New 'Hi-Jack' not detected by Avast or Rescue Disk

Hi, We have a couple computers hat got hijacked yesterday. They boot directly into a locked up screen. Spent 9+ hours downloading a Rescue Disk. Ran scan 3 times and it found nothing on either computer. We called Avast support, and they hung up on our IT dept. Any idea’s?

Hi there what windows version is on these computers (also 32 or 64bit)

Do you have a windows CD of the right type that we can utilise to access the recovery console

Thanks for the reply. All infected computers are 32 bit XP. Thinking it might be Malware since Avast doesn’t detect it. Anyway, both computers boot into a moneygram screen. I downloaded FRST, but haven’t found PE Boot CD yet.

OK you can get OTLPE, this will set it up on a USB drive or would you prefer CD

Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly

https://dl.dropbox.com/u/73555776/peazip.jpg

Download the following files to the desktop … Right click the links and select save as…then select desktop

Rufus

OTLPE_standard

Right click OTLPE on your desktop and select …Open as archive

https://dl.dropbox.com/u/73555776/Unzup%20archive.png

Select OTLPE standard

https://dl.dropbox.com/u/73555776/select%20archive.PNG

Click Extract, ensure that desktop is selected

https://dl.dropbox.com/u/73555776/extract%20archive.PNG

Insert the USB stick Then run Rufus

https://dl.dropbox.com/u/73555776/rufus.JPG

Select the ISO file on the desktop via the ISO icon.

Press Start Burn

https://dl.dropbox.com/u/73555776/RufusISO.JPG

Once the USB has burnt then

[*]Download Farbar Recovery Scan Tool and save it to the flash drive.

[*]Reboot your system using the boot USB you just created.
Note : If you do not know how to set your computer to boot from USB follow the steps here
[]As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :slight_smile:
[
]Your system should now display a Reatogo desktop.
[]Locate the flash drive and run FSRT
[
]The tool will start to run.

http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/FRST2.gif

[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Thanks Essexboy, I got OTLPENE burnt to a CD and ran Farbar. Found a couple programs that where installed by an employee and forwarded to another. Anyway, Files deleted, computers fixed, network back up, and last but not least, employee sacked in the morning and security clearance revoked. Thanks again for your help!

RedDeere

As a thought you may want to look at this small registry fix/programme to stop unwanted programmes running from temporary locations

http://www.foolishit.com/vb6-projects/cryptoprevent/