CRYPTOLOCKER...

[jal]

CryptoLocker Prevent update 4.3.0

Done by a manual check on the update tab

[nob]

Wouldn't a restore roll it back and get rid. Surely it would be an .EXE file and nobody runs them from people they don't know. Do they.

[jal]

It's Sim who should be here to answer these questions Nob

[nob]

Did a scan with malwarebytes and it found a reg entry and labelled it as a Trojan Ransom. It will not remove it, it is in a curfile and is a .SCR file. SAS and AVG don't find it. I could remove it manually but would the screensaver pack in.

[jal]

Hi Nob

Is this any helphelp

Remove Metropolitan Police virus (Removal Instructions)

malwaretips.com/blogs/metropolitan-police-virus/

[Ratae]

Nov 25, 2013 9:12:28 GMT nob said:

Wouldn't a restore roll it back and get rid. Surely it would be an .EXE file and nobody runs them from people they don't know. Do they.

Yes it is an executable file Nob, but apparently it often skulks inside a PDF file. Like I said, I open owt like that in Linux.

I once managed to get rid of a virus that was in a wifi dongle that Greebo had. Can't recall how it worked, but I stuck the dongle in my Linux netbook and deleted the file with the virus.

I was a hero for about a day!

[nob]

No its not that JJ,

Dave its these two

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\******\LOCALS~1\Temp\msjqkeeq.scr -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\******\LOCALS~1\Temp\msjqkeeq.scr -> Delete on reboot.

Spybot S&D doesn't see them either, just MWB.

I can regedit to it but do I delete the entry or not. Is it bad or a false positive.

[Ratae]

Nov 25, 2013 14:54:51 GMT nob said:

No its not that JJ,

Dave its these two

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\******\LOCALS~1\Temp\msjqkeeq.scr -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\******\LOCALS~1\Temp\msjqkeeq.scr -> Delete on reboot.

Spybot S&D doesn't see them either, just MWB.

I can regedit to it but do I delete the entry or not. Is it bad or a false positive.

So, reading that, it seems like MBam has already set it up to delete those two files when you reboot your system. Personally, I would let MBam do it's thing.

However, couldn't you set a restore point before rebooting, then if you had a problem you could restore back to pre reboot, and then decide what to do next!

Just an idea!

[Ratae]

I did a scan yesterday on my desktop. MBam found a few adware thingys (the usual).... and one nasty that it flagged up as a trojan. MBAm said it must be removed.

I suspected that it might have been summat to do with that 'AcePlayer' that I downloaded, 'cos that's stopped working 'cos I won't let it use ads, and it wants me to change my Hosts file back to default.

But it can't have been that trojan. 'cos I ran the scan on my lappy and it came up clean, the AcePlayer has stopped working on that too, and for the same reason.

Anyway, the trojan was cleaned and everything is good!

[nob]

Nov 25, 2013 15:41:01 GMT Ratae said:

Nov 25, 2013 14:54:51 GMT nob said:

No its not that JJ,

Dave its these two

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\******\LOCALS~1\Temp\msjqkeeq.scr -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\******\LOCALS~1\Temp\msjqkeeq.scr -> Delete on reboot.

Spybot S&D doesn't see them either, just MWB.

I can regedit to it but do I delete the entry or not. Is it bad or a false positive.

So, reading that, it seems like MBam has already set it up to delete those two files when you reboot your system. Personally, I would let MBam do it's thing.

However, couldn't you set a restore point before rebooting, then if you had a problem you could restore back to pre reboot, and then decide what to do next!

Just an idea!

Did a reboot but it finds it all the time so it doesn't remove it or its installing on start up but it aint in the start tab of MSCONFIG. I could remove it manually via regedit but I cant find any info on tweb about msjqkeeq.scr. Its not causing a problem and as the other scanners aint bothered about it Ill leave well alone.

[Ratae]

Well, you could always do as you say and manually remove it from the registry just to see what happens. Then as it loads now on start up, if there's a problem, system restore.

Your call of course. But myself, when I see summat like that, it feels like an itch that I just have to scratch.


BTW Nob, do you have WinPatrol on your machine?

[nob]

No Dave no winpatrol installed. Like you the itch needs scratching Ill go for it.

Update It cant delete it. Cant locate locals~1 folder either even turning hidden folders on, so im assuming the temp files have been deleted leaving the reg entry. Run as admin still cant delete the entry.

[arch]

I have MBAM set to update daily and scan once a week. There was an option to let it Flash scan with the update, I had this checked to do so. Just had a butchers and that option seems to have been removed.

[Ratae]

Nov 25, 2013 16:43:58 GMT nob said:

No Dave no winpatrol installed. Like you the itch needs scratching Ill go for it.

Update It cant delete it. Cant locate locals~1 folder either even turning hidden folders on, so im assuming the temp files have been deleted leaving the reg entry. Run as admin still cant delete the entry.

In that case, my next move would be to run my registry cleaner, and have a look at what it wants to remove before actually cleaning it.

[nob]

Eusing? Is that a cleaner?

It is downloading and will see what it finds but I would think if I cant do it manually then that cant but Ill see.

Update, Nope its still there in MWB even after using the reg cleaner and that entry was the only one ticked to remove.