GlockTalk.com
Home Forums Classifieds Blogs Today's Posts Search Social Groups



  
SIGN-UP
Notices

Glock Talk
Welcome To The Glock Talk Forums.

 
  
Reply
 
Thread Tools Display Modes
Old 12-26-2012, 10:14   #1
BSA70
Senior Member
 
BSA70's Avatar
 
Join Date: Aug 2007
Location: NC
Posts: 1,422
FBI virus

Couple of months ago, I heard about the dreaded FBI virus. Well my laptop got hit the other day. Everything boots up fine, then it gets to a point that it locks everything up and all you have is a white fbi screen and an audio message repeating"you have violated federal law, etc...."

So how would I go about getting to a point where I could clean it up, it's highjacked my computer.

Funny thing, the other pc's I have have not been effected and they run the avg free program. This one is paid mcfee. How can I prevent this from happening to my other ones>

thanks bsa
BSA70 is offline   Reply With Quote
Old 12-26-2012, 10:24   #2
The Fist Of Goodness
Senior Member
 
The Fist Of Goodness's Avatar
 
Join Date: Mar 2005
Location: Falling into Crime's Dinner Party.
Posts: 2,233
Download Malwarebytes on one of your other computers and save the download file to a CD or thumb drive.

Boot up the infected computer into Safe Mode (hold down the F8 key while it is booting up). Once the computer is in safe mode, copy Malwarebytes onto the hard drive from your CD or thumb drive. Install and run Malwarebytes.

Reboot your computer.

posted using Outdoor Hub Campfire
__________________
Quote:
Don't forget that everything we know is being filtered through the media which is like playing a game of telephone with mentally challenged people in the middle.
The Fist Of Goodness is offline   Reply With Quote
Old 12-26-2012, 11:11   #3
BSA70
Senior Member
 
BSA70's Avatar
 
Join Date: Aug 2007
Location: NC
Posts: 1,422
Quote:
Originally Posted by The Fist Of Goodness View Post
Download Malwarebytes on one of your other computers and save the download file to a CD or thumb drive.

Boot up the infected computer into Safe Mode (hold down the F8 key while it is booting up). Once the computer is in safe mode, copy Malwarebytes onto the hard drive from your CD or thumb drive. Install and run Malwarebytes.

Reboot your computer.

posted using Outdoor Hub Campfire

thankyou!
BSA70 is offline   Reply With Quote
Old 12-26-2012, 13:50   #4
Detectorist
Senior Member
 
Detectorist's Avatar
 
Join Date: Jul 2008
Location: Missouri
Posts: 8,070
If it won't even boot up in Safe Mode, you might have to download a rescue disc, like Avira.
__________________
NASM-Certified Personal Trainer

The single biggest problem in communication is the illusion that it has taken place. George Bernard Shaw
Detectorist is offline   Reply With Quote
Old 12-28-2012, 12:02   #5
sappy13
Senior Member
 
sappy13's Avatar
 
Join Date: Sep 2007
Location: Bremen, GA
Posts: 2,740
you will most likely need to use a rescue cd or hook that hdd up to another computer to scan. Remote regedit could also be used to kill the startup key. If you can get into safemode and not have it boot you are extremely lucky. The last couple that i have removed had both regular and safemode totally locked down.
sappy13 is offline   Reply With Quote
Old 12-28-2012, 12:44   #6
Chesafreak
Senior Member
 
Chesafreak's Avatar
 
Join Date: Nov 2011
Location: Chesapeake, VA
Posts: 1,748
One of our users in the office gets this one repeatedly. We do a system restore and its gone with no loss of user files. I keep asking my firewall administrator to block it at the firewall but he hasn't followed through on that yet.
Chesafreak is offline   Reply With Quote
Old 12-28-2012, 13:37   #7
Don H
Senior Member
 
Don H's Avatar
 
Join Date: Dec 2005
Posts: 4,926
Quote:
Originally Posted by Chesafreak View Post
One of our users in the office gets this one repeatedly. We do a system restore and its gone with no loss of user files. I keep asking my firewall administrator to block it at the firewall but he hasn't followed through on that yet.
^This seems like the easiest solution, if you can just restore it to a date prior to infection and then run a few scans to be sure after it has been restored.
Don H is offline   Reply With Quote
Old 12-28-2012, 23:04   #8
Brian12
Registered User
 
Join Date: Apr 2012
Posts: 7
If the above suggestions don't help, follow the steps in this removal guide: [url]http://www.selectrealsecurity.com/remove-ransomware[/url]

Brian

Last edited by Brian12; 12-28-2012 at 23:05..
Brian12 is offline   Reply With Quote
Old 12-29-2012, 06:36   #9
IndyGunFreak
KO Windows
 
IndyGunFreak's Avatar
 
Join Date: Jan 2001
Location: Indiana
Posts: 30,113
Send a message via ICQ to IndyGunFreak Send a message via AIM to IndyGunFreak Send a message via MSN to IndyGunFreak Send a message via Yahoo to IndyGunFreak Send a message via Skype™ to IndyGunFreak


and if none of the above works

http://www.ubuntu.com



Sorry, I had to.

Good luck getting this fixed.
__________________
Quote:
Ronald Reagan
"If we ever forget that we are One Nation Under God, then we will be a nation gone under."
"Man is not free unless Government is limited"
IndyGunFreak is offline   Reply With Quote
Old 12-29-2012, 07:21   #10
Bren
NRA Life Member
 
Bren's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 34,898
Quote:
Originally Posted by BSA70 View Post
Couple of months ago, I heard about the dreaded FBI virus. Well my laptop got hit the other day. Everything boots up fine, then it gets to a point that it locks everything up and all you have is a white fbi screen and an audio message repeating"you have violated federal law, etc...."

So how would I go about getting to a point where I could clean it up, it's highjacked my computer.

Funny thing, the other pc's I have have not been effected and they run the avg free program. This one is paid mcfee. How can I prevent this from happening to my other ones>

thanks bsa
I have gotten rid of the FBI virus twice, using nothing but online instructions (good to have 2 computers) and free software. It wasn't hard. I used the instructions here: http://www.bleepingcomputer.com/viru...pak-ransomware
__________________
"Liberal" is when you hire others to use a guns to protect you, so you can pretend guns aren't necessary.
Bren is offline   Reply With Quote
Old 12-29-2012, 12:31   #11
prism
more ammo
 
Join Date: Sep 2002
Location: Indiana
Posts: 1,726


http://portableapps.com/apps

this site has some antivirus/antispyware software which can run from a usb thumb drive.

I would download it onto a thumb drive, update it, then copy it onto your harddrive and run it from the harddrive. that way you have it on both the usb and the hard drive.
__________________
.
.
Explosives were used because officials believed the whale was too large to shoot. /// "that's celebratory gunfire." /// It began, as it so often does, with a drum circle. /// "The Land that Caturday Forgot"
prism is offline   Reply With Quote
Old 12-29-2012, 12:43   #12
Thornhammer
Member
 
Join Date: Dec 2012
Posts: 28
Quote:
Originally Posted by Chesafreak View Post
One of our users in the office gets this one repeatedly. We do a system restore and its gone with no loss of user files.
By far the easiest way to solve the problem. I did this on two different machines - the first time I spent hours trying to purge the problem before coming across the system restore idea, and it worked straight away. The second time, I didn't mess with anything else, system restore fixed it immediately.
Thornhammer is offline   Reply With Quote
Old 12-29-2012, 15:19   #13
Dragline
Senior Member
 
Dragline's Avatar
 
Join Date: Nov 2003
Location: Coastal SC
Posts: 4,373
Some of the latest versions of the trojan ransom prevent boot up in safe mode, prevent successfully doing a system restore, and will not allow the infected computer to perform any function that would enable a scan from a flash drive or CD.

At this point what is likely required for removal is to install the infected hard drive as a non boot drive in another computer and then performing a removal scan using malwarebytes for instance.

These trojans are getting nastier and tougher to remove all the time and are fully capable of blowing right by many of the top rated AV programs.
__________________
Birds and Alligators

To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
Dragline is offline   Reply With Quote
Old 12-29-2012, 15:45   #14
Chesafreak
Senior Member
 
Chesafreak's Avatar
 
Join Date: Nov 2011
Location: Chesapeake, VA
Posts: 1,748
Quote:
Originally Posted by IndyGunFreak View Post
and if none of the above works

http://www.ubuntu.com



Sorry, I had to.

Good luck getting this fixed.
I just converted another person from Windows to Ubuntu after they got the FBI virus last week. They got tired of paying for virus removal and asked me how to stop it. The downside to how many people I have converted to Ubuntu is I lose money because they don't need me anymore.
Chesafreak is offline   Reply With Quote
Old 12-30-2012, 05:47   #15
Toyman
Senior Member
 
Toyman's Avatar
 
Join Date: May 2003
Location: West Michigan
Posts: 3,847
Not sure if the OP still has the problem, but for the sake of future searches, try this:

http://www.selectrealsecurity.com/remove-ransomware
__________________
Mike - A forum post should be like a skirt. Long enough to cover the subject material, but short enough to keep things interesting.
"It's not about the odds, it's about the stakes." -
To view links or images in signatures your post count must be 10 or greater. You currently have 0 signatures.
Toyman is offline   Reply With Quote

 
  
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT -6. The time now is 19:19.




Homepage
FAQ
Forums
Calendar
Advertise
Gallery
GT Wiki
GT Blogs
Social Groups
Classifieds


Users Currently Online: 1,307
368 Members
939 Guests

Most users ever online: 2,244
Nov 11, 2013 at 16:42