Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI SCAM VIRUS XP


  • This topic is locked This topic is locked
10 replies to this topic

#1 vyperpunk

vyperpunk

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 25 May 2013 - 02:47 AM

I have an XP machine that is infected with the FBI SCAM virus. I have tried safemode, but it as been locked out (auto - restarts the system the sec it logs into safe mode.

I have tried booting with other OS's such as knoppix and Hirens. Knoppix won't excute any programs. And Hirens says its missing DLL files (several of them) so programs like malwarebytes won't run. Though they will install.

 

I have went into the registery and cleaned out all suspious programs running at start. by following tutorals online (which have you load a hive)

 

I also have been sccuessful in running Calmwin portable which found 14 different infections. Then using Hirens mini xp went through and manually deleted each entry. However, it contiunes to be infected and "locking" out the computer.

 

Any suggests in what else to do?

 

Thanks,


Edited by Orange Blossom, 25 May 2013 - 02:49 AM.
Moved to AII from XP. ~ OB


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:50 AM

Posted 25 May 2013 - 11:03 AM

I'll report this topic to appropriate helpers.

Hold on there....


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 vyperpunk

vyperpunk
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 26 May 2013 - 12:03 AM

Thank you, I have been sitting with this issue for a while.



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 27 May 2013 - 05:53 AM

Hi vyperpunk,

 

Do you have a spare USB flash drive we can use?

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 vyperpunk

vyperpunk
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 31 May 2013 - 03:58 PM

yes I do have a spare Flash drive

sorry it took a while to get back



#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 01 June 2013 - 05:37 AM

Hello, vyperpunk.
 
Try this please.  You will need a USB drive.
 
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB.  If that doesn't work, let me know.  Booting from USBs is different depending on your BIOS.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  •  
    Now, once we're there we need to find a shortcut.  First, find your windows drive by clicking File, then expand mnt.  Look through the drives...you'll see sda1, sda2, sdb1, etc...the third letter is each physical disk, the number is the partition on that disk.  Find your C:\ drive by looking for the folder structure.
     
    Go to:
    \mnt\sdXY\Documents and Settings\USER\Start Menu\Programs\Startup
     
    where sdXY is your C:\ drive, and USER is each individual user name...e.g. if there's more than one, check all.
     
    Look for any file in that folder, specifically msconfig.lnk or runctf.lnk.  Copy it by right-clicking on it and selecting Copy, then navigate to your flash drive (often sdb1, but may change depending on your hard drive setup), right click in the background and select Paste.  If your flash drive isn't shown, unplug it from the computer, wait 10 seconds, then plug it back in.  Wait another 10 seconds and it should show up under \mnt\.
     
    Please post the LNK files you find here as an attachment.
     
    -etavares

     

     
     
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #7 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:09:50 AM

    Posted 09 June 2013 - 06:19 AM

    Still there?



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #8 vyperpunk

    vyperpunk
    • Topic Starter

    • Members
    • 5 posts
    • OFFLINE
    •  
    • Local time:06:50 AM

    Posted 11 June 2013 - 09:33 PM

    Yea lost my log in information for a while. I finally figured it out some how. Thank you so much for the help tho.

    #9 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:09:50 AM

    Posted 12 June 2013 - 07:04 PM

    OK, please follow the instructions above and post the requested information.



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #10 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:09:50 AM

    Posted 20 June 2013 - 12:22 PM

    Due to the lack of feedback, this topic is now closed.

    In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

    Please include a link to your topic in the Private Message. Thank you.


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #11 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:09:50 AM

    Posted 20 June 2013 - 12:22 PM

    Due to the lack of feedback, this topic is now closed.

    In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

    Please include a link to your topic in the Private Message. Thank you.


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users