Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Self-replicating Virus is attacking my computer after I removed the FBI Virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 SuperInfected

SuperInfected

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 30 April 2013 - 06:48 PM

A few months ago I was attacked with the FBI Virus which completely shut down my computer. It edited my registry keys, disabling my ability to edit registry keys and disabling task manager. Finally I was able to remove it (as far as I know) by installing and running Malwarebytes in safemode and manually removing some files.

 

Now, however, every time I log on to my computer I am assaulted with obviously malicious download prompts popping up on my screen. (Run, Save, Cancel) They have generic names and I am not activating them in any way.

 

There is a file named 'Fysyucdy' under Computer>Users>[Username]>Appdata>Roaming>Fysyucdy. Inside this folder is an executable file labled 'fanioqm' and supposedly it is by 'oPerA sOFTwaRe'. This 'Fanioqm' exe file is constantly running in my task manager in multiple instances (5-6). If I end the task, it disapears and comes back a moment later, sometimes with more instances of the same file.

 

Trying to delete the 'fanioqm' file or 'Fysyucdy' folder gives me the error message "You do not have permission to perform this action." I WAS able to delete them both at once by ending the tasks in my task manager and then quickly deleting the files, which worked, but they reappeared in the same place a moment later.

 

Any help would be appreciated. My PC seems to be pretty badly infected. I am running Vista Home Premium, and the computer is a couple years old.


Edited by SuperInfected, 30 April 2013 - 06:50 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:33 PM

Posted 30 April 2013 - 07:07 PM

Since you removed a difficult virus it is best to repost and get a deeper look.

Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 arbrep

arbrep

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 01 May 2013 - 11:03 PM

I too am seeing multiple instances of this problem popping up after removal of the FBI virus a few weeks back.  The process running on my computer is kydyka.exe and is buried in the Application Data folder with a program labeled oPerA software.   I can get RKill to stop it and remove it manually in Safe Mode, but it recovers itself and includes a link redirector as well as causing multiple duplication of other windows processes.  ComboFix couldn't fix it or Malware Bytes.  My computer is XP SP3.

 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:33 PM

Posted 01 May 2013 - 11:14 PM

@ arbrep

do the Prep guide in post 2 include the ComboFix log you have.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:33 PM

Posted 02 May 2013 - 05:46 AM

To prevent confusion,,,since this topic involves malware situations that are best handled in the MRL forum...this topic is now closed.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users