Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PLEASE help. FBI screen $200 virus


  • This topic is locked This topic is locked
27 replies to this topic

#1 cy31

cy31

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 02 August 2012 - 02:12 PM

I am new to this forum and I sincerely appreciate all the help and advice I can get!! :)
I am a novice, and don't understand some basic things like even how to access and post some these "logs" that everyone is doing.....so when I was trying to read up and learn what I could do to fix my problem, I couldn't quite get started.

I have a virus or malware where everytime I start my laptop, a white screen comes up saying "Loading in 30 seconds", then the "FBI Moneypack $200" scam comes up.
My REAL PROBLEM is that it also comes up in SAFE MODE or SAFE MODE with networking!!! I have no clue what to do!! Please please please help me!!

I can access safe mode command prompt, but have never had to do that before, so don't really know what I am doing on that page.
I have used your site before and HAD programs like Mbam, and Rkill on there already (but can not get to it :(

I have a Windows 7 Home Premium system32

Thank you so much in advance for any help. You guys have an awesome site, and awesome forum here. You should be commended (while idiots that send these viruses should be punched in the face!...lol)

BC AdBot (Login to Remove)

 


#2 cy31

cy31
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 02 August 2012 - 02:19 PM

Side note: I recieved this virus AFTER I was cleaning out the system for a virus called "security shield".....where it acted like everything was wiped and I couldn't see anything. I tried system restore point, but it came back. Then I used your forum for help, ran Rkill, and Mbam.......and then got rid of it. I ran a "unhide" program to get all my hidden files and programs back, and this FBI screen popped up. IT went away at the time, but now this morning it is permanently locked in there on normal log in, and safe mode log in

#3 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,992 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:08 PM

Posted 02 August 2012 - 03:48 PM

Hi,

What antivirus program do you have installed?

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#4 cy31

cy31
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 03 August 2012 - 08:36 AM

I had an older version of mcaffee and malwarebytes and rkill installed as well

#5 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,992 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:08 PM

Posted 03 August 2012 - 08:46 AM

I had an older version of mcaffee and malwarebytes and rkill installed as well


Ok, I would recommend downloading Windows Defender Offline get the 32-bit version and run it on a clean computer to create a bootable USB flash disk or a bootable CD/DVD if you don't know if the infected computer can boot from USB.

Boot the infected computer with the flash drive or CD/DVD and let it scan and clean all the malware it finds.

If you need help doing this tasks please ask, i will try my best to help you.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:08 PM

Posted 03 August 2012 - 08:48 AM

I can access safe mode command prompt,


In the command prompt

Type msconfig and press ENTER

Checkmark Selective startup

Uncheck LOAD STARTUP ITEMS

Click ok

Restart the PC into safemode.Do you still get the POPUP screen?

#7 cy31

cy31
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 03 August 2012 - 10:03 AM

Thanks so much for the replies. Sorry to just get back.....i have to periodically check on my phone or when the clean desktop is open for use.

Narenxp: i tried that process just now, and the hostage fbi white page still comes up in safe mode

Rui: i am working on your process now. Do i need a cd or will a usb be fine? Also, when i boot up with the usb in, how to i make sure that it loads from the usb? F12?

#8 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,992 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:08 PM

Posted 03 August 2012 - 11:09 AM

Rui: i am working on your process now. Do i need a cd or will a usb be fine? Also, when i boot up with the usb in, how to i make sure that it loads from the usb? F12?


Usb flash drive is fine but you must know if the infected computer can boot from USB, most recent computer will do. Every machine is different but if you know F12 will open the boot menu to choose from CD, HDD, etc then it should give also one option to boot from USB device.

Edited by Rui Paz, 03 August 2012 - 11:09 AM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#9 cy31

cy31
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 03 August 2012 - 11:13 AM

Rui: i tried to put the windows defender offline program on a disc AND a usb. USB kept saying "missing operating system", so I tried the CD disc, and it prompted me to log in with either safe mode, safe with networking, and safe command prompt. Again, the only thing I can do WITHOUT the fbi white page coming up is safe with command prompt. I got stuck there

#10 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,992 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:08 PM

Posted 03 August 2012 - 11:18 AM

Rui: i tried to put the windows defender offline program on a disc AND a usb. USB kept saying "missing operating system", so I tried the CD disc, and it prompted me to log in with either safe mode, safe with networking, and safe command prompt. Again, the only thing I can do WITHOUT the fbi white page coming up is safe with command prompt. I got stuck there


You need to run the exe and follow the directions to "build the USB".

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#11 cy31

cy31
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 03 August 2012 - 11:45 AM

So disc is a no go? Run the exe (windows defender) on the clean computer first?? When I get that done and go back to the infected cpu, and it asks me to go into safe mode command prompt, what do I type in there to run?

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:08 PM

Posted 03 August 2012 - 12:50 PM

cy31

We have other easy way to remove this one.Let me ask a malware response team member to assist you.Until then do not mess up things :)

g00d luck

#13 cy31

cy31
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 03 August 2012 - 01:09 PM

Narenxp

Ok, I will just hang back till i hear from you all. :) Thanks so much!!! I leave out of town tonight, where I will have the infected laptop with me, but am not sure I will have a clean desktop to work from. I will try though, and will always check the forum from my phone!!!

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:08 PM

Posted 03 August 2012 - 01:10 PM

:thumbup2:

#15 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,992 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:08 PM

Posted 03 August 2012 - 03:32 PM

So disc is a no go? Run the exe (windows defender) on the clean computer first?? When I get that done and go back to the infected cpu, and it asks me to go into safe mode command prompt, what do I type in there to run?


After installing Windows Defender off-line you need to run the program for the tool start downloading all the needed files to create a antivirus rescue disk. You can choose to burn the rescue disk to CD or use a USB flash drive (recommended).
After creating the rescue disk, you need to boot the infected machine using the CD or USB flash created, a Windows PE will start and run Windows Defender Offline using this you can scan and clean all the malware it finds on the infected system.

Despite its name this is in fact very very similar to Microsoft Security Essentials (share the same virus definitions) running from a live CD that is able to access the windows installation on the disk, including the registry...

Edited by Rui Paz, 03 August 2012 - 03:40 PM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users