Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Crime Complaint Center Virus


  • This topic is locked This topic is locked
9 replies to this topic

#1 etdigger

etdigger

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 23 December 2012 - 01:31 PM

Got Internet Crime Complaint Center Virus went to safemode with networking . ran malyware and spybot . rebooted Internet Crime Complaint Center Virus still on screen . Know I can't start in safe mode . all available answers say to start in safemode which I can no longer do . Help

Edited by bloopie, 23 December 2012 - 02:30 PM.
Mod Edit: Moved from Vista to AII. ~bloopie


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:46 AM

Posted 23 December 2012 - 02:31 PM

Reference: http://www.bleepingcomputer.com/virus-removal/remove-fbi-anti-piracy-warning-ransomware

Louis

#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:46 AM

Posted 23 December 2012 - 02:42 PM

Hi etdigger, and welcome to Bleeping Computer! :thumbsup:

Could you please tell me if you're running Windows Vista 32 or 64-bit?

==========

If you cannot access safemode with the link above from hamluis, then please try these steps from normal mode.

Let's see if Rkill can stop the processes to subsequently remove the infection:

Step :step1:

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, or you will need to run the application again.

==========

Step :step2:

Run RogueKiller

Download RogueKiller from here or here and save it to your desktop.

  • Close all programs and disconnect any USB or external drives before running the tool.
  • Right-click RogueKiller.exe and select Run as Administrator.
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", click Delete.
  • When the Status box shows "Deleting Finished", click Report and then copy and paste the log in your next reply.
  • The log can also be found at RKreport[1].txt on your desktop.

==========

In your next reply, please include the following:

  • The Rkill log
  • The RogueKiller log
bloopie

#4 misterbob

misterbob

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 26 December 2012 - 01:12 AM

Well, @*%# me if this ain't one nasty piece of malware! To put that another way, I've actually been around the block a few times and so I'm somewhat embarrassed to say it nevertheless took me several hours to beat this one :( If you've got a recently modified version of this beast and it's jacking all of your safe modes, you're gonna need to create an AV repair disk (remember those?). There are a few of them out there, obviously, but here's a reasonably good how-to link:

http://www.pcrisk.com/computer-technician-blog/general-information/6775-how-to-boot-your-computer-using-a-rescue-disk

This process should work for you but please note...the instructions as listed are just bit off when it comes to the "WindowsUnlocker utility". You cannot just "Click the start button at the bottom left corner of the Kaspersky Rescue Disk main screen" and "Select and run the Kaspersky WindowsUnlocker utility".

Instead, you must click the "start" button, as indicated in the article - i.e. Kaspersky's conceptual equivalent of the standard Windows "start" icon logo in Windows 7 located, as you'd suspect, in the lower left corner of the Kaspersky GUI - and then select the "terminal" option from the menu. Once the terminal option is running, in the command dialog prompt enter the command "windowsunlocker" and press Enter on the keyboard. Next, select option 1 – Unblock Windows - and you should be good to go in terms of Kasperky's version of a registry cleaner. Beyond this minor detail, the instructions as listed should get you where you need to go. Once you do get control of your system back, however, as suggested in the article please do run RKILL, MAM, and SAS, (or their equivalents) as well as a standard registry cleaner, if you have them...

One final point...among other things, this damnable piece of shyte took over my webcam upon initial infection as well. Point being, it apparently jacked up the webcam's driver and, even after the infection was cleaned, my normal boot time - post cleaning - was still 4-5X the normal boot time! Net net, I had to uninstall the webcam, remove the Logitech software, and reinstall both the device and the software (i.e. drivers) in order to get back to a normal boot process. Like I said at the start...one NASTY piece of malware!! On Xmas day, no less. I'm a bit of a Pacifist at heart but...wouldn't mind one day running into the obnoxious Jokers who spend their meaningless and pathetically useless days and nights coding up this idiotic...........Stuff!!

Edited by misterbob, 26 December 2012 - 01:16 AM.


#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:46 AM

Posted 26 December 2012 - 12:48 PM

Hi misterbob,

Burning a bootable disk is one option, but that would be my last resort.

My next instructions would be to check if you have the System Recovery Options (tap F8 on startup select Advanced Boot Options and see if the "Repair your computer" option is present).

It's always worth a try with easier instructions first as creating bootable CD's can be a pain.

Using the "Repair Your Computer" option will not require a bootable disk for cleaning this infection if you have the option from the Advanced Boot Options menu. It will only require the use of another computer and a USB device.

Also, the use of any registry cleaners is not recommended as they can cause the machine to become unbootable while you may not even notice any system improvement from it's use. The risk far outweighs the improbable reward.

bloopie

#6 misterbob

misterbob

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 26 December 2012 - 03:54 PM

Hi bloopie,

Can you clarify your comment regarding "It will only require the use of another computer and a USB device." if you try the "repair your computer" option before going to a more complicated option such as a bootable disc? In terms of repairing your computer via this option, I know you can load a previously created image, try a system restore, etc., but what option would allow you to use another computer and a USB device to attempt the repair via Advance Boot Options/Repair Your Computer?? Just curious...

Regardless, I take your point in terms of the preference for easier instructions. In my case, I don't have an image and system restore did not work so I moved on to the bootable disc as I was unaware of any other options at that point. On the topic of registry cleaners, let us politely agree to disagree :)

Cyfi6, yes that option will not work for you if you are unable to bypass the malware in safe mode. Apparently, earlier versions of this thing did not effect safe mode and so a lot of the existing repair options make reference to booting in safe mode as part of the solution. If the infection is on a disk in your laptop, I would think you could connect it to a desktop via USB and clean it that way but...I'll let bloopie weigh in on that with, perhaps, a more definitive answer...

MB

#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:46 AM

Posted 26 December 2012 - 04:29 PM

Hello,

These would be the next steps...it requires getting to a command prompt from System Recovery Options:
(A tool will first be saved onto the flashdrive done from another computer)

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========

From here we would have the great tool by Farbar (FRST) run on the flashdrive from the command prompt to create a log which we cannot post in this forum and that's why I haven't suggested it just yet. Then I would compose a text file to be saved on the flashdrive which the FRST tool will use to remove the infection.

If the need arises, I will move the topic to the Logs forum to continue assisting. Make sense?

And about registry cleaners...agree to disagree indeed. We just do not recommend it here at BC, that's all. On your own you may use whatever you choose...it's your computer. :)

bloopie

#8 Fonkybeachbum

Fonkybeachbum

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 30 December 2012 - 08:54 AM

I could not access a windows xp laptop through safe mode or any other means that had this virus.

1) I burnt a Kaspersky rescue disc 10, https://support.kaspersky.com/viruses/rescuedisk
2) booted the laptop with the CD/DVD with the computer connected with an ethernet cable
3) updated the Kaspersky virus definitions
4) ran the scan with everything checked (took about 6 hours)
5) after that i was able to access the computer, so i started in safe mode with networking and installed mawarebytes, updated, and scanned.
6) after restart i made sure virus protection (AVG free2013) was up to date and scanned.

Everything is fine. The kaspersky rescue disc was awesome. Just make sure to be patient with it.
Good luck!

#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:46 AM

Posted 30 December 2012 - 11:47 AM

Windows XP just doesn't have the options that Vista/7 do as I mentioned. If safemode is not accessible with XP, then you will need the use of some kind of a boot disk.

And yes, one automated tool is the Kaspersky Rescue Disk as described above. There are other tools to use as well if you don't manually remove this infection as I personally prefer.

bloopie

#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:46 AM

Posted 14 January 2013 - 05:57 PM

To avoid confusion, I'm closing this topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users