GlockTalk.com
Home Forums Classifieds Blogs Today's Posts Search Social Groups



  
SIGN-UP
Notices

Glock Talk
Welcome To The Glock Talk Forums.
Reply
 
Thread Tools Display Modes
Old 12-26-2012, 09:14   #1
BSA70
Senior Member
 
BSA70's Avatar
 
Join Date: Aug 2007
Location: NC
Posts: 1,369
FBI virus

Couple of months ago, I heard about the dreaded FBI virus. Well my laptop got hit the other day. Everything boots up fine, then it gets to a point that it locks everything up and all you have is a white fbi screen and an audio message repeating"you have violated federal law, etc...."

So how would I go about getting to a point where I could clean it up, it's highjacked my computer.

Funny thing, the other pc's I have have not been effected and they run the avg free program. This one is paid mcfee. How can I prevent this from happening to my other ones>

thanks bsa
BSA70 is offline   Reply With Quote
Old 12-26-2012, 09:24   #2
The Fist Of Goodness
Senior Member
 
The Fist Of Goodness's Avatar
 
Join Date: Mar 2005
Location: Falling into Crime's Dinner Party.
Posts: 2,061
Download Malwarebytes on one of your other computers and save the download file to a CD or thumb drive.

Boot up the infected computer into Safe Mode (hold down the F8 key while it is booting up). Once the computer is in safe mode, copy Malwarebytes onto the hard drive from your CD or thumb drive. Install and run Malwarebytes.

Reboot your computer.

posted using Outdoor Hub Campfire
__________________
Quote:
Don't forget that everything we know is being filtered through the media which is like playing a game of telephone with mentally challenged people in the middle.
The Fist Of Goodness is online now   Reply With Quote
Old 12-26-2012, 10:11   #3
BSA70
Senior Member
 
BSA70's Avatar
 
Join Date: Aug 2007
Location: NC
Posts: 1,369
Quote:
Originally Posted by The Fist Of Goodness View Post
Download Malwarebytes on one of your other computers and save the download file to a CD or thumb drive.

Boot up the infected computer into Safe Mode (hold down the F8 key while it is booting up). Once the computer is in safe mode, copy Malwarebytes onto the hard drive from your CD or thumb drive. Install and run Malwarebytes.

Reboot your computer.

posted using Outdoor Hub Campfire

thankyou!
BSA70 is offline   Reply With Quote
Old 12-26-2012, 12:50   #4
Detectorist
Senior Member
 
Detectorist's Avatar
 
Join Date: Jul 2008
Location: Robertsville, MO
Posts: 7,577
If it won't even boot up in Safe Mode, you might have to download a rescue disc, like Avira.
__________________
NASM-Certified Personal Trainer

The single biggest problem in communication is the illusion that it has taken place. George Bernard Shaw
Detectorist is online now   Reply With Quote
Old 12-28-2012, 11:02   #5
sappy13
Senior Member
 
sappy13's Avatar
 
Join Date: Sep 2007
Location: Bremen, GA
Posts: 2,732
you will most likely need to use a rescue cd or hook that hdd up to another computer to scan. Remote regedit could also be used to kill the startup key. If you can get into safemode and not have it boot you are extremely lucky. The last couple that i have removed had both regular and safemode totally locked down.
sappy13 is offline   Reply With Quote
Old 12-28-2012, 11:44   #6
Chesafreak
Senior Member
 
Chesafreak's Avatar
 
Join Date: Nov 2011
Location: Chesapeake, VA
Posts: 1,632
One of our users in the office gets this one repeatedly. We do a system restore and its gone with no loss of user files. I keep asking my firewall administrator to block it at the firewall but he hasn't followed through on that yet.
Chesafreak is online now   Reply With Quote
Old 12-28-2012, 12:37   #7
Don H
Senior Member
 
Don H's Avatar
 
Join Date: Dec 2005
Posts: 4,913
Quote:
Originally Posted by Chesafreak View Post
One of our users in the office gets this one repeatedly. We do a system restore and its gone with no loss of user files. I keep asking my firewall administrator to block it at the firewall but he hasn't followed through on that yet.
^This seems like the easiest solution, if you can just restore it to a date prior to infection and then run a few scans to be sure after it has been restored.
Don H is offline   Reply With Quote
Old 12-28-2012, 22:04   #8
Brian12
Registered User
 
Join Date: Apr 2012
Posts: 7
If the above suggestions don't help, follow the steps in this removal guide: http://www.selectrealsecurity.com/remove-ransomware

Brian

Last edited by Brian12; 12-28-2012 at 22:05..
Brian12 is offline   Reply With Quote
Old 12-29-2012, 05:36   #9
IndyGunFreak
RIP My Friends
 
IndyGunFreak's Avatar
 
Join Date: Jan 2001
Location: Indiana
Posts: 29,697
Send a message via ICQ to IndyGunFreak Send a message via AIM to IndyGunFreak Send a message via MSN to IndyGunFreak Send a message via Yahoo to IndyGunFreak Send a message via Skype™ to IndyGunFreak


and if none of the above works

http://www.ubuntu.com



Sorry, I had to.

Good luck getting this fixed.
__________________
Quote:
Originally Posted by GioaJack View Post
The fire is no longer my major concern since I am leaving immediately on an unexpected road trip to Indianapolis. Watch the national news over the next couple of days, I'll wave... well, only if I'm cuffed in the front.
RIP Jack
IndyGunFreak is offline   Reply With Quote
Old 12-29-2012, 06:21   #10
Bren
NRA Life Member
 
Bren's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 33,442
Quote:
Originally Posted by BSA70 View Post
Couple of months ago, I heard about the dreaded FBI virus. Well my laptop got hit the other day. Everything boots up fine, then it gets to a point that it locks everything up and all you have is a white fbi screen and an audio message repeating"you have violated federal law, etc...."

So how would I go about getting to a point where I could clean it up, it's highjacked my computer.

Funny thing, the other pc's I have have not been effected and they run the avg free program. This one is paid mcfee. How can I prevent this from happening to my other ones>

thanks bsa
I have gotten rid of the FBI virus twice, using nothing but online instructions (good to have 2 computers) and free software. It wasn't hard. I used the instructions here: http://www.bleepingcomputer.com/viru...pak-ransomware
__________________
If you are not an NRA member, you are not involved in gun rights, so sit down and shut the +%@# up.
Bren is offline   Reply With Quote
Old 12-29-2012, 11:31   #11
prism
more ammo
 
Join Date: Sep 2002
Location: Indiana
Posts: 1,673


http://portableapps.com/apps

this site has some antivirus/antispyware software which can run from a usb thumb drive.

I would download it onto a thumb drive, update it, then copy it onto your harddrive and run it from the harddrive. that way you have it on both the usb and the hard drive.
__________________
.
.
Explosives were used because officials believed the whale was too large to shoot. /// "that's celebratory gunfire." /// It began, as it so often does, with a drum circle. /// "The Land that Caturday Forgot"
prism is offline   Reply With Quote
Old 12-29-2012, 11:43   #12
Thornhammer
Member
 
Join Date: Dec 2012
Posts: 28
Quote:
Originally Posted by Chesafreak View Post
One of our users in the office gets this one repeatedly. We do a system restore and its gone with no loss of user files.
By far the easiest way to solve the problem. I did this on two different machines - the first time I spent hours trying to purge the problem before coming across the system restore idea, and it worked straight away. The second time, I didn't mess with anything else, system restore fixed it immediately.
Thornhammer is offline   Reply With Quote
Old 12-29-2012, 14:19   #13
Dragline
Senior Member
 
Dragline's Avatar
 
Join Date: Nov 2003
Location: Coastal SC
Posts: 4,288
Some of the latest versions of the trojan ransom prevent boot up in safe mode, prevent successfully doing a system restore, and will not allow the infected computer to perform any function that would enable a scan from a flash drive or CD.

At this point what is likely required for removal is to install the infected hard drive as a non boot drive in another computer and then performing a removal scan using malwarebytes for instance.

These trojans are getting nastier and tougher to remove all the time and are fully capable of blowing right by many of the top rated AV programs.
__________________
Birds and Alligators
http://phillanoue.com
Dragline is offline   Reply With Quote
Old 12-29-2012, 14:45   #14
Chesafreak
Senior Member
 
Chesafreak's Avatar
 
Join Date: Nov 2011
Location: Chesapeake, VA
Posts: 1,632
Quote:
Originally Posted by IndyGunFreak View Post
and if none of the above works

http://www.ubuntu.com



Sorry, I had to.

Good luck getting this fixed.
I just converted another person from Windows to Ubuntu after they got the FBI virus last week. They got tired of paying for virus removal and asked me how to stop it. The downside to how many people I have converted to Ubuntu is I lose money because they don't need me anymore.
Chesafreak is online now   Reply With Quote
Old 12-30-2012, 04:47   #15
Toyman
Senior Member
 
Toyman's Avatar
 
Join Date: May 2003
Location: West Michigan
Posts: 3,788
Not sure if the OP still has the problem, but for the sake of future searches, try this:

http://www.selectrealsecurity.com/remove-ransomware
__________________
Mike - A forum post should be like a skirt. Long enough to cover the subject material, but short enough to keep things interesting.
"It's not about the odds, it's about the stakes." - quake
Toyman is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT -6. The time now is 13:57.



Homepage
FAQ
Forums
Calendar
Advertise
Gallery
GT Wiki
GT Blogs
Social Groups
Classifieds


Users Currently Online: 1,152
351 Members
801 Guests

Most users ever online: 2,244
Nov 11, 2013 at 11:42