Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Malware


  • Please log in to reply
7 replies to this topic

#1 kaplang

kaplang

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 27 April 2013 - 08:39 AM

I have read your automated removal instructions for the FBI malware.  Unfortunately, after logging into Windows regularly or in safe mode, the ransomware takes up the entire screen and I am unable  to get to IE/Foxfire/Chrome to download the Emisoft removal tool.  Attempting to run task manager from the start bar or ctl-alt-del (to go to a browser) does not work.

Help!!!

 



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:25 PM

Posted 27 April 2013 - 02:24 PM

I'll report this topic to appropriate helpers.

Hold on there....


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 PM

Posted 27 April 2013 - 02:27 PM

Hi kaplang,

 

My name is etavares and I'll be helping you with this thread.

Two things...if you unplug the internet then boot the computer does the ransomware screen pop up?

 

Also, what version of Windows are you running on the infected computer?

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 kaplang

kaplang
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 27 April 2013 - 05:37 PM

Windows XP Pro, not sure of sp version.

Do not have access to computer until Monday.  Will reply at that time.

 



#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 PM

Posted 28 April 2013 - 05:29 AM

Hello, kaplang.
 
Sounds good.  First, while the computer is off unplug the network cable (or turn off wireless networking via the hardware switch as soon as you turn it on if it uses wireless). then boot the computer.  Some variants won't load if there is no network connection.  If that works, STOP here and let me know you can access the computer and I'll provide new instructions.
 
If that doesn't work, please try this.  You will need a blank USB drive.
 
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB.  If that doesn't work, let me know.  Booting from USBs is different depending on your BIOS.
  • Follow the prompts
  • Welcome to xPUD screen will appear
  • Click on File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see driver.sh.
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh -f
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

runctf.*

  • Press Enter
  • If succesful, the script will search this file.
  • After it has finished a report will be located in the USB drive as filefind.txt
 
 
Please note - all text entries are case sensitive
 
Copy and paste the filefind.txt for my review
 
etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 PM

Posted 10 May 2013 - 07:07 PM

Hi, do you still need help?



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 kaplang

kaplang
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 10 May 2013 - 09:30 PM

Sorry I did not get back to you. 
The guy I was helping decided to reformat.

 

Thanx!



#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 PM

Posted 11 May 2013 - 05:34 AM

Thanks for the update.  That's always the best plan if you have a backup.



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users