Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI locked computer scam


  • Please log in to reply
13 replies to this topic

#1 AstroIROC

AstroIROC

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Martinsburg, WV
  • Local time:09:05 AM

Posted 19 July 2012 - 02:58 PM

Hello I have a computer that has the FBI locked computer pay with moneypak or you will be prosecuted scam. It starts up when the PC starts up and blocks the desktop. I've tried several tricks but can't seem to get it shut off to get rid of it. It does this in safe mode also. accessing task manager through the ctrl,alt,delete or ctrl,shift,esc don't work. Hoping you all can help me figure this out. I've even took the HDD out and put in a usb dock and run SAS on it. found some things but can't do any registry things from there. Thanks Astro

Edited by hamluis, 19 July 2012 - 03:15 PM.
Moved from MRL, no logs, to Am I Infected - Hamluis.

I am hungry for knowledge

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:05 PM

Posted 19 July 2012 - 03:21 PM

Hi, could you tell me what version of Windows this is?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 AstroIROC

AstroIROC
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Martinsburg, WV
  • Local time:09:05 AM

Posted 19 July 2012 - 03:24 PM

xp pro
I am hungry for knowledge

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:05 PM

Posted 19 July 2012 - 03:27 PM

Can you reboot in Safe mode and select there the Administrator account? Does the scam come up there too?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 AstroIROC

AstroIROC
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Martinsburg, WV
  • Local time:09:05 AM

Posted 19 July 2012 - 03:27 PM

yes it does
I am hungry for knowledge

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:05 PM

Posted 19 July 2012 - 03:58 PM

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Download the following file and save it to your USB drive: http://noahdfear.net/downloads/shellfix.ndf
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Doubleclick on shellfix.ndf and let it run.
  • Exit xPUD and remove the USB drive and insert it back in your working computer.

Post me the created log and let me know if you can get in Windows normally now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 AstroIROC

AstroIROC
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Martinsburg, WV
  • Local time:09:05 AM

Posted 19 July 2012 - 06:49 PM

Thanks Elise. After doing that the PC kept blue screening!! So I reformated and reinstalled windows!! All is well Thanks again
I am hungry for knowledge

#8 garathnor

garathnor

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 19 July 2012 - 07:42 PM

I have registered just now in order to provide an alternate solution to this problem. I am in no way technically challenged, having run and administered various srevers in my history. However the solution provided did not seem to be effective in my experience, I had trouble downloading hte program htat was made available and decided to look elsewhere for help on this topic. However before I did that, I tried one of the most basic solutions to all virus/malware problems. I did a system restore. It has so far worked. I will not post again unless I have more trouble with this particular piece of malware. So if you all never hear from me again it is a good thing :D

So to recap, before trying the program thingy above try a system restore, which can be access in safe mode. Im sure an admin will give a more detailed account of how to do that if needed. Im off now to do some poking around in my sytem files to make sure it is really gone :D

#9 AstroIROC

AstroIROC
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Martinsburg, WV
  • Local time:09:05 AM

Posted 19 July 2012 - 07:46 PM

The problem with that is the PC was not usable even insafe mode. The pc was blocked even in safe mode with the stated malware.
I am hungry for knowledge

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:05 PM

Posted 20 July 2012 - 02:12 AM

Sorry to hear that AstroIROC, based upon the posted log we could look for a cause, but if you reformatted there's no point in doing that. :)

If you still have the log though, could you post it to me (if this is caused by a bug in the tool then the author needs to know about it).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 AstroIROC

AstroIROC
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Martinsburg, WV
  • Local time:09:05 AM

Posted 20 July 2012 - 07:34 AM

sorry don't have the log.
I am hungry for knowledge

#12 ewaldron0

ewaldron0

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 02 August 2012 - 06:28 PM

I tried to do the system restore and it didn't work. So I am trying what Elise said to do. I will post the log to elise after I am done. I'll let you know the outcome.

#13 ewaldron0

ewaldron0

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 02 August 2012 - 06:48 PM

Does this work on Windows 7 Pro as well?

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:05 PM

Posted 03 August 2012 - 02:41 AM

Hi ewaldron0, if you need help with this issue, please start a separate topic. Do not post in other member's topic about your own problems; not only is this considered rude, it also will cause confusion.
To answer your question, the steps should work on windows 7 as well.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users