Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI ransom malware


  • This topic is locked This topic is locked
160 replies to this topic

#1 MadHatter63

MadHatter63

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 21 November 2013 - 03:21 PM

Hello,
 
I have this infection and I cant seem to get rid of it using a couple of the guides posted here.
 
I have run Rkill and then malwarebytes, but the virus is still there upon reboot.
 
I can access the internet after I run Rkill and malwarebytes in safe mode and then reboot and start in safe mode with networking.
 
I tried to download spyhunter4 in safe mode, but I keep getting the message "Admin has not given you permission to perform this action" (or something like that).
 
When I start in safe mode there are no desktop icons, but I am able to access and run programs thru task manager.
 
When I start in safe mode with networking, the screen gets locked with virus FBI page.
 
Could use a little help.
 
Thanks in advance..
 
Michael
 
edit: sp

Edit: Moved topic from Windows XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:43 AM

Posted 21 November 2013 - 04:53 PM

I tried to download spyhunter4 in safe mode

Please note that this program claims much and delivers almost nothing. Uninstall it if you can.
We get many people now asking how to Remove that program, as it often hinders rather than helps.

 

Hello Hatter -

As there are a few  versions of this (F.B.I.) infection, please start here => .........

Please read this linked topic from the On-site tutorials, and then tell me if this is the same infection that you have, and if these removal methods will help you - Remove FBI Ransom malware guide.

 

Post back if this is not the "same version" as your infection, or you still have problems.

 

Thank You -



#3 MadHatter63

MadHatter63
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 21 November 2013 - 09:47 PM

 

I tried to download spyhunter4 in safe mode

Please note that this program claims much and delivers almost nothing. Uninstall it if you can.
We get many people now asking how to Remove that program, as it often hinders rather than helps.

 

I never got it to install, but did call the 1-888 number show on their website for 24/7 tech support.  They remoted into my PC and showed me the "Event log" or something and told me that softweare wasnt going to help.   To either bring it to Best Buy (or similar) or pay then $220 on the spot for them to remove it "instantly".   Seemed to me they were part of the scam, meh.

 

Ok, regarding the version of the FBI infection,  I have the child porn one, asking for $450 moneypak payment.   Beyond that, I can only assume they are the same infection.

 

Is downloading Hitman to a USB drive the only way to remove this infection?

 

-M

 



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:43 AM

Posted 21 November 2013 - 11:47 PM

They remoted into my PC and showed me the "Event log" or something and told me that softweare wasnt going to help.   To either bring it to Best Buy (or similar) or pay then $220 on the spot for them to remove it "instantly".

 I can show you 20 Event Log errors that are all useless -

 

Seemed to me they were part of the scam, meh.

I was not going to directly call them a scam, but I will not disagree with you.

Try and delete all links to their program.

Here are several versions of The FBI Child Porn infection linked below .....

 

Is downloading Hitman to a USB drive the only way to remove this infection?

It is the better version to repair your problem and I found more Child Porn link versions -
Prism/NSA/Internet surveillance ransomware
Accd fisa Protection Program (Just Updated)
the FBI states child pornography was detected on your computer.

 

All of the above are similar, but if you need more personal directions, I can link you to the Experts area, where they will take you step by step if needed.

We do not Remote your system, (or demand $200 for repairs), but we will personally walk you through the steps, till your computer is clean -

Have a quick read of them, and then tell me if you would prefer personal (free) help.

 

You can "Buy a Beer / Coffee" for your volunteer helper by PayPal, (but only if you wish to do so).

 

Let me know how you want to go -

 

Thank You -


Edited by noknojon, 21 November 2013 - 11:48 PM.


#5 MadHatter63

MadHatter63
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 22 November 2013 - 08:02 AM

The infection I have most closely resembles the 3rd one.

 

https://www.google.com/url?q=http://www.bleepingcomputer.com/virus-removal/remove-your-computer-has-been-locked-ransomware&sa=U&ei=1NiOUuLvCoae2QW9uIGIBQ&ved=0CA0QFjAE&client=internal-uds-cse&usg=AFQjCNGy_h4QLjRsu3VBtjrOczXy43hPgQ

 

I say this, because it looks nothing like the other two.

 

Well, if the only way to remove this is with a USB drive, then I think I can follow the directions well enough.   I'll post back if I run into problems.

 

One question thought, when I download Hitman to desktop, is that on this infected PC or on another PC that is clean.

 

-M



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:43 AM

Posted 22 November 2013 - 03:18 PM

Hi -

You need to get the download it to a Clean computer first, then you use the USB Flash Drive on the Infected computer. This is the best way to "transfer a program".

 

From memory these passages are items #6 and #7 in the repair guide -

I have these saved, but in a slightly changed format to the Print-out / repair copy.

......................................................................

You will now be presented with an alert stating that the USB flash drive will be erased. If you wish to proceed, click on the Yes button. Otherwise, click on the No button to cancel this process. Once you click on the Yes button, the program will begin to download the necessary files and will then install them on the USB Drive. When it has finished you can then click on the Close button to close the HitmanPro program.
..................................................................

Now remove the Kickstart USB drive . and insert it into the infected computer .
.................................................................

If you can, print the guide, or fully read it prior to starting. It will then all make sense.

 

As always, remember that I am relying on the feed-back from you to pick certain bits of information, or if I should add any other information that you are not sure on. You have me now for the next few hours, as I will drop in about every half hour or so to see if you need more help.

 

Sorry for the time frame (got yours after midnight) as it is 7.15 AM, Saturday my local time.

 

EDIT - As there are so many versions of this infection, I have added 3 more below that "may" match yours.

Now you can see why we tend to ask so many questions to find these things out.


Edited by noknojon, 22 November 2013 - 03:38 PM.


#7 MadHatter63

MadHatter63
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 22 November 2013 - 07:48 PM

I cant say for certain if my infection matches the ones you posted.  Visually, the infection warning screen is all white.  I would need to reboot the PC to make the infection show its face again before I can be certain.   Will Hitman wok on all of them?  I'm guessing no.

 

-M



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:43 AM

Posted 22 November 2013 - 07:52 PM

It would be nice if you could post an actual Name of Infection.

As you can now see there are many varieties of this .....

 

Thanks -



#9 MadHatter63

MadHatter63
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 22 November 2013 - 07:58 PM

Where would I find "the name"?



#10 MadHatter63

MadHatter63
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 22 November 2013 - 08:03 PM

I could post malwarebytes or Rkill logs, if that helps.



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:43 AM

Posted 22 November 2013 - 08:21 PM

Where would I find "the name"?

When you start the computer up, it will have something like the links I posted.

Typically FBI Online Agent has a warning that a FBI Online Agent has blocked your computer .....

Helps ?


Edited by noknojon, 22 November 2013 - 08:22 PM.


#12 MadHatter63

MadHatter63
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 22 November 2013 - 08:25 PM

Yeah I suppose. 

 

I will need to reboot the PC to let the virus run, start up in safe mode, run Rkill, then malwarebytes (35 min run time) then reboot in safe mode with networking.  I'll repost in aboot 45 min.

 

BTW, I love the "The answer is always 42", classic!



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:43 AM

Posted 22 November 2013 - 08:33 PM

The answer is always 42, or Reboot -

That was a mix of Monty Python (Meaning of Life) and every reply you get says Reboot -

Had those for a few years .....

 

If you just turn the "Sick computer" on do you get any "Screen or Display" ??

This would show the specific version.

 



#14 MadHatter63

MadHatter63
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 22 November 2013 - 09:29 PM

OK after rebooting, this is what the Header of the Virus lockout page said:

 

Mandiant U.S.A Cyber Security

F.B.I. Department of Defense

U.S.A.  Cyber Crime Center

 

Under Support and Protection of g (the g was actually a lower case script g)

 

Interpol is written on both sides of the post in the backround.

 

Out of all of the versions of the infection you posted, what I have is most similar to:

 

http://www.bleepingcomputer.com/virus-removal/remove-your-computer-has-been-locked-ransomware

 

Hope this helps...

 

-M



#15 MadHatter63

MadHatter63
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 22 November 2013 - 09:37 PM

Another question, how do I determine if my PC is 32bit or 64bit?  So I know which version of Hitman to dl.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users