[BSA70]

Couple of months ago, I heard about the dreaded FBI virus. Well my laptop got hit the other day. Everything boots up fine, then it gets to a point that it locks everything up and all you have is a white fbi screen and an audio message repeating"you have violated federal law, etc...."

So how would I go about getting to a point where I could clean it up, it's highjacked my computer.

Funny thing, the other pc's I have have not been effected and they run the avg free program. This one is paid mcfee. How can I prevent this from happening to my other ones>

thanks bsa

[The Fist Of Goodness]

Download Malwarebytes on one of your other computers and save the download file to a CD or thumb drive.

Boot up the infected computer into Safe Mode (hold down the F8 key while it is booting up). Once the computer is in safe mode, copy Malwarebytes onto the hard drive from your CD or thumb drive. Install and run Malwarebytes.

Reboot your computer.

posted using Outdoor Hub Campfire

[BSA70]

Quote:

Originally Posted by The Fist Of Goodness

Download Malwarebytes on one of your other computers and save the download file to a CD or thumb drive.

Boot up the infected computer into Safe Mode (hold down the F8 key while it is booting up). Once the computer is in safe mode, copy Malwarebytes onto the hard drive from your CD or thumb drive. Install and run Malwarebytes.

Reboot your computer.

posted using Outdoor Hub Campfire

thankyou!

[Detectorist]

If it won't even boot up in Safe Mode, you might have to download a rescue disc, like Avira.

[sappy13]

you will most likely need to use a rescue cd or hook that hdd up to another computer to scan. Remote regedit could also be used to kill the startup key. If you can get into safemode and not have it boot you are extremely lucky. The last couple that i have removed had both regular and safemode totally locked down.

[Chesafreak]

One of our users in the office gets this one repeatedly. We do a system restore and its gone with no loss of user files. I keep asking my firewall administrator to block it at the firewall but he hasn't followed through on that yet.

[Don H]

Quote:

Originally Posted by Chesafreak

One of our users in the office gets this one repeatedly. We do a system restore and its gone with no loss of user files. I keep asking my firewall administrator to block it at the firewall but he hasn't followed through on that yet.

^This seems like the easiest solution, if you can just restore it to a date prior to infection and then run a few scans to be sure after it has been restored.

[Brian12]

If the above suggestions don't help, follow the steps in this removal guide: http://www.selectrealsecurity.com/remove-ransomware

Brian

[IndyGunFreak]

and if none of the above works

http://www.ubuntu.com



Sorry, I had to.

Good luck getting this fixed.

[Bren]

Quote:

Originally Posted by BSA70

Couple of months ago, I heard about the dreaded FBI virus. Well my laptop got hit the other day. Everything boots up fine, then it gets to a point that it locks everything up and all you have is a white fbi screen and an audio message repeating"you have violated federal law, etc...."

So how would I go about getting to a point where I could clean it up, it's highjacked my computer.

Funny thing, the other pc's I have have not been effected and they run the avg free program. This one is paid mcfee. How can I prevent this from happening to my other ones>

thanks bsa

I have gotten rid of the FBI virus twice, using nothing but online instructions (good to have 2 computers) and free software. It wasn't hard. I used the instructions here: http://www.bleepingcomputer.com/viru...pak-ransomware

[prism]

http://portableapps.com/apps

this site has some antivirus/antispyware software which can run from a usb thumb drive.

I would download it onto a thumb drive, update it, then copy it onto your harddrive and run it from the harddrive. that way you have it on both the usb and the hard drive.

[Thornhammer]

Quote:

Originally Posted by Chesafreak

One of our users in the office gets this one repeatedly. We do a system restore and its gone with no loss of user files.

By far the easiest way to solve the problem. I did this on two different machines - the first time I spent hours trying to purge the problem before coming across the system restore idea, and it worked straight away. The second time, I didn't mess with anything else, system restore fixed it immediately.

[Dragline]

Some of the latest versions of the trojan ransom prevent boot up in safe mode, prevent successfully doing a system restore, and will not allow the infected computer to perform any function that would enable a scan from a flash drive or CD.

At this point what is likely required for removal is to install the infected hard drive as a non boot drive in another computer and then performing a removal scan using malwarebytes for instance.

These trojans are getting nastier and tougher to remove all the time and are fully capable of blowing right by many of the top rated AV programs.

[Chesafreak]

Quote:

Originally Posted by IndyGunFreak

and if none of the above works

http://www.ubuntu.com



Sorry, I had to.

Good luck getting this fixed.

I just converted another person from Windows to Ubuntu after they got the FBI virus last week. They got tired of paying for virus removal and asked me how to stop it. The downside to how many people I have converted to Ubuntu is I lose money because they don't need me anymore.

[Toyman]

Not sure if the OP still has the problem, but for the sake of future searches, try this:

http://www.selectrealsecurity.com/remove-ransomware