? It is important to run TDSSKiller to remove the rootkit portion. And all RKill does is stop the virus from running until reboot ... you must actually get your anti-virus program to remove the virus so it cannot restart again. It is important you run all three programs in the same safe mode session: TDSSKiller, RKill, and then MBAM or other anti-virus software.

Okay it seems that internet explorer 64 bit worked and I downloaded Hitmanpro and Malwarebytes. They both seemed to find a fair amount of threats and removed them. For some reason Skype, Minecraft and other applications aren't working still - it just says 'application was unable to start'. I have also tried to reinstall Skype, but no luck there. Thanks.

Edit: I also just did a sfc /scannow - it's currently in progress.

 

[TrainableMan]

If it damaged your registry a system restore to a time prior to the problem or a complete reinstall are your best options.

 

[Boss colemanator]

If it damaged your registry a system restore to a time prior to the problem or a complete reinstall are your best options.

Ah. The results of the sfc scanner managed to fix 3 things, but 4 problems still remain detected but not fixed.

I can't do a system restore unfortunately as it fails on all occasions - not too keen on a complete reinstall.

Thanks.

 

[TrainableMan]

If the damage to the registry is limited to your personal ID then you could try creating a brand new userid and then if things work over there you can copy all your data to the new account and start using that one. So a new UserID is worth a try; unfortunately if the registry corruption is in the computer section rather than the user section then this will not help.

 

[Boss colemanator]

If the damage to the registry is limited to your personal ID then you could try creating a brand new userid and then if things work over there you can copy all your data to the new account and start using that one. So a new UserID is worth a try; unfortunately if the registry corruption is in the computer section rather than the user section then this will not help.

I did make a new user and make it administrator, but none of my applications worked still. I think I'll have to try to reinstall windows somehow.

Here's some of the error results after doing a sfc scan (If this helps in any way):

gle=0xd0000034 CSI 0000033f status object not found #7788902# from windows::rtl::system implementation:: direct file system provider:: system create file (flags) = (allow sharing violation), handle=[provider=null,handle=0],da=(synchronize|file_read_attributes),oa=@0x93c8d0->object_attributes[s:48;rd:null;on[94" and so on..

gle=0x80004005

gle=0xd0000034



Sorry there's a heck of a lot to write - my friend is talking it to me.

 

[TrainableMan]

Do you have a W7 install DVD? You could try running "system repair" from the installation screen. If you don't have a W7 Install DVD you can download & burn one (I would recommend using a different computer to download & burn the DVD in case yours is still compromised) ... W7 SP1 Install DVD (be sure to get the same version Home Prem, Pro, or Ult & same bit-size 32-bit (x86) or 64-bit (x64)).

If the system repair doesn't work then you can always use it to do a complete install. Just be sure to get your W7 Product key before you reformat, and of course back up your data to an external drive.

Because you had a virus, if you do end up reinstalling, I strongly suggest (after backing up your data to an external drive) that you completely drop all partitions on that infected hard drive, then reallocate, and reformat, then do a fresh install. Once you have installed the OS then install a good active anti-virus. Then run a virus scan on your backed up data, then restore it, then run another complete virus scan. And finally reinstall all your programs such as extra browsers, paint programs, office software.

 

[Boss colemanator]

Okay, thank you very much for your help.