Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:JS/Medfos.B


  • Please log in to reply
9 replies to this topic

#1 alexmorano

alexmorano

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 AM

Posted 22 December 2013 - 06:51 PM

Hi everyone

 

I have a  Toshiba satellite P875-S7310 running. I have Windows 8.1 pro with media center and I have Norton as my anti virus. I have been trying to figure out how I can remove Trojan:JS/Medfos.B. I cant get Norton to remove it and I want to be sure I remove all of it. I tried restoring from multiple restore points but when the restore point is finished I get a message that the operation could not be completed because its missing a file. I tried 3 different restore points. When that did not work I tried to reset back to factory out of box but I get the same message I was getting from the restore point that it was not able to complete the operation. Also told me no HDD.  Don't know if this is related but I have been having trouble downloading up to date drivers. The drivers will download but when I click to install them they don't do anything. Since I have been having trouble downloading up to date drivers, I bought a driver update software called "Driver Finder". I heard good things about it and it had really good reviews so I hope I did not get ripped off there. All in all my laptop has been sluggish, sometimes not letting me click on links and not allowing me to search with the search engine of my choice. Also, not sure if this is relevant but about a month ago my screen went white and than I got a message saying the FBI has been recording all my activity and that They found something illegal. it didn't say exactly what they found. it just showed examples of illegal computer usage (i.e. piracy, child pornography, causing viruses, gambling online) It said that I have a fine of $200 and I have 48 hours to pay the fine and if I don't they will hold criminal charges against me. That did not seem right to me so I turned off my laptop real fast by holding down the power button. I have not had any problems with the blue screen people claim they get afterword's.  I ran my Norton anti virus after that and it found nothing so figured all was well.

That's pretty much all of it. If there's any more information I can get anybody just let me know. I would appreciate any help you all can offer me. 

 

Thank you in advance.

Alex



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:44 AM

Posted 22 December 2013 - 06:58 PM

NOTE - The F.B.I. message is a scam

Please follow the directions that will follow soon -

 

Thank You -



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:44 AM

Posted 22 December 2013 - 07:31 PM

First -

Please do not alter the Default text, as this makes it very hard to understand what you have written -

 

Do you still have the FBI script on your computer, or has this changed at all ?

 

I can leave a link to DIY instructions on removal of this scam (good basic knowledge is all that is required)

Or I can leave a link to our Experts area where they will remove the problem for you.

Please let me know your choice.

 

Thank You -



#4 alexmorano

alexmorano
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 AM

Posted 22 December 2013 - 11:41 PM

Thank you for responding. I don't know how the text ended up being that way it did not look like that when I wrote it.

That FBI scam had never come back up since I shut the computer down. I'm not sure if it's even related to these other things. All I know is my machine is slow, I can't seem to get my drivers updated and I'm told when I try to refresh or use a restore point I have no HDD. I can't seem to find the recovery partition. Whatever you can do to help me is appreciated. I am pretty good with instruction so if you leave me instructions I can do that myself. I am currently going Cisco Networking Academy and getting my associates in Computer Networking and Electronics Technology. I am only 3 semesters in so I'm by no means an expert yet.

Thank you again for responding to my question. I had one other question. Is there a way that I can get in to that partition and recover my operating system so that I can reset back to out of box?

#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:44 AM

Posted 23 December 2013 - 03:01 AM

Please post a snapshot with Speccy as this may give us a bit more to look at -
Publish a Snapshot using Speccy << Follow These Directions

 

Next -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* NOTE : Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

NOTE - If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.

 

Next -

I would like you to use the ESET OnlineScanner -
This is best done with Internet Explorer, as it uses ActineX  with the scan
How-ever alternate directions are left for thise that will not use Internet Explorer
Please read and follow How To Temporarily Disable Your Anti-virus during the scan.
1 / Hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 / Click the ESETOnliner Scanner button.
3 / For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
3.1 - / Click on This Link to download theExternal ESET Smart Installer.
3.2 - / Save it to your desktop.
4 / Double click on the  icon on your desktop.
5 / Check "YES, I accept the Terms of Use."
5 / Click the Start button.
6 / Accept any security warnings from your browser.
7 / Under scan settings, check "Scan Archives" and "Remove found threats"
8 / Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 / ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time.
10 / When the scan completes, click List Threats
11 / Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12 / Click the Back button.
13 / Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 

Next -

This program will reboot your computer when finished, and leave a log on restarting.

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Last -

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe to run it.
• For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.

 

 

Thank You -



#6 alexmorano

alexmorano
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 AM

Posted 23 December 2013 - 06:58 PM

Thank you for the information. I will work on this.



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:44 AM

Posted 23 December 2013 - 07:12 PM

OK -

Those are if the problem returns, or you wish for more help -

 

A factory reset on a Windows 8 should be posted to the Windows 8 Forum area -

 

Thank You -



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:44 AM

Posted 27 December 2013 - 04:31 PM

Hello,

 

Do you still have a problem, or will I take this topic off Watch.

 

Thank You -



#9 alexmorano

alexmorano
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 AM

Posted 31 December 2013 - 05:17 AM

Hello

 

Sorry I did not get back to you sooner. Was out of town for Christmas.

 

Everything is fine now. I attempted those instructions you gave me back on the 23rd of December but I could not complete all of them  because it just got to a point where I could not do anything on this machine. I eventually found my disks and was able to restore my system back to factory out of box state. So far everything has been going good.

 

Thank you very much for taking the time to help me. I do appreciate that.

Alex



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:44 AM

Posted 31 December 2013 - 05:46 AM

Thank you for taking the time to send the reply, and I hope your problems get better.

 

Please start a new topic if you have further problems.

 

Regards -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users