Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ice/FBU Virus infection - windows won't start - please help!


  • Please log in to reply
30 replies to this topic

#1 Traci29

Traci29

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:56 PM

Posted 17 May 2014 - 06:03 PM

Hi, my computer is infected with the Ice/FBI type Virus.

 

This is the third time in the last couple of years - so I know the drill.

 

The first two times I was able to get rid of it by using Hitman Pro on a flash drive.

 

This time it's worse.

 

I cannot even get windows to start at all now, I go though the steps to boot with the flash drive, but I keep getting error messages.

 

Systems restore won't work, I get the following error message about "0xfbffca33".......

 

I am using a Dell computer, with Windows 7. The computer is about 2 years old.

 

I am thinking possibly this is a double issue - first the virus which then caused something else that prevents windows from starting.

 

I would appreciate any help, and will answer any questions, and/or follow any instructions. 

 

Thank you in advance.

 

Traci



BC AdBot (Login to Remove)

 


#2 IndiGamer

IndiGamer

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US, Minnesota
  • Local time:12:56 AM

Posted 17 May 2014 - 06:39 PM

Hmmm... Hello.

 

 

Please burn Kaspersky rescue disk 10 to an EMPTY CD.

 

Boot up the computer using the rescue disk.

 

Using the Kaspersky disk, find the Appdata folder by going to the following directory:

----------------------------------------------------------------------------------------------------------

 

C:\Users\Yourusername\Appdata.

 

----------------------------------------------------------------------------------------------------------

 

Then go to local, look for that suspicious file. if not there, check the Temp folder in \local\temp.

 

----------------------------------------------------------------------------------------------------------------------

 

Clear out this whole folder of anything.

 

----------------------------------------------------------------------------------------------------------------------

 

Now, plug in your hitman pro disk.

 

----------------------------------------------------------------------------------------------------------------------

 

Do a normal scan and post the results here.

 

__________________________________________________________________________

 

 

NOO NOT THE MALWARE!!! 

 

__________________________________________________________________________


Owner of NFinite Tech, website coming soon.

 

3614793002.png

 


#3 Traci29

Traci29
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:56 PM

Posted 17 May 2014 - 06:56 PM

Thanks for the reply - a few questions, as I don't understand - I'm not a computer expert by any means and need a little more detailed info....

 

Where is a good source for the Kapersky, can you provide a link or address?

 

How do I "find the Appdata folder"

 

What is "local".

 

And finally, how do I know what files are suspicious? 

 

Thank you for helping!

 

Traci



#4 IndiGamer

IndiGamer

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US, Minnesota
  • Local time:12:56 AM

Posted 17 May 2014 - 07:19 PM

Don't worry! I'm working on fixing some malware on my own Machine right now, lets accomplish this together!  :bananas:

 

-------------------------------------------------------------------------------------------------------------------------------------------------

 

Download KRD10 from here: http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso

 

-------------------------------------------------------------------------------------------------------------------------------------------------

 

Burn this to a CD. The appdata folder can be accessed by going into file explorer and following this path:

 

C drive, users, your username, (right click in the folder and click on properties and select show hidden files and folders) appdata, then go to local, and temp.

 

The icons for these are the default folder icon. Delete everything in the Temp folder by clicking and draging to select all of the files and pressing the DEL key.

 

Run a scan with hitman pro, (still in the Kaspersky Rescue Disk) and delete any files found.  :bounce:

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Try to boot into regular windows now.  :busy:

 

----------------------------------------------------------------

 

NOO NOT THE MALWARE!!!  :flamethrower:  :spider


Owner of NFinite Tech, website coming soon.

 

3614793002.png

 


#5 Traci29

Traci29
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:56 PM

Posted 17 May 2014 - 08:10 PM

OK - I got the Kaspersky disk loaded, and running in the infected computer and got into the temp folder.....

 

I can't select all and delete the temp folder - I get the error message, "The trash has reached it's maximum size, cleanup the trash manually"

 

Any idea of the name I am looking for?  Or what do you advise to do know?  I'm not sure how the trash works in this area....

 

Thanks for you're continuing assistance.....

 

Traci



#6 Traci29

Traci29
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:56 PM

Posted 17 May 2014 - 08:34 PM

Update - I went into settings , took off the maximum trash size, then tried once again deleting the entire temp file - but got another error message,

"could not write file /root.............................disk full"

 

Another question, is there an easier way now that I have the Kapersky disk running, to have it run some sort of check and find the issue automatically?

 

thanks!

 

Traci



#7 IndiGamer

IndiGamer

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US, Minnesota
  • Local time:12:56 AM

Posted 18 May 2014 - 09:28 AM

Try scanning with the built in Kaspersky products that are on your desktop when you have the disk in. Then try using your Hitman pro USB. 

 

:hello:

------------------------------------------------------------------------------------------------------------

 

NOO NOT THE MALWARE!!!  :flamethrower:  :spider


Owner of NFinite Tech, website coming soon.

 

3614793002.png

 


#8 Traci29

Traci29
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:56 PM

Posted 18 May 2014 - 12:09 PM

Ok, I scanned with Kapersky, took 3 hours - and windows still won't start without the Rescue disk.

 

It found  a long list of Trojan stuff.  It recommended I quarantine them which I did.  Some then said "postponed"?  Should I have "deleted" instead of quarantined, or would that have made a difference?

 

Windows still won't start, systems restore still won't run, so I can't get Hitman pro flash drive to run by re booting without the Rescue disk in.

 

In Kapersky Rescue, though, how can I start Hitman from there?  When I click the icon and get it to open a window, I can't figure out how to get it to start running.

 

Possibly we have a big second issue in this windows not starting that the virus caused, and just deleting the virus doesn't fix the issue?

 

Thanks so much, this is so frustrating I spent hour and hours yesterday, and now today on this issue.....I can't believe there are humans out there that invent these virus's, but I will stop ranting for now.....

 

Traci

 

 

 

 

 

Something happened with the ICE Virus, that is preventing indo



#9 IndiGamer

IndiGamer

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US, Minnesota
  • Local time:12:56 AM

Posted 18 May 2014 - 01:20 PM

Please try downloading hitman pro while in the kaspersky disk. Then run it. Tell me if any complications come up. 

 

I know this is very frustrating for you.  :deadhorse:


By the way, tell me the description of what you found with the trojans.


Owner of NFinite Tech, website coming soon.

 

3614793002.png

 


#10 Traci29

Traci29
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:56 PM

Posted 18 May 2014 - 02:06 PM

How do I get Hitman Pro to start running in while in Kapersky?  I can click on the bottom right of the screen, a window opens showing Hitman (from the flash drive plugged in) - but I don't see how to actually get it to start running?  I'm sure this simple, but I can't figure it out!

 

The description of what I found by running the Kapersky Rescue disk -

102 Trojans

12 quarantined as critical - I assume these are the Ice Virus

11 in my users Appdata/local

1 in my carbonite backup

They were named -

"Trojan Program HEUR:Expl

 

Traci



#11 IndiGamer

IndiGamer

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US, Minnesota
  • Local time:12:56 AM

Posted 18 May 2014 - 04:22 PM

Try scanning with kaspersky again and try the delete function this time  :thumbup2:

 

--------------------------------------------------------------------------------------------------------------------------------------

 

But before you do this, please submit one of the files Kaspersky says is infected to www.Virustotal.com/en/

 

Then post a link to the page that it takes you to after you upload the files  :bananas:


Edited by IndiGamer, 18 May 2014 - 04:28 PM.

Owner of NFinite Tech, website coming soon.

 

3614793002.png

 


#12 Traci29

Traci29
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:56 PM

Posted 18 May 2014 - 05:28 PM

Hi,

 

I ran Kaspersky again, it found nothing.

 

It does show a report from the first scan that has the 12 quarantined files - however, I cannot access the internet through the infected computer to upload anything.  I have been using another computer to post here in bleepingcomputer.com

 

I tried again to figure out how to run hitman pro in Kaspersky - but cannot find a way to start it running, it just opens a window in "dolpin"....

 

Please advise - I will follow any and all instructions!

 

Traci



#13 IndiGamer

IndiGamer

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US, Minnesota
  • Local time:12:56 AM

Posted 18 May 2014 - 07:07 PM

So, try booting up in regular windows quick.. If it doesn't work, try this:

 

------------------------------------------------------------------------------------------

 

Disconnect the LAN-cable so the infected machine hasn't internet. Then start up your infected machine. Is the ransomware now there?

 
Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt.
Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen.
 
Use the arrow keys to select the Safe mode with a Command prompt option.
 
In the command promp enter explorer.exe
 
Do you now have access to your computer environment?  

Owner of NFinite Tech, website coming soon.

 

3614793002.png

 


#14 Traci29

Traci29
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:56 PM

Posted 18 May 2014 - 08:12 PM

Computer won't boot into windows with no internet plugged into it - or with for that matter - that has been the problem along.  First I got locked up with the Ice Virus - then when trying to restart it to use Hitman Pro - windows won't start.

 

I cannot get into any of the safe modes using F 8.  It simply reverts back to starting the whole computer, and brings me back to where you would click F8......it goes to the repair computer mode, where I then get an error message it can't be repaired.

 

Something is preventing windows from booting in any form, other than when using the Kapsersky Rescue Disk.   Kaspersky quarantined the virus, yet now Windows won't start.

 

I called a local computer shop today, they said to bring it in to reload windows, this will be my last resort, as I have tons and tons of valuable data and info on this computer, that I really need....so I am going to keep asking for help on things to try to get it to bootup.

 

Which brings me back to a former question - how do I get Hitman Pro to run, inside of Kaspersky Rescue? 

 

Or any other methods I can try?

 

Thanks for any and all help!



#15 IndiGamer

IndiGamer

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US, Minnesota
  • Local time:12:56 AM

Posted 18 May 2014 - 08:45 PM

I will not stop until this malware is gone, Traci!

 

We can't give up yet.  :clapping:

 

I will try to find a fix sometime soon

 --------------------------------------------------------

 

By the way, I never introduced myself. My name is Tucker. I have school to go to this week, so I will be here off and on.


Owner of NFinite Tech, website coming soon.

 

3614793002.png

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users