Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HOW TO FIX A FEDEX SCAM


  • This topic is locked This topic is locked
41 replies to this topic

#1 sm24

sm24

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 21 June 2011 - 05:23 PM

How to fix a fedex scam virus/malware in windows 7 32 bit?

when I run into normal mode,there is some sort of windows recovery scan (not sure of what it's called) and there's a notification saying critical error and or can't access hardware and my desktop is empty is it a sign that my files were hidden because of a malware/spyware/virus? what specific virus/malware/spyware is it?. I also have a blank desktop,while in this mode and also in the safe mode.

I also need to backup first my files,can I do this with a dvd cd aside from an external hard drive? Can I do this backup while in safe mode? How?
I mentioned that I have a hunch that having an empty desktop while in normal mode is that my files are hidden by the malware? Is it safe to unhide my files for me to have a backup? how do I do this?


Please help,and thanks in advance!

Edited by sm24, 21 June 2011 - 05:26 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 AM

Posted 21 June 2011 - 09:53 PM

Hello,
2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.


Please follow our Removal Guide here Remove Windows 7 Repair .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The MBAM log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

The Tdsskiller log
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 sm24

sm24
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 22 June 2011 - 07:54 AM

thanks,before I would do that I would like to make a backup of my files,because I have DON'T HAVE any backup before the infection came,but it seems that my files are hidden,can I back them up even if they are hidden? and if I use unhide.exe,is there a guarantee that my files will not be harm by the malware? second if I follow these steps for my windows 7 for me to unhide them is there also a guarantee that the malware will not harm or delete them?

Edited by sm24, 22 June 2011 - 07:55 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 AM

Posted 22 June 2011 - 01:00 PM

Run this first and see if you see your data after...UnHide
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 sm24

sm24
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 22 June 2011 - 05:33 PM

can I run unhide.exe in safe mode?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 AM

Posted 22 June 2011 - 07:04 PM

YES
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 sm24

sm24
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 22 June 2011 - 11:39 PM

thank you,will do it and post whatever the result is,again,thank you.

#8 sm24

sm24
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 23 June 2011 - 02:59 PM

help again,it's weird,but it seems that the windows recovery thing doesn't pop out in my desktop,it's been seven days since the infection,and I am about to try unhide.exe first and back up my data before running rkill and malwarebytes anti malware,but again I think it's weird,what could this mean? help,is this another trick due to the malware? or there is a hidden agenda of the malware to pretend it does not working,what should I do?
haven't tried ANY of the solutions written here,all I did for the first 3 days of infection was perform a system scan in safe mode.

please help if you could explain what this means and if it is dangerous to my files. for now I am performing a complete scan/system scan in normal mode.thank you.

again sirs,thank you in advance

Edited by sm24, 23 June 2011 - 06:07 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 AM

Posted 23 June 2011 - 03:12 PM

Ok looks like the infection exists... DO NOT run any Temp file or Registry cleaner..

>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 sm24

sm24
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 23 June 2011 - 06:06 PM

thank you,pardon sir,I don't know what a temp file is and what is a registry cleaner? is an anti virus considered as registry cleaner?

#11 sm24

sm24
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 23 June 2011 - 06:20 PM

Sirs,my mistake,I haven't run unhide.exe yet.I've edited my question before your reply..here is the edited one:

"help again,it's weird,but it seems that the windows recovery thing doesn't pop out in my desktop,it's been seven days since the infection,and I am about to try unhide.exe first and back up my data before running rkill and malwarebytes anti malware,but again I think it's weird,what could this mean? help,is this another trick due to the malware? or there is a hidden agenda of the malware to pretend it does not working,what should I do?
haven't tried ANY of the solutions written here,all I did for the first 3 days of infection was perform a system scan in safe mode.

please help if you could explain what this means and if it is dangerous to my files. for now I am performing a complete scan/system scan in normal mode.thank you.

again sirs,thank you in advance "


BTW,my system scan has finished and avira didn't detect anything I have already turned off my computer.

Edited by sm24, 23 June 2011 - 06:33 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 AM

Posted 23 June 2011 - 07:21 PM

Hello, I mean do not run a tool like CCleaner,ATF,TFC by OT or tools like Registry Mechanic. The tools we offer and your Antivorus are OK.

This guide will explain the tricks better than I can Remove Windows 7 Recovery

Edited by boopme, 23 June 2011 - 08:32 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 sm24

sm24
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 23 June 2011 - 07:34 PM

Ok sir..The first time I opened the infected laptop today it shut down due to battery loss when I plugged it and turn it on I forgot that the our wifi is on and it connected to the internet and automatically updated itself (avira)then I turned it off (our wifi) and (my comp) and turn it on again (my comp only) I am curious if I can trust the said update because I do not know if the malware cause it to update,and now I wonder if the said update caused the windows system recovery not to pop out.I am sorry for asking so many questions because I am not familiar with most of the computer thing. thanks for being patient and answering my questions.

Edited by sm24, 23 June 2011 - 07:36 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 AM

Posted 23 June 2011 - 07:43 PM

Trust it
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 sm24

sm24
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 23 June 2011 - 08:23 PM

ok,thank you,so which will I run first,fixexe.reg or unhide.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users