Solved Your computer is locked. Metropolitan police

There should be another name after Trojan agent.gen like Kazy. It's needed to determine what extra steps must be run. Look in the MB log or History. Then Google it to see.

Does Malwarebytes find anything on its second run? Keep running it until it cleans everything it finds.

After that install and run a full scan with SuperAntiSpyware.

If these show clean then run SFC -SCANNOW Command to repair System files.


Greg ur saying mc afee is crap?
I thought it was the best anti virus ever.

Well it let phony Metropolitan cops into your PC.

It also causes many problems here which we resolve by removing it.

It is the worst AV of all, absolute crapware. Replace it with MSE.
 
Im home now. Il try these new steps.
I didnt install mc afee forgot to put any anti virus on. Was told windows firewall was safe enough ;(
Will keep u all updated
 

My Computer My Computer

At a glance

windows 7 64Intel Core i7 2670QM @2.20GHzDDR3 8192 MBytesGeForce GTX 560M
Computer Manufacturer/Model Number
Alienware / M18XR1 CPU1
OS
windows 7 64
CPU
Intel Core i7 2670QM @2.20GHz
Motherboard
Alienware M18xR1
Memory
DDR3 8192 MBytes
Graphics Card(s)
GeForce GTX 560M
Sound Card
IDT High Def Audio CODEC
Monitor(s) Displays
Generic PnP Monitor
Screen Resolution
1920 x 1080 @60Hz
Hard Drives
699GB Seagate ST9750420AS
It says i cnt run windows defender in safe mode.
SIr george
Ive tried that solution u said but it dnt pin point where the trojon is
I tried looking at the shell file it just says explorer.exe
Cnt see where it is.

Also tried running windows defender on my user account on laptop but as i just go to open it the pc lockup appears.

Cnt get mc afee loaded up either

Matt ;(

The link I provided has an update at the bottom. This is the update information;

"I fixed this by the following:"

As well as starting explorer and regedit at the command line also start msconfig. Select the Startup tab. It can be difficult to spot although it stuck out for me as having an absurd name, there can be more than one entry. I think the best way is to look in the location column for any entry ending with something like a string of random letters/numbers.exe, mine also had a comma with a few letters after it as well to try to confuse me. Also look for any startup item with something similar in the 'Startup Item' column. Unticking these entries and applying should prevent it starting, and the entry should reveal the path to the .exe file which you can find and delete. Be warned you can stop important programs starting up, although they try to confuse you, mine was tagged as being from the IBM corporation!

You can't just delete startup entries from msconfig. You have to use regedit. In regedit I found the offending entries here:

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ MSConfig \ startupfolder

but they might also be here:

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ MSConfig \ startupreg​



hi just looking in these steps i see a suspect pzhbzllojhjqig in c:programdata\pzhbzllo.exe. location HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN ??????

also found pzhbzllojhjqig in HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ MSConfig \ startupreg.

think i should delete that thing????
matt
 

My Computer My Computer

At a glance

windows 7 64Intel Core i7 2670QM @2.20GHzDDR3 8192 MBytesGeForce GTX 560M
Computer Manufacturer/Model Number
Alienware / M18XR1 CPU1
OS
windows 7 64
CPU
Intel Core i7 2670QM @2.20GHz
Motherboard
Alienware M18xR1
Memory
DDR3 8192 MBytes
Graphics Card(s)
GeForce GTX 560M
Sound Card
IDT High Def Audio CODEC
Monitor(s) Displays
Generic PnP Monitor
Screen Resolution
1920 x 1080 @60Hz
Hard Drives
699GB Seagate ST9750420AS
yesssss success im back its gone :)
i deleted the suspect :)
 

My Computer My Computer

At a glance

windows 7 64Intel Core i7 2670QM @2.20GHzDDR3 8192 MBytesGeForce GTX 560M
Computer Manufacturer/Model Number
Alienware / M18XR1 CPU1
OS
windows 7 64
CPU
Intel Core i7 2670QM @2.20GHz
Motherboard
Alienware M18xR1
Memory
DDR3 8192 MBytes
Graphics Card(s)
GeForce GTX 560M
Sound Card
IDT High Def Audio CODEC
Monitor(s) Displays
Generic PnP Monitor
Screen Resolution
1920 x 1080 @60Hz
Hard Drives
699GB Seagate ST9750420AS
massive thanx to all the help.
im installing windows defender now , and microsoft sercurity essentails

Matt
 

My Computer My Computer

At a glance

windows 7 64Intel Core i7 2670QM @2.20GHzDDR3 8192 MBytesGeForce GTX 560M
Computer Manufacturer/Model Number
Alienware / M18XR1 CPU1
OS
windows 7 64
CPU
Intel Core i7 2670QM @2.20GHz
Motherboard
Alienware M18xR1
Memory
DDR3 8192 MBytes
Graphics Card(s)
GeForce GTX 560M
Sound Card
IDT High Def Audio CODEC
Monitor(s) Displays
Generic PnP Monitor
Screen Resolution
1920 x 1080 @60Hz
Hard Drives
699GB Seagate ST9750420AS
is it advisable to buy the full malewarebytes programme?
matt
 

My Computer My Computer

At a glance

windows 7 64Intel Core i7 2670QM @2.20GHzDDR3 8192 MBytesGeForce GTX 560M
Computer Manufacturer/Model Number
Alienware / M18XR1 CPU1
OS
windows 7 64
CPU
Intel Core i7 2670QM @2.20GHz
Motherboard
Alienware M18xR1
Memory
DDR3 8192 MBytes
Graphics Card(s)
GeForce GTX 560M
Sound Card
IDT High Def Audio CODEC
Monitor(s) Displays
Generic PnP Monitor
Screen Resolution
1920 x 1080 @60Hz
Hard Drives
699GB Seagate ST9750420AS
Yep already did that :)
 

My Computer My Computer

At a glance

windows 7 64Intel Core i7 2670QM @2.20GHzDDR3 8192 MBytesGeForce GTX 560M
Computer Manufacturer/Model Number
Alienware / M18XR1 CPU1
OS
windows 7 64
CPU
Intel Core i7 2670QM @2.20GHz
Motherboard
Alienware M18xR1
Memory
DDR3 8192 MBytes
Graphics Card(s)
GeForce GTX 560M
Sound Card
IDT High Def Audio CODEC
Monitor(s) Displays
Generic PnP Monitor
Screen Resolution
1920 x 1080 @60Hz
Hard Drives
699GB Seagate ST9750420AS
Matt
You can RUN WDO by booting cause it's offline, but you can not istall it alongside as you said whit MSE. Win7 came bundeled with defender but Microsoft decided to replace it with MSE. So when you download an install MSE, the latter take advantage and stops defender. Defender will be back with win8 later with the RTM release.
Take in consideration what GREG adviced to.
 

My Computer My Computer

At a glance

win7 home premium-64bit-SP1-IE10T6600 2.2Ghz4 GbATI Mobility Radeon HD 4530
Computer type
Laptop
Computer Manufacturer/Model Number
HP pavilion DV6
OS
win7 home premium-64bit-SP1-IE10
CPU
T6600 2.2Ghz
Motherboard
HP Model 3628
Memory
4 Gb
Graphics Card(s)
ATI Mobility Radeon HD 4530
Sound Card
IDT High Definition
Screen Resolution
1366x768 @ 60Hz
Hard Drives
500Gb Western Digital
Antivirus
MSE
Other Info
Malwarebytes Antimalware + Spybot-Search&Destroy
ok kool
my laptop is running very well.
mite set up times for a scan to keep it protected
 

My Computer My Computer

At a glance

windows 7 64Intel Core i7 2670QM @2.20GHzDDR3 8192 MBytesGeForce GTX 560M
Computer Manufacturer/Model Number
Alienware / M18XR1 CPU1
OS
windows 7 64
CPU
Intel Core i7 2670QM @2.20GHz
Motherboard
Alienware M18xR1
Memory
DDR3 8192 MBytes
Graphics Card(s)
GeForce GTX 560M
Sound Card
IDT High Def Audio CODEC
Monitor(s) Displays
Generic PnP Monitor
Screen Resolution
1920 x 1080 @60Hz
Hard Drives
699GB Seagate ST9750420AS

My Computer My Computer

At a glance

7 64 bit
OS
7 64 bit
Thanks for reporting what worked, Stuart. I had suggested that for Matt in my first post.
 
I did all of the above and my laptop is still locked!

Hello, please help me. I followed through this thread and did everything as directed and my computer is still locked. I am somewhat tech savvy, my computer is covered by f-secure. Thanks , Susan
 

My Computer My Computer

At a glance

windows 7 home premium 32 bit
OS
windows 7 home premium 32 bit
What were the results of Malwarebytes run in Safe Mode, and Windows Defender run from boot CD?

Then work through the other steps if necessary in the link in my signature below to Fix Unbootable Win7
 
Never Mind
 

My Computer My Computer

At a glance

7 x64
OS
7 x64
Matt
You can RUN WDO by booting cause it's offline, but you can not istall it alongside as you said whit MSE. Win7 came bundeled with defender but Microsoft decided to replace it with MSE. So when you download an install MSE, the latter take advantage and stops defender. Defender will be back with win8 later with the RTM release.
Take in consideration what GREG adviced to.

:cool:Hi, first time on the forum. A few of my good friends have had the above ransomeware virus on their 7 and (older) Vista PCs. Started in "Safe MOde" and tried the simple winlogon fix - no joy. Went further in to the registry to look at :
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run

and "above" \RunOnce

Each had been seperately used to start an unknown program on various PCs. No point in naming it as the name changes every time. Main point is that if you see some peculiar *.exe file quoted in "*\run" or "*\RunOnce", then be suspicious. Simple thing to do is to modify the string by putting a # at the beginning of the suspicious string. This basically says to Windows "ignore this". That way, you won't delete something you really need. Restart your PC and see what has happened. BTW, if any string refers to WMP*, this is a Media Player reference, so is OK. Additionaly, if you find a very oddly named folder in the %system%root, or in %system%root\ProgramData areas, take a look inside when in Safe Mode. There will almost certainly be two HTML files, one of which will be the main body of the lockout screen on normal boot, i.e. "Metropolitan Police" etc.

DELETE THIS ENTIRE FOLDER.

After this, run WDO, AND Malware Bytes - GREAT ADVICE FROM OTHERS ABOVE.
 

My Computer My Computer

At a glance

Windows XP Professional
OS
Windows XP Professional
Back
Top