"interpol" startup hijacking virus. I cant get rid of it.

[gargus]

My neighbor called me and asked me to look at some virus.

When the pc boots up you get desktop for like 1 second then a big full frame page comes up saying the Interpol has locked this pc because of porn and wants money.

Ive restarted the PC in safe mode and it just reboots before desktop comes up. So I cant even get in using safe mode.

When I try to alt+ctrl+del the window comes up and I select task manager and the window never comes up.

I cant alt+tab out of it.

I have 0 access to the desktop while the image is up. No start button, no tray, no nothing.

Ive been googling the problem and every damn result I find wants me to download and run a fixing problem. Well the fixing program finds a ton of problems but wants me to pay to clean them.

He is running windows 7 in 32bit.

 

[tigerg]

You can try booting with a live CD and running AV to see if you can remove it.

However, whenever I see something like this on any computers I service, I just wipe the system and start over. The ransomware you have is getting more and more sophisticated. You will never know if an AV program will completely remove the virus. It's safer to just reinstall windows fresh with a drive format. A live CD option will also allow you to copy any pictures/music off the system if you really want to do that.

 

[XiRw]

1.) You can boot into safe mode and remove it by starting a scan. If you cannot get into safe mode then try this.

On your computer download this:

http/www.pendrivelinux.com/downloads/Universal-USB-Installer/Universal-USB-Installer-1.9.3.7.exe

When you save that to your computer click on it and when you get to the drop down menu scroll all the way to the bottom until you see Kaspersky Rescue Disc
Click on it.

Tick the option that says download the ISO.
(This will work with any external HDD or flash drive)
Once the iso is downloaded click browse then find where you downloaded it.

Finally, select the USB drive you would like to create your bootable ISO the hit 'create'

Now that you have your usb, you can use that for his computer. The next step is to boot into his BIOS. Depending on what motherboard he has it will be a different button to boot into the BIOS. Try any one of these:
F1
F2
DEL
ESC
F10
Once you are in, locate the boot order for your computer. You will need to set the USB as #1. Then restart and the AV program should do it's job.

 

[James Todd]

A client of mine streamed movies from a “free” site, but boy did he pay.
His computer was hijacked just as mentioned in this article.
However, I could not get past it using safe mode, as mentioned above, and finally had to remove the drive and hook it to my utility desktop as a slave to clean it. I hooked it directly in a desktop. Not sure if a USB connection would accomplish the same thing.
Malwarebytes was used first and removed the virus. Please note that you will likely need to use “Perform Full Scan” for this to be effective.
I then put the drive back in the computer and started it in safe mode. It was cleaned then with Vipre Rescue which removed further virus locations.
After that typical temporary file clean up and registry optimizing with CCleaner and it was good to go.
I have used this 1, 2, 3 solution many times will consistently good results.
These 3 programs in their free formats have solved a lot of problems for me over the years.