Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Crime Complaint Center virus


  • Please log in to reply
5 replies to this topic

#1 kirbyairride

kirbyairride

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 14 January 2013 - 11:30 AM

My computer is locked down by a screen claiming to be the Internet Crime Complaint Center. It says to remove the screen I have to pay a fine. In normal mode I can't do anything including opening task manager. I am using windows 7. I am able to start in Safe Mode and I also have the Repair Your Computer option. I am finding conflicting information on what to do after either of these options so I need someone to please help me to remove this virus. Thanks.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:58 PM

Posted 14 January 2013 - 11:39 AM

Boot into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 kirbyairride

kirbyairride
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 14 January 2013 - 02:02 PM

TDSSkiller:
10:50:09.0450 0968 Scan finished
10:50:09.0450 0968 ============================================================
10:50:09.0466 1036 Detected object count: 0
10:50:09.0466 1036 Actual detected object count: 0
10:51:49.0140 2044 Deinitialize success

aswMBR:
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-14 11:04:14
-----------------------------
11:04:14.771 OS Version: Windows x64 6.1.7601 Service Pack 1
11:04:14.771 Number of processors: 2 586 0x2A07
11:04:14.771 ComputerName: KEVIN-HP UserName: Kevin
11:04:14.856 Initialze error 1 Incorrect function.
11:08:02.422 AVAST engine defs: 13011401
11:09:34.601 The log file has been saved successfully to "C:\Users\Kevin\Desktop\aswMBR.txt"

ESET:
C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\1924a33d-1cfc73b9 a variant of Java/Exploit.Agent.NEL trojan deleted - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:58 PM

Posted 14 January 2013 - 06:47 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#5 kirbyairride

kirbyairride
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 15 January 2013 - 08:03 PM

Here's the malwarebytes log. I was already able to fix the problem by manually deleting the virus in regedit and then doing a system restore. I haven't had any more problems and everything is running at a good speed but I'm very interested in doing a sweep of the whole computer if you think it's necessary. I didn't do autorun yet since I actually don't have winzip on this computer and I didn't want to pay the $30 just to unzip one thing. But if you still think it's necessary I'll take your advice and do it. Just let me know. And thanks for your help.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.15.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kevin :: KEVIN-HP [administrator]

Protection: Enabled

1/15/2013 10:38:03 AM
mbam-log-2013-01-15 (10-38-03).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 380391
Time elapsed: 42 minute(s), 10 second(s)

Memory Processes Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 1796 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot.

(end)

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:58 PM

Posted 15 January 2013 - 09:51 PM

If everything looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users