Last night I found serious problem with my computer.
it's very harmful Trojan virus. I don't know even someone suffer with this, but finally I found the solution..
please read carefully and collect the information..
First you boot the com you cannot see anything.. just only Blank screen and you can see little dialog box write as " win32 guided tour application". You should click it and it open like this dialog box
when it appear and before you can't use even task manager.
it says like this things
"1. call one of the following numbers
for landline phones
00263778289408
002392216542
00261221000183
0037190100546
0025270701161
0088213090413
2. wait for the answer and write down your identification key
3.enter the identification key received by phone, click next to continue"
Don't do anything
if you need to boot your machine use this number 27496
but this Fu*king virus still alive on our Machine
Heres the steps what we should to do after got this matter
Trojan.Ransomware removal instructions:
1. Reboot your computer is "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode.
2. When Windows loads, the Windows command prompt will show up as show in the image below. At the command prompt, type "explorer", and press Enter. Windows Explorer opens.
3. Then open the Registry editor using the same Windows command prompt. Type "regedit"and press Enter. The Registry Editor opens.
4. Locate the following registry entries:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
In the righthand pane select the registry key named Shell. Right click on this registry key and choose "Modify"
Default value is Explorer.exe.
Modified value data points to Trojan.Ransomware executable file
If Trojan.Ransomware modified the Shell value data, please copy the location of the executable file it points to into Notepad and then change value data to Explorer.exe. Click OK to save your changes and exit the Registry editor.
If the default value data (Explorer.exe) wasn't modified, please locate the second registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
In the righthand pane select the randomly named registry key. In our case it was 22997148.
Copy the location of the executable file into Notepad and then delete the registry key. Right click on the registry key and choose Delete. Click Yes to confirm and exit the Registry editor.
5. Delete Trojan.Ransomware files. Use the file location you saved into Notepad or otherwise noted in step 4. In our case, Trojan.Ransomware resided in %UserProfile% directory. There was a randomly named folder 22997148.
Full path: C:\Documents and Settings\Michael\22997148\22997148.EXE
NOTE: %UserProfile% refers to:
C:\Documents and Settings\[UserName] (for Windows 2000/XP)
C:\Users\[UserName]\ (for Windows Vista & Windows 7)
6. Go back into "Normal Mode". Download free anti-malware software from the list below and run a full system scan.
Here it
Thats it... If not we have no any solution to do.. Just use the above number and open the system, get data what you need and format your machine..
Thanks for read this.. (This post not 4 Rep, Just only solve your problems)
If not really understand
source
it's very harmful Trojan virus. I don't know even someone suffer with this, but finally I found the solution..
please read carefully and collect the information..
First you boot the com you cannot see anything.. just only Blank screen and you can see little dialog box write as " win32 guided tour application". You should click it and it open like this dialog box
when it appear and before you can't use even task manager.
it says like this things
"1. call one of the following numbers
for landline phones
00263778289408
002392216542
00261221000183
0037190100546
0025270701161
0088213090413
2. wait for the answer and write down your identification key
3.enter the identification key received by phone, click next to continue"
Don't do anything
if you need to boot your machine use this number 27496
but this Fu*king virus still alive on our Machine
Heres the steps what we should to do after got this matter
Trojan.Ransomware removal instructions:
1. Reboot your computer is "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode.
2. When Windows loads, the Windows command prompt will show up as show in the image below. At the command prompt, type "explorer", and press Enter. Windows Explorer opens.
3. Then open the Registry editor using the same Windows command prompt. Type "regedit"and press Enter. The Registry Editor opens.
4. Locate the following registry entries:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
In the righthand pane select the registry key named Shell. Right click on this registry key and choose "Modify"
Default value is Explorer.exe.
Modified value data points to Trojan.Ransomware executable file
If Trojan.Ransomware modified the Shell value data, please copy the location of the executable file it points to into Notepad and then change value data to Explorer.exe. Click OK to save your changes and exit the Registry editor.
If the default value data (Explorer.exe) wasn't modified, please locate the second registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
In the righthand pane select the randomly named registry key. In our case it was 22997148.
Copy the location of the executable file into Notepad and then delete the registry key. Right click on the registry key and choose Delete. Click Yes to confirm and exit the Registry editor.
5. Delete Trojan.Ransomware files. Use the file location you saved into Notepad or otherwise noted in step 4. In our case, Trojan.Ransomware resided in %UserProfile% directory. There was a randomly named folder 22997148.
Full path: C:\Documents and Settings\Michael\22997148\22997148.EXE
NOTE: %UserProfile% refers to:
C:\Documents and Settings\[UserName] (for Windows 2000/XP)
C:\Users\[UserName]\ (for Windows Vista & Windows 7)
6. Go back into "Normal Mode". Download free anti-malware software from the list below and run a full system scan.
Here it
Thats it... If not we have no any solution to do.. Just use the above number and open the system, get data what you need and format your machine..
Thanks for read this.. (This post not 4 Rep, Just only solve your problems)
If not really understand
source
