Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Lockdown Virus without safe mode


  • This topic is locked This topic is locked
148 replies to this topic

#1 Jeff Roberts

Jeff Roberts

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 29 January 2013 - 10:52 AM

I have the FBI Lockdown virus. I cannot boot in safe mode. I was able to boot from a CD. I tried to run RKill, but it will not run when the computer is booted from a CD. I am using Windows XP. I think I can run OTL, but have not done so.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:57 PM

Posted 29 January 2013 - 03:41 PM

Hellop, have you tried with the disk in this guide? Remove the FBI MoneyPak Ransomware or the Reveton Trojan
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 semloh

semloh

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 29 January 2013 - 06:23 PM

I might be missing something, he says he can't boot in safe mode but it looks like this guide requires you to boot in safe mode? I don't see any disk in this guide

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:57 PM

Posted 29 January 2013 - 08:43 PM

Sorry,I meant the Kit..
Can you boot to normal mode?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Jeff Roberts

Jeff Roberts
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 30 January 2013 - 09:32 AM

I can't boot to normal mode. I tried to download Emsisoft (booting eith the disk), but I think the virus is blocking it. It downloaded 99% and then I got an error saying "There is not enough free disk space" when I know there is.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:57 PM

Posted 30 January 2013 - 09:37 AM

OK, not being able to boot means we need another to come here.I will post a request. You will need access to a PC and a Flash or CD drive.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Jeff Roberts

Jeff Roberts
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 30 January 2013 - 09:55 AM

OK - Thanks,

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 01 February 2013 - 08:33 AM

Hello, Jeff Roberts.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB. If that doesn't work, let me know. Booting from USBs is different depending on your BIOS.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located at sdb1 named enum.log
  • Plug that USB back into the clean computer and open it

Please note: If you have an ethernet connection you can access the internet by way of xPUD (Firefox). You can perform all these steps on your sick computer. When you download the download will reside in the Download folder. It can be found under the File tab also. You can similarly access our thread by way of this OS too so you can send the logs that way.

Please also note - all text entries are case sensitive

Copy and paste the enum.log for my review

etavares


EDIT: PS, I am moving this to the malware removal forum since you are infected and I'll need logs that aren't allowed in the Am I Infected? forum.

Edited by etavares, 01 February 2013 - 08:34 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 Jeff Roberts

Jeff Roberts
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 01 February 2013 - 10:46 AM

I am sorry but I am having trouble running this: http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe. Error says it is not a valid Win32 application. I was also havinng trouble downloading the other program. The sick computer IS connected to the internet - I booted it from a disk before I posted this. I can try to download directly to the sick computer, but I wasn't able to download Emsisoft.

Jeff

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 01 February 2013 - 11:35 AM

Hi Jeff-

Are you trying this from the sick computer or a clean, non-infected computer? If you get the error, try to download it again. It's working OK for me. The error can appear if it's a corrupted download.

What disk did you use to boot the sick computer? We might be able to use it, but I have to know what environment you're in. Is the "disk" a floppy disk, a USB flashdrive or a CD/DVD?

-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 Jeff Roberts

Jeff Roberts
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 01 February 2013 - 11:48 AM

I booted it from a DVD Reatogo-X-PE program. I get the same error on 2 different computers they are older models may 5 or 6 years old.

Jeff

#12 Jeff Roberts

Jeff Roberts
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 01 February 2013 - 11:51 AM

Just to clarify the computers with the errors are not infected.

Jeff

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 01 February 2013 - 01:24 PM

Hi Jeff Roberts-

Did you need your Windows CD to create the Reatogo-X-PE program? Or did you download one that was already full?

-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 Jeff Roberts

Jeff Roberts
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 01 February 2013 - 01:56 PM

I downloaded it from another computer to the CD.

Jeff

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 02 February 2013 - 06:51 AM

Hi Jeff-

Unfortunately we can't use it since that violates Microsoft's copyright. Why they have never provided a disk like that for free or gave permission to use them is beyond me. But, that means we can't use it here. If it did prompt you for your WIndows CD to create the disk, we could have used it.

Try these links for xPud...do you have the same issue with these?

http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe
http://soldat.gr/xpud/extras/unetbootin-xpud-windows-387.exe
ftp://ftp.dorm.ccu.edu.tw/pub/Linux/xPUD/USB-Tools/unetbootin-xpud-windows-387.exe
http://mesrss.free.fr/xpud/extras/unetbootin-xpud-windows-387.exe

If you still have errors, we'll try Ubuntu instead, but xPud is faster.

-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users