Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

fbi virus- cannot do anything, but puppy drive got it started. what now?


  • Please log in to reply
18 replies to this topic

#1 need_help33

need_help33

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 14 January 2014 - 04:10 AM

hi, i really appreciate any help.

 

i followed directions that i found on here, and nothing has worked so far except for this usb drive that i created.  i'm not sure what puppy means, but i'm going thru files on my pc now.  i just don't know where to go from here.

 

thanks so much.



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:41 AM

Posted 15 January 2014 - 12:47 AM

:welcome: to BC forums, need_help33!

 

Can you provide the link used to follow the 'Puppy' instructions?

 

Puppy is a Linux operating system that focuses on ease of use and minimal use of resources. It runs easily from a USB drive or a CD, and once you are done with it, you just remove the USB drive. There is no need for installing.

 

Also, would appreciate knowing the Windows Operating System you are using...XP, Vista, Windows 7, or 8?

 

Thanks.


Old duck...


#3 need_help33

need_help33
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 15 January 2014 - 12:54 AM

windows 7...

 

sorry i can't find the link, but it was on this site.  hitman wouldn't work.  safe mode doesn't work either.  thanks...



#4 need_help33

need_help33
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 15 January 2014 - 01:37 AM

but i created a puppy usb drive, got my comp started.  but the instructions were for xp, and it left off at 'what are the files under startup folder'?

 

that's where i am...



#5 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:41 AM

Posted 15 January 2014 - 03:05 PM

Since you got to the Puppy Desktop, please do the following:

At the Puppy Desktop, click the Mount icon.
On the next prompt, select the drive where you want to access Windows files from, and click the [(un)Mount] button.
You should be able to recognize the Windows OS drive by its size.

Once the drive is mounted, a screen showing Folders/Files appears.
At the top of the frame you should have (or something similar): /mnt/sdaX (where X is a number)
Make note of the drive's name: sdaX (X=number)

Now, look for the Startup folder which, in Windows 7, is located at the path below:

Click (only once), the following folders, in sequence:

Users > your username > AppData > Roaming > Microsoft > Windows > Start Menu > Programs > Startup
(Replace your username with the appropriate name.)

Take a note of the files listed in the above Startup folder. You should see desktop.ini, and some other file(s).

Next, press the green arrow on the top left, and change to the parent directory. Press the arrow until you reach a prompt containing: /mnt/sdaX
Click on sdaX, which is your Windows drive, and a screen showing Folders/Files appears.

Look for the Startup folder which is located at the path below:

ProgramData > Microsoft > Windows > Start Menu > Programs > Startup

Also take a note of the files listed in this Startup folder. Again, you should see desktop.ini, and some other file(s).


When done, close [X] the open prompts.

Power-off by going to: Menu (bottom left) > Shutdown > Power-Off

Remove the USB pen drive.

>> Please post in your reply the names of the files you found and noted in the two Startup folders.


Thanks.


.

Edited by Aaflac, 15 January 2014 - 03:08 PM.

Old duck...


#6 need_help33

need_help33
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 23 January 2014 - 03:59 AM

hi, thanks very much.

 

the first files are:

 

b.bat

ctfmon.Ink

desktop.ini

Dropbox.Ink

 

the second files are:

 

desktop.ini

McAfee Security Scan Plus.Ink

TotalMediaBackup&RecorderMonitor.Ink

VideoCamSuite.Ink

WDDMStatus.Ink

WDSmartware.Ink



#7 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:41 AM

Posted 23 January 2014 - 09:38 PM

Please remove ctfmon.lnk

Looks as if it is what’s calling the virus on start up.

 

After removing the file, start the computer, and see if you can boot to Windows.

 

Also, after you start the computer, tap the F8 key until the Advanced Boot Options menu appears.

Do you have the Repair your computer menu item?

 

Do not want you to use it and do a repair, however, what happens when you press on it?

Does it take you to the System Recovery Options?


Edited by Aaflac, 24 January 2014 - 09:06 AM.

Old duck...


#8 need_help33

need_help33
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 24 January 2014 - 11:23 AM

no i selected repair, but it just went to <Error>   ERROR : F3-F100-0010

 

An error has occurred.

Please press [OK] to turn off the computer.



#9 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:41 AM

Posted 24 January 2014 - 11:35 AM

Did you remove ctfmon.lnk using Linux Puppy?

Are you able to boot into Windows after doing so?

Old duck...


#10 need_help33

need_help33
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 24 January 2014 - 01:01 PM

i deleted ctfmon.Ink.  should i then save the session?  can we talk in a pm?



#11 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:41 AM

Posted 24 January 2014 - 04:06 PM

You are not working with what is called a 'Persistent' install of Linux Puppy which is able to save the session.

There is no need to save the session, anyway.

 

Also, my assistance is only available through the open forums.

 

Are you able to boot into Windows after deleting the file?


Edited by Aaflac, 24 January 2014 - 04:12 PM.

Old duck...


#12 need_help33

need_help33
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 24 January 2014 - 04:40 PM

yes i did.  i was able to hit f8, then i hit repair, but it did the same thing and said error.



#13 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:41 AM

Posted 24 January 2014 - 05:52 PM

Not sure if I understand you. Do not want for you to do a repair, just want to know, if, when you tap the F8 key until the Advanced Boot Options menu appears,

do you get the Repair your computer menu item?

 

In any event, we need to get on with the ransomed computer before the FBI notice appears and locks it up again!

 

Please use Malwarebytes Anti-Malware (MBAM):
Download: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware

 

To minimize the use of the infected computer, download the program using a clean computer, and move MBAM to a USB drive.
Plug in the USB drive to the problem computer, and move MBAM to its Desktop.

Double-click the MBAM file to run it.

 

When the installation begins, follow the prompts in the setup process.

Do not make any changes to default settings and when the program has finished installing, make sure only the following options are checked:

>Update Malwarebytes’ Anti-Malware

>Launch Malwarebytes’ Anti-Malware

Uncheck:

>Enable free trial of Malwarebytes Anti-Malware PRO

Click on the Finish button.

 

If an update is found, the program automatically updates itself.

At the program console, on the Scanner tab, select: Perform Quick Scan

 

Next, click on the Scan button.

 

When the MBAM scan is completed, click on: Show Results

When presented with a screen showing the malware detected, make sure everything is Checked, and click on: Remove Selected

 

When removal is completed, a report opens in Notepad.

 

 Please copy/paste the entire contents of the MBAM report in your reply.

 

Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.


Old duck...


#14 need_help33

need_help33
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 24 January 2014 - 09:59 PM

im sorry about the bad explanation.  i can start the computer, and hitting f12 to use a usb drive works.  and i can hit f8 to get to the screen with the safe mode options repair option.  but it wont start up to the desktop ever, it always locks up and goes to plain white.

 

i tried to hit repair, but it says error- press ok to turn off computer.

 

i had to make the usb puppy drive using another pc because i can't use my newer one at all.  nothing works, i've tried everything-  all safe mode options included.


even safe mode switches off and it restarts to the white screen.



#15 need_help33

need_help33
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 24 January 2014 - 10:01 PM

oh ok.  i will give a shot, thank you very much.

 

 

i have to go to work, but will attempt the mbam asap in the morning...  thanks so much!!!


will the mbam allow me to get to my desktop?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users