Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware, FBI Notification


  • Please log in to reply
14 replies to this topic

#1 JcbsDa

JcbsDa

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 24 March 2013 - 10:05 AM

Mod Edit:  Split from http://www.bleepingcomputer.com/forums/t/467768/blank-white-screen/#entry3010976 - Hamluis.

 

Hello-

I have the same problem as Joe, but I believe my problem is a result of a virus.  An "FBI Notfication" appeared just before the screen went to white the first time.

I have also been trying to manually reboot, several times, hoping to open Malware bytes from the desktop that appears for about 2 seconds before it goes to white.   And as with Joe's problem, upon forced shut down, I see my full desktop beore the computer turns off with Malware Bytes asking me if I want to update. 

Also, as with Joe, I am not able to open in safe mode.

I would be very appreciative of some assistance.  Should I run a repair install?

Thank you!

JcbsDa


Edited by hamluis, 24 March 2013 - 03:26 PM.
PM sent new OP - Hamluis.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:52 AM

Posted 24 March 2013 - 08:33 PM

Hi JcbsDa.


Are you able to start Task Manager? (Ctrl+Alt+Del)

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 JcbsDa

JcbsDa
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 24 March 2013 - 09:58 PM

 

Louis--Thank you for responding.  Everyone at BC has been incredible about helping novices like me.
I think that you may have also responded to my question I sent out earlier regarding my inability to start in safe mode.  As you can see, I have not been able to find the time to tell you more about it, and it almost got me into a lot of problems, as this most recent trojan has proved.  WIthout the ability to go to safe mode, I was unable to start Malware Bytes.  I am very fortuante in that after starting and restarting multiple, multiple times, I was finally able to start malware bytes.  Here are the two trojans it cleaned:
 
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.21.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Owner :: VALUED-C443F67D [administrator]
3/24/2013 2:26:03 PM
mbam-log-2013-03-24 (14-26-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228084
Time elapsed: 33 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Documents and Settings\Owner\Application Data\skype.dat -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Documents and Settings\Owner\Application Data\skype.dat (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
===================================
 
After running both Malware bytes and MSE, both are clear and I seem to have full use of my computer.

I have not started that computer on the internet yet, however, because I'm not sure if the virus will come back if I do.  Do you have any suggestions?
 
Thanks again! JcbsDa 


#4 JcbsDa

JcbsDa
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 24 March 2013 - 11:26 PM

Hello Blade-

No, I was not able to open the task manager when the screen was white.  As I mentioned above, I think it was just good fortune that allowed me to open Malware Bytes.  I think I now need to address how to get my computer to open in Safe Mode, which it still won't do...or to check if there is any lingering effects due to these Trojans.

Thank you for your email!

JcbsDa



#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:52 AM

Posted 25 March 2013 - 02:29 AM

Hello.

What happens exactly when you try to boot to safe mode?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 bigtrav

bigtrav

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 25 March 2013 - 04:11 AM

I can tell you what happens when he goes to safemode.  It shows the blue Welcome Screen...  then it shows the black SAFEMODE screen for about 1 second...  then it shows the blue Logging Off Screen, then it slowly shuts off. 


Edited by bigtrav, 25 March 2013 - 04:30 AM.


#7 JcbsDa

JcbsDa
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 25 March 2013 - 09:42 PM

Actually bigtrav that's not what happens.

 

1.  When I restart, the Bios screen comes up, goes to black.

 

2.  The next screen comes up.  It states:

 

"Loading Operating System...

Boot from CD/DVD:"

 

This screen disappears almost immediately and the next screen comes up:

 

"Select the Operating System to Start: 

     Microsoft Windows Recovery Console

     do not select this (debugger enabled)

 

Use the up and down arrow keys to move the highlight to your choice.

Press ENTER to continue.

Seconds until highlighted choice will be started automatically: 1

 

For troubleshooting and advanced startup options for Windows, press F8."

 

I have tried pressing F8, this doesn't have any effect. 

 

3.  This screen goes away very quickly and then the system then opens to the XP welcome screen that leads to the desktop.

 

I have tried holding down F8 at each point during startup.  I am not able to get any screen that allows me to choose any form of Safe Mode.

 

Thank you for your help and suggestions!  JcbsDa


Edited by JcbsDa, 25 March 2013 - 10:28 PM.


#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:52 AM

Posted 25 March 2013 - 10:09 PM

Hello.

It looks like part of your reply got cut off.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 JcbsDa

JcbsDa
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 25 March 2013 - 10:39 PM

Hi Blade-

I edited and added to my original reply from 9:42.  Thanks!



#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:52 AM

Posted 25 March 2013 - 10:53 PM

Okay. . . have you tried hitting F8 in between the "Select the Operating System to Start: " screen and the XP Welcome screen?

Just making sure we're on the same page.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#11 JcbsDa

JcbsDa
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 26 March 2013 - 09:12 PM

No....it does nothing.  I have tried pressing and holding throughout, pressing every 1/2 second, pressing very quickly and have tried it throughout the startup process.  It doesn't seem to be working.

Thank you-



#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:52 AM

Posted 28 March 2013 - 12:02 AM

Hello,

Since you're coming out of a rather serious infection, the first order of business is to ensure that you're completely clean.

Please follow the instructions in This Guide starting at Step 6.

Once the proper logs are created, then make a NEW TOPIC and post it HERE Please include a description of your computer issues and what you have done to try to resolve them. Additionally, please link to this thread so that your helper can see a history of the issue.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#13 JcbsDa

JcbsDa
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 30 March 2013 - 01:08 PM

Thank you Blade.  I will attempt this when I return from out of town.  It may not be until Monday the 1st of April.

I'm not sure which infection you are referring to above.  I had another infection Gringo helped me with back in November 2012 which was very bad.  But even before that infection took over my computer, I was unable to gain access to Safe Mode.  In other words, I have not been able to access safe mode since July 2012, if not before. 



#14 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:52 AM

Posted 30 March 2013 - 09:16 PM

The infection I am referring to is the FBI notification you mentioned in your original post. While it's been disabled there are likely still remnants floating about that need to be cleaned up. The MRT will be able to use their tools to get a good read on any stragglers.

In other words, I have not been able to access safe mode since July 2012, if not before.

I didn't know that. It's still a good idea for you to get cleared as all clean first just to rule out any complications. Your helper may ask you in the end to repost in the XP forum after you're finished with the removal process in the event that malware does not end up being an obvious cause. I know it probably seems like you're getting run around but it's a process.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#15 JcbsDa

JcbsDa
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 31 March 2013 - 10:39 PM

No-no-no....I don't feel that way at all.  I just want to give you as much information as possible so you know what's been happening and to help make the solution as easy as possible.  I really appreciate all the advice from everyone that's helped me!

Thanks very much Blade--

JcbsDa






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users