Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Infection


  • This topic is locked This topic is locked
59 replies to this topic

#1 Chiefsbro

Chiefsbro

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 10 December 2012 - 06:06 PM

EDIT: I moved you here,Virus, Trojan, Spyware, and Malware Removal Logs, so you can get the help you need.~~ boopme


Dear boopme,

I am experiencing the same issue as rick_murray. The virus will not allow my computer to open in safe mode. If I just let it boot up normally the FBI page pops up and I am unable to do anything else. I followed your steps using the recovery, but it has been so many years since I worked with DOS I had no success. I was wondering if you might be able to post some more detailed steps on what to do in recovery mode in order to get to safe mode. I learn best when one can tell me what to do step by step using screen shots. I kept typing comands that were not recognized by DOS. If I had some more detailed steps on this process I believe I can work my way through this. The folks at this site do great work and have been huge help to me in the past. Thanks for all your past and future assistance. If you need any further infmation or my description is unclear please let me know and I will try to explain things better. Thanks again.

Edited by boopme, 10 December 2012 - 06:47 PM.


BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:50 PM

Posted 11 December 2012 - 12:21 AM

Hello Chiefsbro,

My name is Cody and I'll be helping you clean up your computer.

I will reply as soon as possible (typically within 48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
    • It's simply easier for me to analyze logs in this format.
  • Provide feedback about your experience as we go.
    • Every post you make, please describe in detail how the computer is behaving. "The same" is not detailed enough. If you have any questions at any point, feel free to ask.

NOTE: When you post your reply, do not use the Posted Image button but use the Posted Image button instead.

In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#3 Chiefsbro

Chiefsbro
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 11 December 2012 - 08:06 AM

Cody,

Thanks for the quick response. I am looking forward to working with you on this. I don't think the virus is anything major. More anoying than anything else. I just need very detailed instructions on working in recovery to get done what I need to. I am very good at following detailed instructions. The computer I am having issues on is at home. This is my work laptop I am able to take it home in the evenings which is helpful since I am not able to do much with my home PC. I will wait for futher instructions from you. Please let me know if you need more details from me. Thanks.

Matt

#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:50 PM

Posted 12 December 2012 - 10:55 AM

Hello Chiefsbro,

What version of Windows do you have?

Also, do you have any of the following?

-Operating System installation CD

-Recovery CD

-Recovery Partition

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#5 Chiefsbro

Chiefsbro
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 12 December 2012 - 11:08 AM

We have Windows XP. I am not certain we have the Operating System Installation CD, but can check. I am almost 100% certain we have a recovery CD. I do not know what a recovery partition is. I can tell you when I start my computer and push the F8 key one of the options is to do a system recovery. Does that help? Will I still need one of these CD's to do what I need to do? If that is the case I will get what I need.

#6 Chiefsbro

Chiefsbro
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 12 December 2012 - 11:10 AM

Thanks for the continued support.

#7 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:50 PM

Posted 12 December 2012 - 03:56 PM

Hi Chiefsbro,

Thanks for the continued support.

You're welcome. :)

------------------------------

You're going to need a flash drive, a CD, and a working computer.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download shellfix.ndf and save it to your USB drive
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see shellfix.ndf that you downloaded there
  • Double-click on the shellfix.ndf and let it run
  • After it has finished a report will be located on your USB drive named shellfix.txt
  • Remove the USB drive and insert it back in your working computer and navigate to shellfix.txt

    Please note - all text entries are case sensitive
Copy and paste the shellfix.txt for my review.

Edited by TheShooter93, 12 December 2012 - 04:00 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#8 Chiefsbro

Chiefsbro
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 12 December 2012 - 04:00 PM

I am not following you. What prompt? What scan? You asked what version of windows I had. Not seeing where you told me to scan anything. Sorry if I am making this difficult.

#9 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:50 PM

Posted 12 December 2012 - 04:09 PM

I am not following you. What prompt? What scan? You asked what version of windows I had. Not seeing where you told me to scan anything. Sorry if I am making this difficult.

Please refresh the page. I accidentally posted a reply to another user on your thread. Your proper directions should appear now.

I apologize for the confusion.

Edited by TheShooter93, 12 December 2012 - 04:10 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#10 Chiefsbro

Chiefsbro
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 12 December 2012 - 04:17 PM

Ok. I will complete the steps you have listed. I work some long hours this time of year so it may be the weekend before I am able to perform these steps. It may be late Saturday or Sunday before you hear from me again. I just wanted to warn you it might be longer than 72 hours. Is that ok? Will this report show you what is wrong with my computer? Is it ok if I don't have a chance to do anything for awhile. Please let me know. Thanks again.

#11 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:50 PM

Posted 12 December 2012 - 04:20 PM

Hello chiefsbro,

It's OK if it's longer than 72 hours. I will post a reminder message here on Sunday which will require a response within 48 hours, even if it's just a response letting me know you need more time.

Thanks for letting me know.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#12 Chiefsbro

Chiefsbro
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 12 December 2012 - 04:24 PM

:blush: Thanks. I have to admit some of the your instructions are foreign to me. I am only a casual computer operator. Please be patient with me.

#13 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:50 PM

Posted 12 December 2012 - 04:45 PM

Hello Chiefsbro,

No worries, I'll walk you through it all.

If you have questions at any point, feel free to ask. :)

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#14 Chiefsbro

Chiefsbro
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 15 December 2012 - 11:20 AM

Cody,

I am going to need more time. I was trying to download these programs to my work laptop it is blocking the downloads. A friend from work is going to download the materials I need to the CD and flash drive and bring it to me to work on Monday. I will not be able to complete anything this weekend. Just wanted to let you know. Thanks.

#15 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:50 PM

Posted 15 December 2012 - 12:35 PM

Cody,

I am going to need more time. I was trying to download these programs to my work laptop it is blocking the downloads. A friend from work is going to download the materials I need to the CD and flash drive and bring it to me to work on Monday. I will not be able to complete anything this weekend. Just wanted to let you know. Thanks.

You may or may not have seen in my description that I'm going to be going on vacation until the 19th. I may or may not have internet access during that time, so go ahead and post the logs and continue with my last set of directions like normal. I will review them as soon as possible.

Also, thanks for letting me know that you won't be able to run anything this weekend.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users