Link to home
Start Free TrialLog in
Avatar of jhillbos

asked on

get rid of ICE Cyber Locker Windows 7

I have been infected with the ICE cyber crime center malware.
I am running Windows 7 Pro 64 bit
I am unable to get into safe mode
I downloaded Bleeping computer's Hitmanpro, created a boot USB drive, but when I boot from it, I can never get to the point where hitmanpro  will run.
I cannot go back to a restore point (because I cannot get to c:\windows\system32\rstrui.exe before ICE Cyber runs again on me.

I have been working on this for 4 hours.  Can someone help me please!!
Feel free to ask any questions you need for clarification.
Avatar of jhillbos


As to hitmanpro, when I boot from the USB drive, I select option #1 'Bypass master boot record'.
Windows runs, I login, and hitmanpro does not run, but ICE Cyber locker does and hangs me up
Avatar of Thomas Zucker-Scharff
I am afraid not.  I get to the point where I can actually load restore points.  The first restore point that displays works, but the infection must have already been there, because it is still there after the restore is complete.  When I display previous restore points, I can try to restore back to 11/11/14.  It starts to work, It starts with preparing, goes to initializing, then goes to restoring files, then crashes with rstrui.exe application error.  "The instruction at 0xfb1bca referenced memory at 0c062c50bc.  The memory could not be read.  Click OK to terminate."  I have tried this on several restore points.

Are there specific files I could try to delete using the command prompt?
Also, according to the instructions from the youtube video, when I try to open the 'hive' and I find the 'software' key, it tells me the file is in use.

This is a real bugger!!
Have you ruled out a fresh reinstall?  Better yet do you have either an image to re-image the computer or you could combine a fresh install with recovering using a versioning file backup tool (assuming you were using one - like crashplan - not dropbox).  Dropbox is not a backup, but if that is all you had contact them and they will restore your files from an older version, although it takes them longer.
That is the last thing I want to do.  It will take quite a while to get things back to where they were.  No more suggestions?  I do not have an image from the original install.
I don't have more suggestions at this point for your current dilemma.  I do suggesst you invest in versioning backup in the future.  Like I was saying, it is much easier to recover from this type of problem, when you can go back as many versions as you wish.  We have successfully done this using CrashplanPROe. and I have done the same using Crashplan home version.  Note that with a tool like crashplan you can do this for free as long as you don't use the CrashPlan server (cloud) as a backup destination.  You can even designate multiple other destinations.

Disclaimer:   I am not in any way affiliated with anything mentioned in this post - just a happy user.
Avatar of jhillbos

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Sorry to hear.  For our information - how much did it end up costing and did you get the decryption key?
I tried multiple suggestions.  I guess by the time I got to the PC, it was to late to go back.  Could not accomplish anything.  Could not revert back to system restore points at all.