Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Good ol Department of Defense (FBI) Virus


  • Please log in to reply
3 replies to this topic

#1 BewareOfButtlice

BewareOfButtlice

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 18 June 2014 - 04:56 PM

Hello

 

i've got a client here that, for the THIRD time, has been infected with 3 different fbi virus.......... This time its the Department of Defense and i cannt use Hitman/kickstart as its expired. For kicks i tried it and it wont even launch in front of the virus (all three options). I have removed these viruses countless times and have run into a wall. Here is everything i have tried:

 

Hitman

safe mode

safe mode with cmd prompt. after launching mbam, combofix, hitman, or anything for that matter, the DOD screen immediately comes up and covers the entire screen. 

mbam using bootable media. Only found one PUP which was unrelated to the DOD virus. 

manually searching through all user account's app data roaming folder.

checking files/folders modified within the last 30 days, nothing comes up out of the normal as far as i saw when browsing app data folder and windows folder.

 

So my problem is i cannot run anything on the computer to remove this thing and hes needing it by tonight. I doubt i will get it back to him today. I have tried finding manual removal guides online but everything is saying to just use mbam or hitman, which i cannot. 

 

i was ONCE able to launching Sysinternals Process Explorer and found that it was running off of svchost.exe but didnt get the location. Is this a new variant to the virus?

 

Thanks!

 

UPDATE hang on, i forgot about the old trick of using KAV win unlocker! Ill update if it fixes it or doesnt....

 

UPDATE 2! It looks like that has worked. I'm moving on to doing the removal.


Edited by BewareOfButtlice, 18 June 2014 - 05:07 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:10 PM

Posted 18 June 2014 - 05:16 PM

Hello BewareOfButtlice -

Hello

i've got a client here that, for the THIRD time, has been infected with 3 different fbi virus.......... This time its the Department of Defense and i cannt use Hitman/kickstart as its expired.

Since the Client is the one that has been infected 3 times, and you are still trying to use Hitman, can you repay the fee or get a new license ??

 

You now need to sell them MBAM Pro version, and not use the free version that is a "clean-up tool".

 

Is this a reasonable idea to start with ??

 

UPDATE 2! It looks like that has worked. I'm moving on to doing the removal.

 

Keep us informed thanks -


Edited by noknojon, 18 June 2014 - 05:20 PM.


#3 BewareOfButtlice

BewareOfButtlice
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 18 June 2014 - 05:24 PM

I have sold them the Pro version now. Hopefully that will prevent them from getting it again. Looks like they keep going to the same website that is infected or something. Ran through a complete scan on malware-bytes and it has removed the infection. Fingers crossed that there inst a 4th time!

 

Thanks



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:10 PM

Posted 18 June 2014 - 05:33 PM

Well done -

 

I hope you give them a severe talking to, and keep MBAM and Antivirus updated.

 

Post back if any other problem comes up. I will watch this for a couple of days ........






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users