Comments on: New type of Ransomware using user32.dll https://www.411-spyware.com/new-type-of-ransomware-using-user32-dll 411-spyware.com - Get the 411 on Spyware Wed, 14 Feb 2024 20:29:25 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Dani https://www.411-spyware.com/new-type-of-ransomware-using-user32-dll#comment-15411 Dani Thu, 07 Aug 2014 17:04:18 +0000 http://www.411-spyware.com/?p=32931#comment-15411 The first instruction set worked for me and properly replaced user32.dll. Although after scannow completed and rebooted, the computer also did chkdsk and I allowed the full run of that as well. However, the virus prevented me from opening a cmd box so first steps must be taken around that. The most important step is to disconnect the computer from the internet. Mine was connected via ethernet so I could just unplug it. The virus establishes contact with a server and then takes over the screen with its image. I also deleted netadapt, netar and netflt drivers from the system32/drivers/etc folder. I find that when I disconnect the internet and delete these drivers the virus does not take over the screen and even allows the running of programs. But it is still operational and blocks task manager amongst other things. However, this way I could run the cmd prompt and get rid of the corrupt user32.dll The first instruction set worked for me and properly replaced user32.dll. Although after scannow completed and rebooted, the computer also did chkdsk and I allowed the full run of that as well.

However, the virus prevented me from opening a cmd box so first steps must be taken around that. The most important step is to disconnect the computer from the internet. Mine was connected via ethernet so I could just unplug it. The virus establishes contact with a server and then takes over the screen with its image. I also deleted netadapt, netar and netflt drivers from the system32/drivers/etc folder. I find that when I disconnect the internet and delete these drivers the virus does not take over the screen and even allows the running of programs. But it is still operational and blocks task manager amongst other things. However, this way I could run the cmd prompt and get rid of the corrupt user32.dll

]]> By: Behnam Araz https://www.411-spyware.com/new-type-of-ransomware-using-user32-dll#comment-15391 Behnam Araz Wed, 06 Aug 2014 11:40:16 +0000 http://www.411-spyware.com/?p=32931#comment-15391 Hi, i had this problem too. i used a bootable CD like "Hiren Boot CD" with MiniXP and i did run "HitmanPro" program. it will scan your machine and replace user32.dll with original one automatically. I hope it was useful for you Hi, i had this problem too. i used a bootable CD like "Hiren Boot CD" with MiniXP and i did run "HitmanPro" program. it will scan your machine and replace user32.dll with original one automatically.
I hope it was useful for you

]]> By: Mike https://www.411-spyware.com/new-type-of-ransomware-using-user32-dll#comment-14981 Mike Wed, 02 Jul 2014 05:44:08 +0000 http://www.411-spyware.com/?p=32931#comment-14981 I am having this problem right now. The machine is unable to boot properly into safe mode, and also there is no backup copy of user32.dll in the Winsxs folder. I tried loading a copy of the file from a Windows CD, but that hasn't worked (machine won't even boot following this step). Any suggestions would be greatly appreciated. I am wondering if there is any software that can actually 'clean' the infected file, since this machine won't run properly without it. Thanks. I am having this problem right now. The machine is unable to boot properly into safe mode, and also there is no backup copy of user32.dll in the Winsxs folder. I tried loading a copy of the file from a Windows CD, but that hasn't worked (machine won't even boot following this step). Any suggestions would be greatly appreciated. I am wondering if there is any software that can actually 'clean' the infected file, since this machine won't run properly without it. Thanks.

]]>