I hate computer viruses
 

I was just on my pc, I was giving another member some feedback for stuff I bought, and YouTube was open in the other window.
All of a sudden this big homeland security window pops up telling me to pay a $300 fine which can be done using money pack.
It's called the FBI money pack virus:
How to remove FBI viruses - Fake FBI malware removal (FBI ransomware) | Malware Removal - Software & Tutorials
Anybody else get this awesomely fun pain in the ass? What did you do to remove it?

People still get viruses?

I'm thinking of doing a system restore and going back 1 day, I never did that though...

Unless you care about your porn sites browsing history for the 1 day theres no big deal to it. That is option 1, option 2 is complete reinstall.

It's turned off, I don't have time to mess with it until later.
I think it's about time I install malware bytes.

Not exactly sure how, but I haven't gotten a virus in years. I've taken certain steps, disabled certain applications in windows, and tweaked security settings, and it's seemed to work so far. I don't even use Update for the latest security shit. I've made my Windows 7 as simple, and old school as possible. Only modern feature I have is Aero. Then of course I avoid at all costs, shady looking websites that just have that virus smell to them. I'm sure most of us here have that keen eye to see that bullshit a mile away.

Malwarebytes does a good job, so long as the virus hasn't set roots too deep. Any issue I have had with malware in the last 5 or 6 years, has been solved with that program. I still do a routine hdd wipe and reinstall every 2 years or so, just to clean up the mess I make of my system. Also, if you know at all what a clean windows system folder looks like, you can possibly go in and look for files manually, which I've done from time to time.

My pc is old...It's running windows xp.

Microsoft Security Essentials is free and it works.

I've seen the "virus" you mention, and it's nothing more than a hack. Close your browser through task manager and clear the history.

I have security essentials on already...didn't even detect it.
If I power down my pc and restart it, my desktop screen comes up, then all the icons disappear, as does the start menu...then the virus will bring a screen up that reads "the computer is locked". I can move the screen, but cannot minimize it or anything.

My job is a computer repair tech. I remove this from many pcs a day

You need to boot into safe mode with command prompt. type explorer into the cmd window and hit enter. your desktop will come up. youll also need to have a piece of software called combofix on a flash drive. move that to the desktop and run it. when its done reboot to normal mode. download malwarebytes, update it and run it.

or you can pull the drive from the pc, hook it up as a secondary to another pc and scan it with something thats not a wanna be antivirus. I recommend kaspersky.

Ive run combofix on hundreds of pcs and never once had it give me problems or destroy an os. some people say it will screw up your machine, so be aware of that but I wouldnt be too worried.

Good luck man!

Where do I get combofix? I've never heard of it. I was planning on running explorer with the safe mode command prompt...I'm not home, tonight I'll kick it's ass.

+1

get it from here

ComboFix Download

It won't let me start in safe mode w/ command prompt, or safe mode with networking. If I select either one it tells me "scan for viruses" and a pile of other crap on a blue screen.
Now what? I'm thinking this might end up as a hard drive pull, and scan it as a secondary hard drive to get rid of this shit. Unless you guys have other tricks in mind?

So does take over on boot up of the computer? If so it's easily fixable. I've seen many of these come through work and while the file that runs this has gotten a bit better hidden it's still fairly easy to fix without an os reload.

If I just turn on the pc, it goes to desktop then the system blocked screen shows up.
If I try to load any kind of safe mode, it'll give me a blue screen saying to remove viruses and a bunch of stuff.

look up MRI soldier X. MRI is a geek squad tool that has what you need. The program within it is start up manager. Don't let the name fool you though as you can see every file on the computer. Specifically, you can show what is running when you log-on. In the past you just needed to look for a file name of ctfmon.lnk However, I've seen recently that it is now changed and hiding in app data and by a different name.
Easiest way is to shut everything off under the user logon section of and go from there. I forgot to mention that you do have to boot to the disc and not the os.

let me know and I can take some screen shots to get you pointed in a better direction. Using MRI I can usually kill this in less time than it takes to boot to the disc.

So how do I get it to boot if it won't even startup in safe mode?

Get into the bios and change the boot priority. Depending on your brand it may be different that others. Once you change the boot priority to cd then hdd. it should take care of itself.

Sounds like your only option left is to pull the drive and scan it on a different machine. There are many different variants of the "fbi virus". Some will copy to your restore points and make removal that much harder. When you get it cleaned up, Get your java and adobe flash player up to date there are tons of java exploits that lead to infections such as this. You can also look into making a kaspersky boot disc that has a their scanning engine and the lastest virus deffinitions from kasperskys site. Boot to that and give it a shot.

I was fuckin jacked when I got this message up on my screen cause it said 3 violations. 1 for child pornography, 1 for copyright violation, and 1 for unlicensed software. I have absolutely none if those things on my computer, so first I was like wtf. Then I was like "oh it's asking for money...it's a virus".

My son got this same FBI BS on his mother's laptop surfing youtube...pulled the hard-drive, scanned with Malwarebytes freeware on another computer, done deal. What is pretty creepy is the FBI warning page had a small screenshot of my son (7 yrs old) with the "WTF is this BS" look on his face from the laptop cam...

Yeah I've read that it can use your webcam to take a photo of the user and put it on the warning message. My computer is so old it doesn't have a webcam or anything. I'm suprised it even has USB ports. My laptop on the other hand is completely different.

Check out the email i just got... totally legit.


ANTI-TERRORIST AND MONETARY CRIMES DIVISION
FBI HEADQUARTERS WASHINGTON DC
FEDERAL BUREAU OF INVESTIGATIONS J.EDGAR HOOVER BUILDING
935 PENNSYLVANIA AVENUE, NW WASHINGTON, D.C. 20535-0001
Ref: FBI/DC/25/113/13/2013
https://www.fbi.gov

Urgent attention needed

We have been informed through our global intelligence monitoring network that the sum of $10.500, 000.00, has been released from a bank in Africa bearing your name as the beneficiary without dist certificate to clear your name and fund from every terrorist or drug or money laundering activities

The bank knowing fully well that they do not have enough facilities to make this payment from any part of the world to your account directly, used what we know as a secret diplomatic transit payment (s.t.d.p) method to make the payment. direct transfers are difficult and secret diplomatic transit payment (s.t.d.p) are not usually made unless the funds are related to terrorist activities and we ask why must your payment be made in a secret transfer if your transaction is legitimate.

We do not want you to get into trouble as soon as these funds reflect in your personal account, so it is our duty as an international agency to correct these little problems before this fund reflects into your personal account.

we advice you to contact us immediately, as your funds have been stopped and are being held in our custody, until you are able to provide us with the dist certificate within 3 days from the country that authorized the transfer to certify that the funds that you are about to receive are terrorist/drug free or we shall have cause to impound the payment and subsequently prosecute you for cross border terrorist financial activites.

based on our findings, our investigative department wish to warn you against some miscreants, hoodlums and touts who go about scamming innocent people by claiming to be who they are not and thereby tarnishing the image of this wonderful country. By sending out fraudulent emails without our official logo and emblem we shall release your funds immediately we receive this legal document and we will ensure that you receive your payment without any further delay.

Note

We decided to contact you directly by email to acquire the proper verifications and proof from you to show that you are the rightful person to receive this fund, because of the huge amount involved. Be informed that the funds are now with a top bank in the united state in your name and under the monitoring/custody of the FBI. At the moment, we have asked the bank not to release the fund to anybody that comes to them, unless we instruct them to do so, and only if we receive the dist certificate this is to enable us carry out a comprehensive investigation first before releasing the fund to you.

hence, you are to forward your dist certificate to us immediately if you have it in your possession, if you do not have it, then let us know so that we will direct you to the appropriate authority to obtain the certificate then you are to send it to our office. And thereafter, we will instruct the bank holding the funds, to go ahead and credit your account immediately. If you fail to provide the documents to this office, we will prosecute you and take appropriate action against you for not proving the legality of the funds.

Finally if you truly want to receive this funds without F.B.I troubles then reconfirm the following below

Name
Address
Sex
Contact number
Country of origin of funds

Yours Faithfully

SPECIAL AGENT JUKE WILLIAMS
FOR FBI DIRECTOR
MR. ROBERT S. MUELLER

Any luck yet?

Purchase malewarebytes. It's worth the money. The purchased version does a very good proactive job and preventing threats. Stop looking at porn using internet explorer.

I got malware bytes (free edition) I will be purchasing the full version. No luck with my pc yet, I decided that I'm gonna pull the hard drive, and have it copied to a flash drive, cause I have a pile of files on there I don't want to see disappear. Then I'm gonna buy a $300 desktop brand new with windows 8 so I feel like I'm not living as deep under the rock as I am.
As far as porn, I do not and will not even think of using my pc for that.

lol the porn sites are safer than half the fucking pages out there. You dont need to go to shady sites any more with whats out there.

Lets say that somebody uses your wifi (router) access to view a porn site which would contain a virus. Would your home computers also get infected?

Did you try what I suggested?

so does this guy:

http://news.cnet.com/8301-17852_3-57...or-child-porn/

No, I didn't try to boot off USB or CDROM...

That's some funny shit!

Seriously, make a 'standard' user that doesn't have Administrative rights and use that. Only log in as the Administrator user for installing shit.

Then if you happen to get this stuff on your machine you can log in as the Administrator user and clean up or delete your standard user's profile.

This is common practice on UNIX and VMS, I have applied the same principle to Windows and it seems to work.

I have never heard of a virus or maleware taking control at safe mode.

Please take a picture of the message you are seeing and post it up.

If you can get to the desktop and install team viewer, ill fix your shit for you.

Here are some photos I took with my camera of what I'm dealing with.
1st pic is what the virus looks like when it takes over the whole screen of my pc. I can click it with my mouse and move it, but there are no icons behind it, and no start menu to click on.
Attachment 84497
2nd pic is what comes up if I restart windows and hit control alt delete when my desktop appears. A bunch of files will shop up under processes, but eventually the screen will get covered with photo #1.
Attachment 84498
Photo 3 is the only option I get when I try to load safe mode with command prompt:
Attachment 84499
Lastly, this is the blue screen I get after choosing the windows xp option after I selected safe mode with command prompt:
Attachment 84500

Owned. I'd imagine your best bet is to boot up into a Live OS and back up only the things you really need on a USB drive. Then have those files scanned by your local computer nerd. Then after fully reinstalling windows, updating it to the latest updates, installing proper virus protection, connect the USB drive and restore you files.

third please try what I suggested. You can knock this out quick without an os reload or pulling the hard drive. The infection is always in app data. It takes longer to to boot to the MRI cd I suggested than to remove this thing. Oh and your last pic, 7b is generally a failing hard drive.

Because this infection is run on log on, you can't do anything. task manager file back up, new account creation, nothing. One thing you can try is this infection in usually dependent n an internet connection is to get it off a live internet connection. It doesn't alwyas work but its something.

Look at the error messages in the center of the screen in photo #2. Those messages are missing system files errors that have been appearing for like the past 2 years. I don't think this virus is the only thing wrong with my system. Therefore, I'm gonna slave the HDD and pull the files I want. It's time for a new system anyway. Suggestions? I was looking at something like this:
Dell - Inspiron Desktop - 4GB Memory - 500GB Hard Drive - I660S-1540BK - Best Buy
Or similar...cause everybody knows I'm cheap and simple.

Actually, it's more common to be a bad HD controller on the MB. Usually due to bad caps on the board. Dells were known for this a while back.


New MB are available on eBay for cheap. It's a pain in the ass, but that's what I had to do.

You can grab a Linux Live CD with an anti-virus built in, so you can kill 2 birds with 1 stone. Load it up, scan the files you want, copy them to a USB drive, and wipe out the rest. Here's a few I found with a quick search. I'm not sure any of those will be able to remove your current problem, but at least you can clean the files you want to save.

Newegg.com - Shell Shocker Deal. Exclusive Jaw Dropping Savings on PC Components and Electronics. some assembly required you do get a lot more for you dollar though.

You guys are awesome! The help is greatly appreciated.

PROBABLY not.

Eg: definately not directly.

The only risk here would be that if someone is on your wifi, they're on the same subnet as you and inside your firewall. Thus, if their PC is infected with a network worm, there's a higher probability of contagion.

This attack vector, however, is fairly uncommon these days. (Too much work on the part of the author as compared to tricking idiots to click "yes" on a web page popup.)

But having someone else using your wifi does open you up to having your door kicked down, flashbangs tossed in to your living room, and your dog getting shot.

I had the same virus (wifes computer :rofl: go figure...)

I logged in as Administrator and created another user with normal rights and copied over the files I really needed to save.

Then blew away the original user and files (because I'd already moved them).

Then, I removed the shit programs that had accumulated and reinstalled what I needed.

Worked fine after.

But, really probably best to just reinstall/upgrade the OS.

It is a PITA virus to make go away especially when your wife thinks the gestapo is going to kick in the door any moment.

Update:
Took it to geek squad today. They're gonna transfer the files from my hard drive onto my 500GB external hard drive I just bought. I'm blown away cause I just paid $42 for an external 500GB hard drive. I can't really fathom this right now. I'm from the old days of 286 25mhz with 40MB hard drives. I remember when 1.3 gigs cost like $479. Now I just paid $42 for 1/2 a terabyte???

lol. I have 3TB of storage on just my desktop. The internal hard drives are even cheaper than the externals.

Technically they are the same price.. u just need a box for the enternals.

Yes the internal drives are the same. But you pay extra for the external drive because of the SATA to usb adapter and power adapter.

The box costs 30 bucks.

Thus making an external drive more expensive. Glad we could come to the same conclusion I did 4 posts ago.

Geek squad called me like 1/2 hour ago and told me they finished my data transfer. I'm not sure when I'm gonna go pick up my stuff, but I will definately be buying a new desktop. I'm looking to spend around $300, recommendations?

DIY or craigslist?

Well, I pretty much assemble my own and have since my first 286 around 1989 (not my first computer). To be honest though the challenge pretty much went away once clock speeds reached 2.5Ghz.

I think it's like having hot rods of old... 'hey I reached 3.2Ghz with the overclock what's yours'?

It's the reason I got back into things with engines and wheels.

For a desktop, look at Newegg online or just go to Best Buy.

Just camp the Lenovo Outlet for a few days until you find a good deal. They post new stuff all the time so you just have to keep checking. $300 should easily get you a high end i3 or low end i5 processor, 4GB RAM, 500GB+ HD. Better than that if you can wait a while and keep checking their site diligently.

I paid $283 for a system with an i5-3470, 4GB of DDR3 RAM, 1 TB HD, and a DVD-RW drive. I added another 8 GB of RAM ($48) and a Radeon HD 6450 video card ($35) myself.

Lenovo Outlet | Laptop, Desktop and Tablet PCs | Lenovo | (US)

Now, I'd opt for something with an Intel I5 or better processor even though I used mostly AMD in the past (cost...). Today, the price diff in an already built system is probably $50 or so.

I think you said you had a company laptop? If I only had a desktop and was thinking about upgrading I'd seriously consider just the laptop and an external keyboard/mouse + monitor at home.

Back to school time so the sales are on at the office supply places also. Sometimes, you can buy the display models for another 15-25% off if you look or ask.

Microcenter has some amazing deals on Processor/Mobo combos. I vote getting a 4670 which is the fourth generation I5.