Solved

get rid of ICE Cyber Locker Windows 7

Posted on 2014-11-19
10
132 Views
Last Modified: 2014-11-29
I have been infected with the ICE cyber crime center malware.
I am running Windows 7 Pro 64 bit
I am unable to get into safe mode
I downloaded Bleeping computer's Hitmanpro, created a boot USB drive, but when I boot from it, I can never get to the point where hitmanpro  will run.
I cannot go back to a restore point (because I cannot get to c:\windows\system32\rstrui.exe before ICE Cyber runs again on me.

I have been working on this for 4 hours.  Can someone help me please!!
Feel free to ask any questions you need for clarification.
0
Comment
Question by:jhillbos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 

Author Comment

by:jhillbos
ID: 40452908
As to hitmanpro, when I boot from the USB drive, I select option #1 'Bypass master boot record'.
Windows runs, I login, and hitmanpro does not run, but ICE Cyber locker does and hangs me up
0
 
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
ID: 40452925
0
 

Author Comment

by:jhillbos
ID: 40453020
I am afraid not.  I get to the point where I can actually load restore points.  The first restore point that displays works, but the infection must have already been there, because it is still there after the restore is complete.  When I display previous restore points, I can try to restore back to 11/11/14.  It starts to work, It starts with preparing, goes to initializing, then goes to restoring files, then crashes with rstrui.exe application error.  "The instruction at 0xfb1bca referenced memory at 0c062c50bc.  The memory could not be read.  Click OK to terminate."  I have tried this on several restore points.

Are there specific files I could try to delete using the command prompt?
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:jhillbos
ID: 40453073
Also, according to the instructions from the youtube video, when I try to open the 'hive' and I find the 'software' key, it tells me the file is in use.

This is a real bugger!!
0
 
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
ID: 40453106
Have you ruled out a fresh reinstall?  Better yet do you have either an image to re-image the computer or you could combine a fresh install with recovering using a versioning file backup tool (assuming you were using one - like crashplan - not dropbox).  Dropbox is not a backup, but if that is all you had contact them and they will restore your files from an older version, although it takes them longer.
0
 

Author Comment

by:jhillbos
ID: 40453117
That is the last thing I want to do.  It will take quite a while to get things back to where they were.  No more suggestions?  I do not have an image from the original install.
0
 
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
ID: 40453152
I don't have more suggestions at this point for your current dilemma.  I do suggesst you invest in versioning backup in the future.  Like I was saying, it is much easier to recover from this type of problem, when you can go back as many versions as you wish.  We have successfully done this using CrashplanPROe. and I have done the same using Crashplan home version.  Note that with a tool like crashplan you can do this for free as long as you don't use the CrashPlan server (cloud) as a backup destination.  You can even designate multiple other destinations.

www.crashplan.com

Disclaimer:   I am not in any way affiliated with anything mentioned in this post - just a happy user.
0
 

Accepted Solution

by:
jhillbos earned 0 total points
ID: 40462338
We paid them
0
 
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
ID: 40462385
Sorry to hear.  For our information - how much did it end up costing and did you get the decryption key?
0
 

Author Closing Comment

by:jhillbos
ID: 40471444
I tried multiple suggestions.  I guess by the time I got to the PC, it was to late to go back.  Could not accomplish anything.  Could not revert back to system restore points at all.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question