Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI malware


  • Please log in to reply
1 reply to this topic

#1 pgp400

pgp400

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:02 PM

Posted 29 December 2014 - 03:10 AM

Sunday Dec 28 2014: Earlier today I got whacked with a version of this "FBI Virus".  After diong some online research, I attempted to restart my Lenovo R60 (Windows 7, 32 bit), hitting the F8 key repeatedly for at least one minute, but never got to the Restore Options screen. I tried this twice, shutting down the machine each time. I've looked onto Malwarebytes, Hitman Pro and would welcome and greatly appreciate any helpful advice before making any further attempts. Thanks in advance, Peter


Edited by pgp400, 29 December 2014 - 03:17 AM.


BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:02 AM

Posted 29 December 2014 - 10:39 PM

pgp400,

 

Since you have no access to the Advanced Boot Options Menu, let's give the following a try...

 

Use HitmanPro.Kickstart to access your computer, scan it for malware, and remove this infection. The program targets this ransomware.
 
Also, you may want to print these instructions, so they are available to follow.
 
Now, load a USB pen drive with HitmanPro.Kickstart as follows...
Note: the contents of the USB flash drive are erased during this process!
 
Use a clean (non-infected) computer, and download:
HitmanPro.Kickstart - Anti ransomware, politievirus, bundestrojaner, Reveton, BKA, GVU - SurfRight
 
Under Download (on the right) select the program applicable to the system: 64-bit, or 32-bit?
 
When HitmanPro opens, click the KickStart icon at the bottom of the screen.
 
>> Plug in the USB pen drive.
 
When the USB pen drive is detected, a selection screen is presented.
Select the USB pen drive from the choices, and press: Install Kickstart

A warning that all contents of the selected pen drive will erase is presented.
Press: Yes
 
As the HitmanPro.Kickstart files are loaded, a progress indicator is shown on the screen.
Once the process is completed a screen is presented with the contents of HitmanPro.Kickstart
 
Remove the USB flash drive from the clean computer and press: Close
 
 
 
Now, with the ransomed computer shut down, plug the USB flash drive into a USB port, and turn on the power.
 
When the computer starts, press the key that brings up the Boot Menu. (On some machines its F12, F10, or F1, F2)
 
From there, select to boot from the USB drive. (It may say 'Removable Drive' in the options.)
Info: How to Remove Ransomware - Select Real Security
 
Once you select the USB flash drive to boot from, press: Enter
 
A Kickstart prompt with USB boot options appears.
Select: 1 (Bypass the Master Boot Record (Default))
 
The system continues to boot from the hard drive and starts Windows.
 
If you get a message stating that Windows failed to start, etc., just select: Start Windows Normally
 
When Windows boots, you either get a logon screen, or the Desktop is started.
If you see a logon screen with your User name, logon with it.
 
In the next prompt that appears, to start the program without installing to the local hard disk, select the option to do a: One-time scan to check the computer.
 
To start scanning for malware press: Next
 
If malware is detected, the program shows what malware is present on the system in the Scan Results window.

Select Next to quarantine the malware into a secure storage where it can no longer start.

At the next screen, activate the 30-day free license.
After successful activation (30 days), press: Next 
 
A screen indicating that the malware was successfully disabled or removed is presented.
Press: Next
 
To obtain a report of the scan results, press: Save log
 

>> Save the Notepad log to the Desktop, if possible, or to the pen drive.

(It has a name such as: HitmanPro_xxxxxxxx_xxxx)

 

Restart the computer.

 

If able to save it, please provide the HitmanPro report in your reply.


Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users