ElaKiri Community
Downloads
Go Back   ElaKiri Community > General > ElaKiri Talk!
Reload this Page Beware This Trojan Virus!!
Reply
 
Thread Tools
(#1)
Old
sanjeewawga's Avatar
sanjeewawga sanjeewawga is offline
Senior Member
sanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of light
 
Posts: 2,551
Join Date: Dec 2008
Send a message via Skype™ to sanjeewawga
Beware This Trojan Virus!! - 04-28-2011, 11:49 AM

Last night I found serious problem with my computer.
it's very harmful Trojan virus. I don't know even someone suffer with this, but finally I found the solution..
please read carefully and collect the information..

First you boot the com you cannot see anything.. just only Blank screen and you can see little dialog box write as " win32 guided tour application". You should click it and it open like this dialog box
Systempluginataddress0x00874324.jpg

when it appear and before you can't use even task manager.
it says like this things

"1. call one of the following numbers
for landline phones
00263778289408
002392216542
00261221000183
0037190100546
0025270701161
0088213090413

2. wait for the answer and write down your identification key
3.enter the identification key received by phone, click next to continue"

Don't do anything
if you need to boot your machine use this number 27496

but this Fu*king virus still alive on our Machine

Heres the steps what we should to do after got this matter

Trojan.Ransomware removal instructions:

1. Reboot your computer is "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode.

2. When Windows loads, the Windows command prompt will show up as show in the image below. At the command prompt, type "explorer", and press Enter. Windows Explorer opens.

3. Then open the Registry editor using the same Windows command prompt. Type "regedit"and press Enter. The Registry Editor opens.

4. Locate the following registry entries:

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"

In the righthand pane select the registry key named Shell. Right click on this registry key and choose "Modify"
Default value is Explorer.exe.
Modified value data points to Trojan.Ransomware executable file

If Trojan.Ransomware modified the Shell value data, please copy the location of the executable file it points to into Notepad and then change value data to Explorer.exe. Click OK to save your changes and exit the Registry editor.

If the default value data (Explorer.exe) wasn't modified, please locate the second registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run

In the righthand pane select the randomly named registry key. In our case it was 22997148.
Copy the location of the executable file into Notepad and then delete the registry key. Right click on the registry key and choose Delete. Click Yes to confirm and exit the Registry editor.

5. Delete Trojan.Ransomware files. Use the file location you saved into Notepad or otherwise noted in step 4. In our case, Trojan.Ransomware resided in %UserProfile% directory. There was a randomly named folder 22997148.

Full path: C:\Documents and Settings\Michael\22997148\22997148.EXE

NOTE: %UserProfile% refers to:
C:\Documents and Settings\[UserName] (for Windows 2000/XP)
C:\Users\[UserName]\ (for Windows Vista & Windows 7)

6. Go back into "Normal Mode". Download free anti-malware software from the list below and run a full system scan.

Here it

Thats it... If not we have no any solution to do.. Just use the above number and open the system, get data what you need and format your machine..

Thanks for read this.. (This post not 4 Rep, Just only solve your problems)


If not really understand

source
Reply With Quote
(#2)
Old
Lalakajee's Avatar
Lalakajee Lalakajee is offline
Senior Member
Lalakajee is a glorious beacon of lightLalakajee is a glorious beacon of lightLalakajee is a glorious beacon of lightLalakajee is a glorious beacon of lightLalakajee is a glorious beacon of lightLalakajee is a glorious beacon of lightLalakajee is a glorious beacon of lightLalakajee is a glorious beacon of lightLalakajee is a glorious beacon of lightLalakajee is a glorious beacon of lightLalakajee is a glorious beacon of light
 
Posts: 3,654
Join Date: Jun 2007
Location: In my own heart
04-28-2011, 11:52 AM

Reply With Quote
(#3)
Old
yaan's Avatar
yaan yaan is offline
Senior Member
yaan is just really niceyaan is just really niceyaan is just really niceyaan is just really niceyaan is just really niceyaan is just really niceyaan is just really niceyaan is just really niceyaan is just really niceyaan is just really nice
 
Posts: 1,219
Join Date: Jun 2007
Location: Dehiwala
04-28-2011, 12:25 PM

thnks machan!!!
Reply With Quote
(#4)
Old
Malinga's Avatar
Malinga Malinga is offline
Senior Member
Malinga is a name known to allMalinga is a name known to allMalinga is a name known to allMalinga is a name known to allMalinga is a name known to allMalinga is a name known to allMalinga is a name known to allMalinga is a name known to allMalinga is a name known to allMalinga is a name known to allMalinga is a name known to all
 
Posts: 61,234
Join Date: Jul 2006
04-28-2011, 12:42 PM

oya vage godak adware ganaye hanikara vadasatahan enava api nodanuvathvama click karana link ho daana software vage eevalin. bohoma sthuthi danuvath kalaata kattiyava. Combofix kiyana software eken samaharavita ooka ain karaganna puluvan vai.
Reply With Quote
(#5)
Old
Po Di-Al's Avatar
Po Di-Al Po Di-Al is offline
Senior Member
Po Di-Al is a glorious beacon of lightPo Di-Al is a glorious beacon of lightPo Di-Al is a glorious beacon of lightPo Di-Al is a glorious beacon of lightPo Di-Al is a glorious beacon of lightPo Di-Al is a glorious beacon of lightPo Di-Al is a glorious beacon of lightPo Di-Al is a glorious beacon of lightPo Di-Al is a glorious beacon of lightPo Di-Al is a glorious beacon of lightPo Di-Al is a glorious beacon of light
 
Posts: 19,348
Join Date: Jun 2009
Location: TheWetDreamZ.Blogspot.Com
Send a message via Skype™ to Po Di-Al
04-28-2011, 12:53 PM

එල එල ...thanx for the info
Reply With Quote
(#6)
Old
Ereshaz77's Avatar
Ereshaz77 Ereshaz77 is offline
Senior Member
Ereshaz77 has much to be proud ofEreshaz77 has much to be proud ofEreshaz77 has much to be proud ofEreshaz77 has much to be proud ofEreshaz77 has much to be proud ofEreshaz77 has much to be proud ofEreshaz77 has much to be proud ofEreshaz77 has much to be proud ofEreshaz77 has much to be proud ofEreshaz77 has much to be proud ofEreshaz77 has much to be proud of
 
Posts: 56,821
Join Date: Apr 2010
Location: Sri Lanka
04-28-2011, 01:10 PM

Oh..
Reply With Quote
(#7)
Old
abhirup780 abhirup780 is offline
Junior Member
abhirup780 is an unknown quantity at this point
 
Posts: 1
Join Date: May 2011
05-16-2011, 12:19 PM

Even Command Prompt didn't open in my case....
I had to format....
Reply With Quote
(#8)
Old
argan's Avatar
argan argan is offline
Senior Member
argan is a splendid one to beholdargan is a splendid one to beholdargan is a splendid one to beholdargan is a splendid one to beholdargan is a splendid one to beholdargan is a splendid one to beholdargan is a splendid one to beholdargan is a splendid one to beholdargan is a splendid one to beholdargan is a splendid one to beholdargan is a splendid one to behold
 
Posts: 15,785
Join Date: Jul 2007
Location: <<< Benthara Gangen Eha >>>
Send a message via Skype™ to argan
05-16-2011, 12:22 PM

Reply With Quote
(#9)
Old
sanjeewawga's Avatar
sanjeewawga sanjeewawga is offline
Senior Member
sanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of lightsanjeewawga is a glorious beacon of light
 
Posts: 2,551
Join Date: Dec 2008
Send a message via Skype™ to sanjeewawga
05-17-2011, 06:55 AM

Quote:
Originally Posted by abhirup780 View Post
Even Command Prompt didn't open in my case....
I had to format....
Appa ehemada?? Ubatath badu hmba unada?? ara mama dunna number eka dala open karala ona tika araganin
Reply With Quote
Reply

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Copyright © 2006 - 2011 ElaKiri™ Beta2.Evo vBulletin, vBa iBproArcade Subdreamer I-Magic MKv

Page generated in 0.02950 seconds with 9 queries