Booted the PC up this morning and after a slow startup a screen appeared claiming to be something to do with Gema in association with the Metropolitan Police. Said it detected illegal music downloads (not so) and I need to pay £50 to UKASH to get a code to unlock said PC. Also shows what is claimed to be my IP address but that is incorrect.

I need to unplug the PC to switch off and when rebooting using the delete key to enter setup I get a red password box that I've never seen before.

Running XP, any ideas?

Rob,

when rebooting using the delete key to enter setup

Can you explain why you need to press the delete key on boot? Is that something you do each time on start up?

Does the computer boot to the desktop, and you then get the password box?

Does pressing the Escape key, Alt F4, or any key, remove the password box?

Sounds like this is a variation of the Virus scanner software scam to relieve people of their credit card details.

Most definitely scam.

Sounds like a clever virus. I would suggest the recommendations in post #29 in this thread. (http://www.pprune.org/computer-internet-issues-troubleshooting/466938-irritating-virus-2.html)

You've been hacked/virused. If it throws up a password box on startup, it's a nasty one.

Don't pay money to that lot - they're crooks.

It's no good, I can't wait. I'm going postal...

Down load Microsoft Standalone System Sweeper (http://connect.microsoft.com/systemsweeper)on another machine.

Follow the instructions.

Run Malwarebytes. Let it update, if required. Run a full scan and remove any rubbish found.

If that doesn’t do it…


• Unplug the bad machine from the Internet.

• Start it and Log On.

• Log off.

• Log on and then immediately start pressing Ctrl/Alt/Del several times until you get to the System configuration box. (msconfig)

• Look for any unusual Startup items:
(random characters).exe
avsuite.exe
avsoft.exe, or something similar which may be connected to the message you are getting. Google for ident if not sure.

• Kill them! – oh, alright, untick the box in the Startup Item column. Apply.

• Run Malwarebytes. Let it update, if required. Run a full scan and remove any rubbish found.

• Install Microsoft Security Essentials. Scan.

• Stay away from web sites not on the ‘Main road’. Never click on links in emails. Use a Firewall.

How to Remove BUNDESPOLIZEI Achtung! Virus Step by Step | removespywarecenter (http://www.removespywarecenter.com/how-to-remove-bundespolizei-achtung-virus-step-by-step/)

Spurlash,

As soon as I log on the virus boots up and I've lost control and am unable to log off.

Mike,

Yes that looks like the German version.

It looked promising until I entered Taskmgr.exe when it told me the task manager had been disabled by the administrator. Looks like they've covered everything.

Aren't you having fun, presumably you're pressing delete to get into the BIOS set up? If that's so and the virus has accessed the bios and set a password to enter the bios you may have real problems. Switching the M/C off and removing the bios battery may or may not remove the set password, consult your mother board manual for a possible answer.

Do you have an old hard drive anywhere that you could plug in instead of the existing one? If so unplug the current one and insert the old one and power up, if it says operating system not found then insert the XP disc if you have one, or borrow one (you don't need to register the install immediately) and see if you can install it, if you can then plug the other drive in as a slave and you should be able to operate on its file system and remove the virus manually.

Have you tried the MSSS option?

It boots from the CD.

Had trouble at first trying to boot the MSSS from a stick so tried a disc. It looked promising finding errors but then booted up with the same problem.

I have a couple of old HDDs so will try installing one of those and then connecting the infected one via a usb connection as a slave, but not before I've downloaded the Malwarebytes program. Job for tomorrow!