Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Green DOT virus


  • This topic is locked This topic is locked
5 replies to this topic

#1 Digital Valdosta

Digital Valdosta

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Valdosta, GA USA
  • Local time:02:47 PM

Posted 07 August 2012 - 09:01 AM

I was trying to add some info to this post but couldn't.

Anyways, I noticed that everyone included in that post had tried most of what we were trying today. However, noticed that the Bleeping Blonde had not suggested to run Safe Mode with Command Prompt. We were able to get in to that and then type 'explorer'. Then run Combofix, which found a Zero Access Rootkit. Will add more later.

=====================================

Edited by Orange Blossom, 17 August 2012 - 02:37 PM.
Removed link. ~ OB


BC AdBot (Login to Remove)

 


#2 Digital Valdosta

Digital Valdosta
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Valdosta, GA USA
  • Local time:02:47 PM

Posted 07 August 2012 - 02:15 PM

This does work!! Once Combofix has finished running I was able to reboot the system to normal mode and run scans with MalwareBytes, connect to the internet and other normal functionality.

Hope this helps someone out there. There appears to be another FBI virus out there that allows safe mode but in this case safe mode with command prompt was the savior.

Josh

Edited by Orange Blossom, 17 August 2012 - 02:37 PM.
Removed link. ~ OB


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:47 PM

Posted 07 August 2012 - 02:42 PM

As the user can boot in normal mode for a short time there is no need for that. The problem there is not resolved in Safe Mode with command prompt either, but I suspect it may have to do with the fact that the fix is not run from an account with Administrator privileges.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Digital Valdosta

Digital Valdosta
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Valdosta, GA USA
  • Local time:02:47 PM

Posted 08 August 2012 - 09:01 AM

Elise -

I assume that you are referring to the post that I couldn't reply to that I mentioned in my first post.

In our case, when booting normally or safe mode the use couldn't open anything including task manager and the run dialog. The only way around it was to what I had mentioned above. This appears to be a variant of that virus or possibly a newer release of what I had found in searching via google.

Thanks for responding :thumbup2:

========================================

Edited by Orange Blossom, 17 August 2012 - 02:37 PM.
Removed link. ~ OB


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:47 PM

Posted 08 August 2012 - 09:36 AM

It depends a bit on the variant you're dealing with and how far it was able to install (in some cases AVs will interfere and disable part of it).

Unrelated, please do not sign your posts using a link to your website; especially when you are a new user this can be considered spam. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:47 PM

Posted 16 August 2012 - 07:13 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users