Windows Police Pro...heck yeah some fun malware

YeOldeStonecat

[H]F Junkie
Joined
Jul 19, 2004
Messages
11,330
Working on this dudes laptop, got zapped by the above mentioned rogue/fake alert. Wow this one hits all corners of Windows.

Pump.exe is the fun part of it...can't run anything, pump.exe comes up.

Yeah yeah, I can hear everyone.."Format/reinstall"

It's like a rubiks cube though...a good puzzle, gotta beat it.

//gonna be a long night.
 
Hehe, I feel your pain. My buddies uncle got the earlier version of this one, Nasty nasty nasty little sumbitch. I ended up reformatting , luckily he didnt have anything on there he needed.
 
this is why i have a usb hard drive with a ghost image almost every dell in the past 5 years on it..
that doesn't always work though.. have you encountered the ones that re-register all of the exe files to not work?
once it get's to a certain point you just have to boot from a bart-pe cd and kill the files manually then hope it will be usable when you go back in..
something like that..
 
Yeah yeah, I can hear everyone.."Format/reinstall"

It's like a rubiks cube though...a good puzzle, gotta beat it.

//gonna be a long night.
I'm glad to know there's at least one other person like this :p I always feel defeated with I have to resort to reformatting.
 
I know a guy who was trying to help a mutual friend with this one, and it jumped onto his flash drive - and right onto his home PC.:D
 
I ran into this one a couple weeks ago. Deleted pump.exe manually, then rebooted and was able to run programs again. Ran MBAM and Spybot S&D, cleaned out tons of malware.
 
I'm glad to know there's at least one other person like this :p I always feel defeated with I have to resort to reformatting.

I feel the same way. Like the OP said, it's like a puzzle you want to figure out. We're nerdy like that, I guess.
 
I saw this one on a customers PC the other week, thankfully being level 1 helpdesk meant it wasn't my problem :)
 
Easy fix!

Combofix will absolutely destroy Windows Police Pro in one easy step. You just run the exe and go make yourself some coffee.

You might have to rename Combofix.exe to something like WindowsPoliceSucks.exe or Rootkitsblow.exe, etc. first though.
 
Rename regedit.exe to regedit.com and then run that and edit the .exe file type in the registry. It's set to open with another program instead of the shell. Works like a charm. You can then run .exe's all you want. Run Malwarebytes and SUPERAntispyware and you should be good to go.
 
I personally could not get Malwarebytes to run, even by renaming files. I had to use combofix.
 
Rename regedit.exe to regedit.com and then run that and edit the .exe file type in the registry. It's set to open with another program instead of the shell. Works like a charm. You can then run .exe's all you want. Run Malwarebytes and SUPERAntispyware and you should be good to go.

Googling that pump.exe, which is was caused the shell problem, lead me to rediscover a utility I had used years ago but forgotten about, a little .INF file Symantec hosts called UnHookExec.inf

http://www.symantec.com/security_response/writeup.jsp?docid=2004-050614-0532-99

Right click, select install..all set before you can blink an eye. So it's on my USB drive now.
 
Back
Top