Symptoms- Your PC turns off unexpectedly.
- When it restarts, you are presented with a black screen with a minimized window.
- If you open that window, wou will see a (false) system message associated with the code 0x00874324 ("System Plugin At Address 0x00874324 Got Critical Error Plese Follow These Steps To Deactivate It"), a series of telephone numbers and a place to write an unlock key. Please do not call any of that numbers and calm down!
Instructions
- Restart your PC and DO NOT maximize that activation screen. Let it minimized.
- Press Ctrl+Alt+Del repeatedly until you get a Task Manager window (maybe behind the blue screen).
- Finish a "svchost.exe" process which has a strange description (only that one!!!).
- From the Task manager, execute "explorer". Windows will now open.
- Then restore your system to two days before.
- Solved!
This is a "Ransom Trojan" virus.
More information:
27 comentaris:
Hi. I can't do ctrl alt del! how i remove this virus? please... i can't find an activation code (i searchd for the web for an answer for this virus and i didn't found anything!)... actually i found a code with 7 digits, but this ask for 5...
The problem is that I can't access the task manager. The task manager is hidden behind the activation screen and it's impossible to minimize it. I have already tried "alt space m" and
"alt space d"
Next time don't maximize the activation screen, that's all!
Hey, I tried that and its kinda tricky to get to the task manager I hit the button on my hard drive and it eventually gets me to a blue screen and sometimes an ending task comes up giving me the opportunity of cancelling and be able to use the task manager and I've tried ending the program you said but somehow there are like four of them and also I would end a program and it would automatically make my computer shut down, I tried a few times and I was trying to find system restore through task manager, didn't find...can you help?
Dear k2856,
Don't shut down any svchost; only the one that has the strangest description at the right column. Come back and tell me!
I can't do ctrl alt del! the task manager appears so quickly... so i can't delete the virus and turn on my computer... there is a trick to show the task manager? how can i do that
1. You are with the black screen and the error screen is still minimized.
2. Press Ctrl+Alt+Del and this screen will appear (http://tinyurl.com/6gf3hrm).
3. Continue pressing Ctrl+Alt+Del, 8 o 9 times, slowly or rapidly, just try it. There will be no changes on your screen.
4. Then press "Cancel", and I hope you have the Task Manager behind.
Tell me if I'm right!
i have the same problem with my windows xp and tried a lot just to have the task manager and still it's so fast and it's like a blink to have so i can't end up this svchost.exe please help me.. and i think this virus was new//
1. You are with the black screen and the error screen is still minimized.
2. Press Ctrl+Alt+Del and this screen will appear (http://tinyurl.com/6gf3hrm).
3. Continue pressing Ctrl+Alt+Del, 8 o 9 times, slowly or rapidly, just try it. There will be no changes on your screen.
4. Then press "Cancel", and I hope you have the Task Manager behind.
Tell me if I'm right! => you are wrong!
I follow al your step but can not fix it. press "Cancel", buthave no Task Manager behind. spent 1 hour for ctr+alt+del 8~9 time for each, i guess at least 100 time attemp
pls make a instructional video and send to chakrimella@gmail or keep mit in youtube plsssssss
Hi thanks for your useful information.
But I Tried many times for ctrl+alt+del, more than 10 times, each time the task manager close very soon. Even I pressed the cancel, I
The task manager didnt show up.
I am using windows 7.
It happened to me a day and a half ago. I'm not sure about the specific instructions because I did it only one time (following written instructions from a friend of my flatmate). I cannot make a video: first, because I will not risk myself installing once more the virus and, second, because you simply cannot run Windows when you have the virus. I could solve it following this steps (in Windows Vista), I'm sorry.
no consigo ni arrancar en modo seguro, no consigo llegar al administrador de tareas, ya no se que hacer ni minimiza estoy totalmente bloqueado se te ocurre algo que pueda hacer
saludos y gracias por adelantado
Marjo,
No te va a dejar arrancar en modo seguro (eso fue, de hecho, lo primero que intenté yo). Ni tampoco sirve de nada que arranques el ordenador con "la última configuración buena conocida". Si lo arrancas normalmente y no tocas nada, tienes la pantalla casi toda negra con únicamente el aviso del error minimizado, en la parte inferior-izquierda, ¿verdad? No la maximices, y ve tocando repetidamente Ctrl+Alt+Supr, cuantas veces quieras, más lento o más rápido, ve probando. Entonces, si la primera vez que lo apretaste te sale la pantalla azul esta (http://tinyurl.com/6gf3hrm), dale a "Cancelar" y abajo te habrá aparecido algun Administrador de tareas que funcione.
Dale a cerrar un proceso "svchost.exe" que tenga una descripciónmuy rara (sólo ese!). Dale a ejectutar "explorer". Vete a Herramientas del sistema y restaura el sistema a hace un par de días.
Pásate y cuéntame si te ha ido bien.
lo siento llevo xp
saludos
¿Y en el XP te es imposible seguir más o menos estos pasos? Pues sí que cambia el panorama... Bueno, no te desesperes y ya sabes que, como mucho, puedes irte a un informático, que te copie en un disco externo todo lo que tenías en tu disco duro, y que, finalmente, ya que lo estará utilizando como disco esclavo, que te limpie el virus.
Ok well I got back to task manager, woot! But I didn't see the svchost.exe with weird description so I guess last time I had ended it because I was ending all of the tasks saying that, anyways...I then put execute and my computer was back to normal! And on my last comment I didn't mean hardrive I meant...desktop...ok nevermind I was restoring my computer and its back on the same screen?
WHAT? You have restored your system to a date before having the virus and still have problems?
Yo tambien estoy trabajando con WIndows XP y el aviso del error nunca aparece minimizado sino todo lo contrario y por ello no puedo acceder al administrador de tareas. ¿Hay alguna otra forma de hacerlo? ¿Hay algún código que sepais que funcione?
Gracias
Gracias por la aclaración, Juan. Ahora que nos dices que en el XP el error siempre aparece maximizado lo entiendo todo... :(
¿Qué pasa si tocas Alt+F4? ¿Y F1? ¿Y la tecla de Windows? ¿Y Ctrl+Shift+Escape?
Prueba a hacer algo de lo que dicen aquí: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Blocker-D/detailed-analysis.aspx
Al final he podido encontrar unos números de activación.
Para los de 7 casillas : 1351236
Para los de 5 casillas : 27496
A mí me ha funcionado con este último.
Espero que puedan ser también válidos para otros usuarios.
¿¿¿Has podido meter cinco veces 27496 y te ha desaparecido el pantallazo??? ¡¡¡Impresionante!!!
No, en cada casilla un único número.
Unfortunetely, your solution didn't work for me, but thanks for bringing this to our attention. 27496 is the key that worked for me. I found it on this blog: http://deletemalware.blogspot.com/2011/04/system-plugin-at-address-0x00874324-got.htmlt
I'm just wondering, is it still hiding on my system somewhere?
I hope this helps. Cheers!
This is very probable! Restore your system and make a whole antivirus scan! ;)
Already doing this ;) I have Avast virus protection, but well.. what can I say... it didn't protect my PC in the first place. Maybe I should switch to something else. ebrenc, thanks again and keep up the good work!
A mí también me ha funcionado lo de los números 27496. Ahora desde dentro de Windows toca limpiar bien o, como mucho, salvar todo lo que se pueda. Muchísimas gracias. Gracias a este blog he conseguido entrar.
Publica un comentari a l'entrada