Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blocked computer, wants $100 to unlock it


  • Please log in to reply
1 reply to this topic

#1 chev65ss

chev65ss

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 12 June 2012 - 01:59 PM

Hello,

HELP! HELP! HELP!

My computer has been blocked by "Computer Crime & Intellectual Property Section" of the "United States Department of Justice". A message covers my screen like a screensaver, there is no "X" out button or anything.

Here is what the message says:

ATTENTION!!!
Your PC is blocked due to at least one of the reasons specified below.

You have been violating Copyright and Related Rights Law (Videos, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article I, Section 8, Clause 8, also known as the Copyright Clause which states.

To unblock the computer, you must pay the fine through MoneyPak of $100.
How do I unlock computer using the MoneyPak?

1. Find a retail location near you.
2. Look for a MoneyPak in the prepaid section. Take it to the cashier and load it with cash $100. A service fee of up to $4.95 will apply.
3. To pay fine, you should enter the digits MoneyPak resulting code in the payment form and press OK.


At the moment I am in safe mode with a network so I'm wondering if this message is true. If it isn't I would like to remove it as soon as possible.

In other forums I have followed your instructions on RogueKiller. Here is my RKreport.txt:

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User: DeLuna [Admin rights]
Mode: Scan -- Date: 06/12/2012 14:28:54

Bad processes: 0

Registry Entries: 0

Particular Files / Folders:

Driver: [NOT LOADED]

Infection :

HOSTS File:


MBR Check:

+++++ PhysicalDrive0: WDC WD7500BPKT-75PK4T0 +++++
--- User ---
[MBR] 02b5b397c39d265b91ff271630d6211d
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 695299 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

I am unable to download the DDS at the moment, I will try again after I post this.

Please if you could help in anyway I would really appreciate it

BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:44 PM

Posted 13 June 2012 - 10:32 PM

Welcome to the forum, chev65ss!

There is a ransomware hijacker masked as US Department of Justice warnings about illegal activities on your computer, but, these are fake warnings. Please do not provide any monetary gain to this scheme!


Is it possible for you to boot into the Directory Services Restore Mode?

You can do so by restarting the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
  • Select: Directory Services Restore Mode
  • The computer engages in a few processes, and finally takes you to a type of Safe Mode with Networking mode with capabilities to download programs.

Next, please do the following...

Download Malwarebytes' Anti-Malware
Save to the Desktop.

MBAM may make changes to the Registry as part of its disinfection routine.
If using other security programs that detect Registry changes, they may interfere or alert you.
Permit them to allow the changes.
When the installation begins, follow the prompts and do not make any changes to default settings.

Make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware


Click: Finish

MBAM automatically starts and you are asked to update the program.

If an update is found, the program automatically updates itself.
Press the OK button to close that box and continue.

On the Scanner tab:
Make sure the Perform Full Scan option is selected.

Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected.
Click on the Start Scan button.

The scan may take some time to complete, so please be patient.

When the scan is finished, a message box shows The scan completed successfully. Click 'Show Results' to display all objects found

Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware found.
Make sure that everything is checked, and click: Remove Selected

When removal is completed, a report opens in Notepad.

The log is automatically saved and can be viewed by clicking the Logs tab.

Please copy/paste the entire contents of the MBAM report in your reply.

Exit MBAM when done.


Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot your computer so MBAM can proceed with the
disinfection process. If asked to restart the computer, please do so immediately.

Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.

~~~~
Also download DDS
Save to the Desktop

Once again, if using security programs, they may interfere or alert you. Please permit them to allow the changes.

Windows 7: Right-click DDS and select 'Run as Administrator'

When done, DDS opens two logs:
-DDS.txt (Opens on the Desktop)
-Attach.txt (Minimized on the TaskBar)

Please post both reports (do not attach) in your reply.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users