close

Privacy guaranteed - Your email is not shared with anyone.

FBI virus

Discussion in 'Tech Talk' started by BSA70, Dec 26, 2012.


  1. BSA70

    BSA70
    Expand Collapse

    Joined:
    Aug 14, 2007
    1,772
    113
    Location:
    NC
    Couple of months ago, I heard about the dreaded FBI virus. Well my laptop got hit the other day. Everything boots up fine, then it gets to a point that it locks everything up and all you have is a white fbi screen and an audio message repeating"you have violated federal law, etc...."

    So how would I go about getting to a point where I could clean it up, it's highjacked my computer.

    Funny thing, the other pc's I have have not been effected and they run the avg free program. This one is paid mcfee. How can I prevent this from happening to my other ones>

    thanks bsa
     

    Wanna kill these ads? We can help!
  2. The Fist Of Goodness

    The Fist Of Goodness
    Expand Collapse

    Joined:
    Mar 20, 2005
    3,866
    1,016
    Location:
    Falling into Crime's Dinner Party.
    Download Malwarebytes on one of your other computers and save the download file to a CD or thumb drive.

    Boot up the infected computer into Safe Mode (hold down the F8 key while it is booting up). Once the computer is in safe mode, copy Malwarebytes onto the hard drive from your CD or thumb drive. Install and run Malwarebytes.

    Reboot your computer.

    posted using Outdoor Hub Campfire
     

  3. BSA70

    BSA70
    Expand Collapse

    Joined:
    Aug 14, 2007
    1,772
    113
    Location:
    NC

    thankyou!
     
  4. Detectorist

    Detectorist
    Expand Collapse

    Joined:
    Jul 16, 2008
    13,809
    3,138
    Location:
    Missouri
    If it won't even boot up in Safe Mode, you might have to download a rescue disc, like Avira.
     
  5. sappy13

    sappy13
    Expand Collapse

    Joined:
    Sep 30, 2007
    2,666
    1
    Location:
    Bremen, GA
    you will most likely need to use a rescue cd or hook that hdd up to another computer to scan. Remote regedit could also be used to kill the startup key. If you can get into safemode and not have it boot you are extremely lucky. The last couple that i have removed had both regular and safemode totally locked down.
     
  6. Chesafreak

    Chesafreak
    Expand Collapse

    Joined:
    Nov 8, 2011
    2,076
    29
    Location:
    Chesapeake, VA
    One of our users in the office gets this one repeatedly. We do a system restore and its gone with no loss of user files. I keep asking my firewall administrator to block it at the firewall but he hasn't followed through on that yet.
     
  7. Don H

    Don H
    Expand Collapse

    Joined:
    Dec 9, 2005
    4,294
    91
    ^This seems like the easiest solution, if you can just restore it to a date prior to infection and then run a few scans to be sure after it has been restored.
     
  8. Brian12

    Brian12
    Expand Collapse

    Joined:
    Apr 22, 2012
    6
    0
    #8 Brian12, Dec 29, 2012
    Last edited: Dec 29, 2012
  9. IndyGunFreak

    IndyGunFreak
    Expand Collapse
    KO Windows

    Joined:
    Jan 26, 2001
    25,696
    982
    Location:
    Indiana
  10. Bren

    Bren
    Expand Collapse
    NRA Life Member

    Joined:
    Jan 16, 2005
    41,093
    7,537
    Location:
    Kentucky
    I have gotten rid of the FBI virus twice, using nothing but online instructions (good to have 2 computers) and free software. It wasn't hard. I used the instructions here: http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware
     
  11. prism

    prism
    Expand Collapse
    more ammo

    Joined:
    Sep 26, 2002
    1,419
    8
    Location:
    Indiana
    http://portableapps.com/apps

    this site has some antivirus/antispyware software which can run from a usb thumb drive.

    I would download it onto a thumb drive, update it, then copy it onto your harddrive and run it from the harddrive. that way you have it on both the usb and the hard drive.
     
  12. Thornhammer

    Thornhammer
    Expand Collapse

    Joined:
    Dec 19, 2012
    28
    0
    By far the easiest way to solve the problem. I did this on two different machines - the first time I spent hours trying to purge the problem before coming across the system restore idea, and it worked straight away. The second time, I didn't mess with anything else, system restore fixed it immediately.
     
  13. Dragline

    Dragline
    Expand Collapse

    Joined:
    Nov 5, 2003
    3,387
    678
    Location:
    Coastal SC
    Some of the latest versions of the trojan ransom prevent boot up in safe mode, prevent successfully doing a system restore, and will not allow the infected computer to perform any function that would enable a scan from a flash drive or CD.

    At this point what is likely required for removal is to install the infected hard drive as a non boot drive in another computer and then performing a removal scan using malwarebytes for instance.

    These trojans are getting nastier and tougher to remove all the time and are fully capable of blowing right by many of the top rated AV programs.
     
  14. Chesafreak

    Chesafreak
    Expand Collapse

    Joined:
    Nov 8, 2011
    2,076
    29
    Location:
    Chesapeake, VA
    I just converted another person from Windows to Ubuntu after they got the FBI virus last week. They got tired of paying for virus removal and asked me how to stop it. The downside to how many people I have converted to Ubuntu is I lose money because they don't need me anymore.
     
  15. Toyman

    Toyman
    Expand Collapse

    Joined:
    May 6, 2003
    2,597
    20
    Location:
    West Michigan