I followed these steps to get rid of it on one of my employees personal computers.
Copied these two files to a zip drive: http://download.bleepingcomputer.com/reg/fixtm.reg http://live.sunbeltsoftware.com Download vipre rescue. Run the fixtm.reg and merge the data to your registry Open windows task manager go into the process tab and shut down Windows Police Pro.exe and Svchast.exe Run the vipre.exe from the jump drive(dvd or cd if you prefer) and let it clean the system. I rebooted and had no issues after that. I uninistalled Norton and put vipre consumer on there and he says everything is working with no problems... Hope this helps. Regards, Chris Orovet Technical Support O: (727)812-0276 Ext. 125 F: (727)812-0278 Email: supp...@atsi-inc.com Web: http://www.atsi-inc.com "Whatever relationships you have attracted in your life at this moment, are precisely the ones you need in your life at this moment. There is a hidden meaning behind all events, and this hidden meaning is serving your own evolution." ~Chopra Confidentiality Notice: This e-mail message and any attachments are for the sole use of the intended recipient and may contain proprietary, confidential, trade secret or privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited and may be a violation of law. If you are not the intended recipient or a person responsible for delivering this message to an intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message immediately. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, September 04, 2009 12:49 PM To: NT System Admin Issues Subject: RE: Windows Police Pro Thanks for the FYI, Been stuck in NPP Memory issues with an Oracle Cluster for the last 4 days.... Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 ________________________________ From: paul chinnery [mailto:pdw1...@hotmail.com] Sent: Friday, September 04, 2009 12:29 PM To: NT System Admin Issues Subject: RE: Windows Police Pro I had one pc infected with it. I could clean most of it but could never get back Task Mgr. Since she had a spare machine to use, I took it back to my office to work on it. I tried a lot of different tricks I've learned through the years but never got that functionality back. I finally reformated and gave it back to her yesterday. ________________________________ To: ntsysadmin@lyris.sunbelt-software.com Subject: Re: Windows Police Pro From: richardmccl...@aspca.org Date: Fri, 4 Sep 2009 10:47:42 -0500 Well, this would not have worked with the rooted machine I came across a couple of weeks ago. Any of the various ways to access TaskManager were denied. Hitting the power button, then tapping F-8 to try to get into SafeMode would not work - numerous attempts ended up with "regular mode" XP running. The infected profile, a local admin on XP Home, did let me create a new administrator user. That new user was able to install MalwareBytes from a CD - no way to download anything with that root kit running! - and run it. Then this new user could finish running the assorted clean-up tools. -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA(r) 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org <http://www.aspca.org/> The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. Micheal Espinola Jr <michealespin...@gmail.com> wrote on 09/04/2009 10:37:45 AM: > Of course, shortly after sending this I come across something decent > on page 7 of my most recent Google search. This one looks good, walks > through a Malwarebytes-based cleaning, and covers things that I > haven't seen in any other "guides" I have come across: > > http://www.geekpolice.net/malware-removal-guides-f12/remove- > windows-police-pro-removal-guide-t13546.htm > > However, I dont think it will work in all circumstances of a WPP > infection (particularly if the registry is corrupted and .exe's can be > run), but its worth a try. Even the Microsoft forum discussions on > this malware are useless. > > But of course, I say this one "looks good", since I havent had the > opportunity to try it yet. But I suspect I will very soon. > > -- > ME2 > > > > On Fri, Sep 4, 2009 at 11:21 AM, Micheal Espinola > Jr<michealespin...@gmail.com> wrote: > > If you havent heard of it already, start Googling it. Its the next > > big thing that you will be re-imaging infected systems for. > > > > I've seen it twice now, and its very messy. > > > > -- > > ME2 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ________________________________ With Windows Live, you can organize, edit, and share your photos. Click here. <http://www.windowslive.com/Desktop/PhotoGallery> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<image001.jpg>>