Solved

get rid of ICE Cyber Locker Windows 7

Posted on 2014-11-19
10
131 Views
Last Modified: 2014-11-29
I have been infected with the ICE cyber crime center malware.
I am running Windows 7 Pro 64 bit
I am unable to get into safe mode
I downloaded Bleeping computer's Hitmanpro, created a boot USB drive, but when I boot from it, I can never get to the point where hitmanpro  will run.
I cannot go back to a restore point (because I cannot get to c:\windows\system32\rstrui.exe before ICE Cyber runs again on me.

I have been working on this for 4 hours.  Can someone help me please!!
Feel free to ask any questions you need for clarification.
0
Comment
Question by:jhillbos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 

Author Comment

by:jhillbos
ID: 40452908
As to hitmanpro, when I boot from the USB drive, I select option #1 'Bypass master boot record'.
Windows runs, I login, and hitmanpro does not run, but ICE Cyber locker does and hangs me up
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 40452925
0
 

Author Comment

by:jhillbos
ID: 40453020
I am afraid not.  I get to the point where I can actually load restore points.  The first restore point that displays works, but the infection must have already been there, because it is still there after the restore is complete.  When I display previous restore points, I can try to restore back to 11/11/14.  It starts to work, It starts with preparing, goes to initializing, then goes to restoring files, then crashes with rstrui.exe application error.  "The instruction at 0xfb1bca referenced memory at 0c062c50bc.  The memory could not be read.  Click OK to terminate."  I have tried this on several restore points.

Are there specific files I could try to delete using the command prompt?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:jhillbos
ID: 40453073
Also, according to the instructions from the youtube video, when I try to open the 'hive' and I find the 'software' key, it tells me the file is in use.

This is a real bugger!!
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 40453106
Have you ruled out a fresh reinstall?  Better yet do you have either an image to re-image the computer or you could combine a fresh install with recovering using a versioning file backup tool (assuming you were using one - like crashplan - not dropbox).  Dropbox is not a backup, but if that is all you had contact them and they will restore your files from an older version, although it takes them longer.
0
 

Author Comment

by:jhillbos
ID: 40453117
That is the last thing I want to do.  It will take quite a while to get things back to where they were.  No more suggestions?  I do not have an image from the original install.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 40453152
I don't have more suggestions at this point for your current dilemma.  I do suggesst you invest in versioning backup in the future.  Like I was saying, it is much easier to recover from this type of problem, when you can go back as many versions as you wish.  We have successfully done this using CrashplanPROe. and I have done the same using Crashplan home version.  Note that with a tool like crashplan you can do this for free as long as you don't use the CrashPlan server (cloud) as a backup destination.  You can even designate multiple other destinations.

www.crashplan.com

Disclaimer:   I am not in any way affiliated with anything mentioned in this post - just a happy user.
0
 

Accepted Solution

by:
jhillbos earned 0 total points
ID: 40462338
We paid them
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 40462385
Sorry to hear.  For our information - how much did it end up costing and did you get the decryption key?
0
 

Author Closing Comment

by:jhillbos
ID: 40471444
I tried multiple suggestions.  I guess by the time I got to the PC, it was to late to go back.  Could not accomplish anything.  Could not revert back to system restore points at all.
0

Featured Post

SendBlaster Pro 4 - Bulk Email Sending Software

SendBlaster 4 Pro - Best Bulk Emailing Sending Software
Automatic Subscribe / Unsubscribe Processing
Great for Newsletters & Mass Mailings
Optional HTML & Text Composition
Integration with Google Features
Built in Spam Score Checking
Free Professional Templates - Feature Packed!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question