Met Police Scam

[Lona]

My hubby got the Met Police scam on his laptop (Samsung R720) and I tried to get rid by doing a system restore. 

That didn't work so I then ran Samsung repair and it made things worse.

When PC boots up it goes right to the command prompt saying windows\system32>. I can type in there but don't know what to type.  When I do ctrl alt delete it doesn't come up right but I can close down PC from there.

I ran Kapersky boot disc and it found loads of viruses but when I rebooted I can still only get to the command prompt.

I've ran out of ideas.

[Steve]

No use to you, as I don't use windows however it may help if someone knows the OS as it may possible to 'repair'.

[Gary]

This may help sounds similar. http://www.tomshardware.com/answers/id-1674756/cmd-prompt-appears-booting-windows-hitmanpro-remove-trojan.html

[Steve]

Thanks Gary, it does appear that there is a possible solution further down that page.

[Glenn]

Take a look at http://www.idnetters.co.uk/forums/index.php/topic,29707.msg694722.html#msg694722

[Simon]

That's a link to this thread, Glenn.  I think she's already looked here. 

[Glenn]

No it's not (on my PC at least) this is the link to this thread http://www.idnetters.co.uk/forums/index.php/topic,31274.msg716985.html#msg716985

[Simon]

It's coming back to this thread on my iPhone.   

[Lona]

This may help sounds similar. http://www.tomshardware.com/answers/id-1674756/cmd-prompt-appears-booting-windows-hitmanpro-remove-trojan.html

I can get into the registry using the Kapersky boot disc and when I go down to software/Microsoft there is another folder there called mircosoft. Looking in that there is windows\current version\ policies\ext\CLSID. I wonder is this valid registry entry?

Also under winlogon I have GPE Extensions and there's nineteen entries which I can't make head of tail of

[Simon]

Can you get into Safe Mode, Lona?

[Lona]

Can you get into Safe Mode, Lona?

Doesn't matter whither I choose safemode or safemode with networking I still boot in to the cmd screen C:\windows\system32

[Simon]

There was a thing Sandra was always on about, called 'fixmbr'.  I don't know if this will help, but might be worth a read:

http://www.sevenforums.com/general-discussion/17521-how-fix-mbr-through-command-prompt.html

[Lona]

I tried that Simon and it said Access denied as you do not have sufficient privileges. You have to invoke this utility running in elevated mode. What the hell is elevated mode? lol

[Glenn]

Right click on the cmd prompt icon and select 'Run as administrator'

[cavillas]

I did find this and it might help,
To solve the boot issue:1.Put the Windows  installation disc in the disc drive, and then start the computer.
2.Press a key when you are prompted. 
3.Select a language, a time, a currency, and a keyboard or another input method, and then click Next .
4.Click Repair your computer .
5.Click the operating system that you want to repair, and then click Next . 
6.In the System Recovery Options dialog box, click Command Prompt .
7.Type Bootrec /RebuildBcd, and then press ENTER. •If the Bootrec.exe tool runs successfully, it presents you with an installation path of a Windows directory. To add the entry to the BCD store, type Yes. A confirmation message appears that indicates the entry was added successfully.
•If the Bootrec.exe tool cannot locate any missing Windows installations, you must remove the BCD store, and then you must re-create it. To do this, type the following commands in the order in which they are presented. Press ENTER after each command.


Bcdedit /export C:\BCD_Backup

ren c:\boot\bcd bcd.old

Bootrec /rebuildbcd
1.Restart the computer.
Good Luck

[Lona]

Sorry Alf none of that worked

I got as far as Bcdedit /export C:\BCD_Backup but after that it couldn't find anything

[Simon]

Looks like your options may be narrowing towards a full Windows Recovery, Lona. 

[Lona]

Looks like your options may be narrowing towards a full Windows Recovery, Lona. 

I know but Hubby didn't backup any of his files. I can't get into his network from mine as his connection is gone. I think I might try ethernet to ethernet between the two pcs to see if I can get into his files.

[Simon]

Don't take my word for it, but I thought a Windows Recovery didn't affect your files - it's basically an overlay install, replacing missing bits and repairing problems.  But do hold on for further advice on that, as I'm not certain. 

[Glenn]

Download and burn a copy of Hirens 15.2. Boot from it and select Mini XP, once that loads you will have access to the hdu to copy off the files to a flash drive or external HDU.

[Steve]

I wonder as I'm using a Mac that it's taken a fair bit of time to find a download link for Hirens, certainly it's pretty comprehensive.

[Simon]

http://www.hiren.info/pages/bootcd

[Steve]

There's no download link there for me!

[Simon]

Now you come to mention it, I can't see a link either.  Maybe it's hidden unless you're using Windows? 

[Clive]

Forgive me for asking Lona, but what is this Met Police scam you've been infected with and how did you acquire it?  I'm just surprised that anything got underneath your radar.  I've just had a very clever e-mail purporting to be from my credit card company and received on the exact date I would expect to be told my bill is ready to be viewed online.  It said there was an urgent message for me and the click the link to receive the informations.  The logo was spot on but the "informations" triggered an instant alarm bell.  I used my usual link access the account and, unsurprisingly, there was no message for me.