Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have an FBI virus


  • Please log in to reply
64 replies to this topic

#1 bigjimoo

bigjimoo

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 16 September 2012 - 12:44 PM

Hello,

I have been infected with an FBI virus that starts upon startup not allowing me to navigate unless in safe mode. I have tried to run a system restore out of safe mode and it will not work. My desktop icons are also gone and program files from the start menu. I have malwarebytes and mcaffe virus protection but these have not worked please help as I have a lot of files and info that I would like to keep, if that is not possible I would just like to be virus free.
Thanks in advance, and please help if you can.
Bigjimoo

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:10 AM

Posted 16 September 2012 - 12:52 PM

Boot into safemode with networking


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 bigjimoo

bigjimoo
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 16 September 2012 - 05:31 PM

I was unable to get the first two downloads to work, they downloaded but would not run. The third ran for awhile then stopped, but the fbi screen is no longer there. I am now being confronted with an error saying that the recycle bin on this drive is corrupted. Not really sure what to do next, really hope you can help.
Bigjimoo

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:10 AM

Posted 16 September 2012 - 05:36 PM

Download Listparts from here

For 32 bit

List parts 32

For 64 bit

List parts 64

Launch it,click on SCAN,post the log

#5 bigjimoo

bigjimoo
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 16 September 2012 - 08:50 PM

Here is the log:
ListParts by Farbar Version: 15-09-2012
Ran by Jim (administrator) on 16-09-2012 at 21:46:42
Windows Vista (X86)
Running From: C:\Users\Jim\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 52%
Total physical RAM: 1981.76 MB
Available physical RAM: 950.93 MB
Total Pagefile: 4210 MB
Available Pagefile: 2908.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.88 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:45.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB
Partition 2 Primary 1040 KB 466 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 466 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

======================================================================================================

****** End Of Log ******

I did not click fix, didnt know if i was supposed to or not.
Thanks Bigjimoo.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:10 AM

Posted 16 September 2012 - 08:59 PM

.

Edited by narenxp, 16 September 2012 - 09:24 PM.


#7 bigjimoo

bigjimoo
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 16 September 2012 - 09:20 PM

I downloaded Root repeal and when i try to run it i get this error:
Could not load driver (0x0000001)!

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:10 AM

Posted 16 September 2012 - 09:21 PM

Rename it to test.com and launch it

#9 bigjimoo

bigjimoo
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 16 September 2012 - 09:23 PM

Same thing happened.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:10 AM

Posted 16 September 2012 - 09:26 PM

Restart the PC

Press F8 on bootup

Select REPAIR YOUR COMPUTER

Click on REPAIR

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Can you get to this screen?

If yes

Select command prompt and run these commands

diskpart
select disk 0
select partition 1
active


Now restart the PC and run TDSSkiller again

Edited by narenxp, 16 September 2012 - 09:32 PM.


#11 bigjimoo

bigjimoo
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 16 September 2012 - 09:39 PM

When i pressed f8 on boot it takes me to the advanced boot menu with safe mode, safe mode with networking...etc, Do not see repair anywhere.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:10 AM

Posted 16 September 2012 - 09:41 PM

Do you have your vista DVD?

Can you insert and do the instructions again.

Press any key when asked at bootup

#13 bigjimoo

bigjimoo
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 16 September 2012 - 09:45 PM

I am sorry, I do nt have the vista dvd or cd rom. I do see safe mode with coommand prompt.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:10 AM

Posted 16 September 2012 - 09:49 PM

Restart the PC and try to run latest version of TDSSkiller

Edited by narenxp, 27 October 2012 - 07:01 PM.


#15 bigjimoo

bigjimoo
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 16 September 2012 - 10:15 PM

It detected 1 item called: 6a12d6eac473ac8a ( LockedService.Multi.Generic )
Do I remove this?

Edited by bigjimoo, 16 September 2012 - 10:22 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users