thirdgen

iTrader: (26)

I was just on my pc, I was giving another member some feedback for stuff I bought, and YouTube was open in the other window.
All of a sudden this big homeland security window pops up telling me to pay a $300 fine which can be done using money pack.
It's called the FBI money pack virus:
How to remove FBI viruses - Fake FBI malware removal (FBI ransomware) | Malware Removal - Software & Tutorials
Anybody else get this awesomely fun pain in the ***? What did you do to remove it?

FRT_Fun

iTrader: (19)

People still get viruses?

thirdgen

iTrader: (26)

I'm thinking of doing a system restore and going back 1 day, I never did that though...

triple88a

iTrader: (2)

Unless you care about your **** sites browsing history for the 1 day theres no big deal to it. That is option 1, option 2 is complete reinstall.

thirdgen

iTrader: (26)

It's turned off, I don't have time to mess with it until later.
I think it's about time I install malware bytes.

NA6C-Guy

iTrader: (1)

Not exactly sure how, but I haven't gotten a virus in years. I've taken certain steps, disabled certain applications in windows, and tweaked security settings, and it's seemed to work so far. I don't even use Update for the latest security ****. I've made my Windows 7 as simple, and old school as possible. Only modern feature I have is Aero. Then of course I avoid at all costs, shady looking websites that just have that virus smell to them. I'm sure most of us here have that keen eye to see that bullshit a mile away.

Malwarebytes does a good job, so long as the virus hasn't set roots too deep. Any issue I have had with malware in the last 5 or 6 years, has been solved with that program. I still do a routine hdd wipe and reinstall every 2 years or so, just to clean up the mess I make of my system. Also, if you know at all what a clean windows system folder looks like, you can possibly go in and look for files manually, which I've done from time to time.

thirdgen

iTrader: (26)

My pc is old...It's running windows xp.

rleete

iTrader: (21)

Microsoft Security Essentials is free and it works.

I've seen the "virus" you mention, and it's nothing more than a hack. Close your browser through task manager and clear the history.

thirdgen

iTrader: (26)

I have security essentials on already...didn't even detect it.
If I power down my pc and restart it, my desktop screen comes up, then all the icons disappear, as does the start menu...then the virus will bring a screen up that reads "the computer is locked". I can move the screen, but cannot minimize it or anything.

92dx

iTrader: (2)

My job is a computer repair tech. I remove this from many pcs a day

You need to boot into safe mode with command prompt. type explorer into the cmd window and hit enter. your desktop will come up. youll also need to have a piece of software called combofix on a flash drive. move that to the desktop and run it. when its done reboot to normal mode. download malwarebytes, update it and run it.

or you can pull the drive from the pc, hook it up as a secondary to another pc and scan it with something thats not a wanna be antivirus. I recommend kaspersky.

Ive run combofix on hundreds of pcs and never once had it give me problems or destroy an os. some people say it will screw up your machine, so be aware of that but I wouldnt be too worried.

Good luck man!

thirdgen

iTrader: (26)

Where do I get combofix? I've never heard of it. I was planning on running explorer with the safe mode command prompt...I'm not home, tonight I'll kick it's ***.

icantthink4155

iTrader: (12)

+1

Boosted Escort

iTrader: (1)

get it from here

ComboFix Download

thirdgen

iTrader: (26)

It won't let me start in safe mode w/ command prompt, or safe mode with networking. If I select either one it tells me "scan for viruses" and a pile of other crap on a blue screen.
Now what? I'm thinking this might end up as a hard drive pull, and scan it as a secondary hard drive to get rid of this ****. Unless you guys have other tricks in mind?

NastyNate

iTrader: (1)

So does take over on boot up of the computer? If so it's easily fixable. I've seen many of these come through work and while the file that runs this has gotten a bit better hidden it's still fairly easy to fix without an os reload.

thirdgen

iTrader: (26)

If I just turn on the pc, it goes to desktop then the system blocked screen shows up.
If I try to load any kind of safe mode, it'll give me a blue screen saying to remove viruses and a bunch of stuff.

NastyNate

iTrader: (1)

look up MRI soldier X. MRI is a geek squad tool that has what you need. The program within it is start up manager. Don't let the name fool you though as you can see every file on the computer. Specifically, you can show what is running when you log-on. In the past you just needed to look for a file name of ctfmon.lnk However, I've seen recently that it is now changed and hiding in app data and by a different name.
Easiest way is to shut everything off under the user logon section of and go from there. I forgot to mention that you do have to boot to the disc and not the os.

let me know and I can take some screen shots to get you pointed in a better direction. Using MRI I can usually kill this in less time than it takes to boot to the disc.

thirdgen

iTrader: (26)

So how do I get it to boot if it won't even startup in safe mode?

NastyNate

iTrader: (1)

Get into the bios and change the boot priority. Depending on your brand it may be different that others. Once you change the boot priority to cd then hdd. it should take care of itself.

92dx

iTrader: (2)

Sounds like your only option left is to pull the drive and scan it on a different machine. There are many different variants of the "fbi virus". Some will copy to your restore points and make removal that much harder. When you get it cleaned up, Get your java and adobe flash player up to date there are tons of java exploits that lead to infections such as this. You can also look into making a kaspersky boot disc that has a their scanning engine and the lastest virus deffinitions from kasperskys site. Boot to that and give it a shot.