close

Privacy guaranteed - Your email is not shared with anyone.

FBI virus

Discussion in 'Tech Talk' started by BSA70, Dec 26, 2012.

  1. BSA70

    BSA70

    Joined:
    Aug 14, 2007
    Messages:
    1,936
    Likes Received:
    187
    Location:
    NC
    Couple of months ago, I heard about the dreaded FBI virus. Well my laptop got hit the other day. Everything boots up fine, then it gets to a point that it locks everything up and all you have is a white fbi screen and an audio message repeating"you have violated federal law, etc...."

    So how would I go about getting to a point where I could clean it up, it's highjacked my computer.

    Funny thing, the other pc's I have have not been effected and they run the avg free program. This one is paid mcfee. How can I prevent this from happening to my other ones>

    thanks bsa
     
  2. The Fist Of Goodness

    The Fist Of Goodness

    Joined:
    Mar 20, 2005
    Messages:
    4,235
    Likes Received:
    1,475
    Location:
    Falling into Crime's Dinner Party.
    Download Malwarebytes on one of your other computers and save the download file to a CD or thumb drive.

    Boot up the infected computer into Safe Mode (hold down the F8 key while it is booting up). Once the computer is in safe mode, copy Malwarebytes onto the hard drive from your CD or thumb drive. Install and run Malwarebytes.

    Reboot your computer.

    posted using Outdoor Hub Campfire
     

  3. BSA70

    BSA70

    Joined:
    Aug 14, 2007
    Messages:
    1,936
    Likes Received:
    187
    Location:
    NC

    thankyou!
     
  4. Detectorist

    Detectorist

    Joined:
    Jul 16, 2008
    Messages:
    17,062
    Likes Received:
    6,269
    Location:
    Missouri
    If it won't even boot up in Safe Mode, you might have to download a rescue disc, like Avira.
     
  5. sappy13

    sappy13

    Joined:
    Sep 30, 2007
    Messages:
    2,666
    Likes Received:
    1
    Location:
    Bremen, GA
    you will most likely need to use a rescue cd or hook that hdd up to another computer to scan. Remote regedit could also be used to kill the startup key. If you can get into safemode and not have it boot you are extremely lucky. The last couple that i have removed had both regular and safemode totally locked down.
     
  6. Chesafreak

    Chesafreak

    Joined:
    Nov 8, 2011
    Messages:
    2,192
    Likes Received:
    176
    Location:
    Chesapeake, VA
    One of our users in the office gets this one repeatedly. We do a system restore and its gone with no loss of user files. I keep asking my firewall administrator to block it at the firewall but he hasn't followed through on that yet.
     
  7. Don H

    Don H

    Joined:
    Dec 9, 2005
    Messages:
    4,371
    Likes Received:
    205
    Location:
    Washington State
    ^This seems like the easiest solution, if you can just restore it to a date prior to infection and then run a few scans to be sure after it has been restored.
     
  8. Brian12

    Brian12

    Joined:
    Apr 22, 2012
    Messages:
    6
    Likes Received:
    0
    Last edited: Dec 29, 2012
  9. IndyGunFreak

    IndyGunFreak

    Joined:
    Jan 26, 2001
    Messages:
    26,675
    Likes Received:
    1,986
    Location:
    Indiana
  10. Bren

    Bren NRA Life Member

    Joined:
    Jan 16, 2005
    Messages:
    46,297
    Likes Received:
    16,550
    Location:
    Kentucky
    I have gotten rid of the FBI virus twice, using nothing but online instructions (good to have 2 computers) and free software. It wasn't hard. I used the instructions here: http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware
     
  11. prism

    prism more ammo

    Joined:
    Sep 26, 2002
    Messages:
    1,467
    Likes Received:
    42
    Location:
    Indiana
    http://portableapps.com/apps

    this site has some antivirus/antispyware software which can run from a usb thumb drive.

    I would download it onto a thumb drive, update it, then copy it onto your harddrive and run it from the harddrive. that way you have it on both the usb and the hard drive.
     
  12. Thornhammer

    Thornhammer

    Joined:
    Dec 19, 2012
    Messages:
    28
    Likes Received:
    0
    By far the easiest way to solve the problem. I did this on two different machines - the first time I spent hours trying to purge the problem before coming across the system restore idea, and it worked straight away. The second time, I didn't mess with anything else, system restore fixed it immediately.
     
  13. Dragline

    Dragline

    Joined:
    Nov 5, 2003
    Messages:
    4,721
    Likes Received:
    2,497
    Location:
    Coastal SC
    Some of the latest versions of the trojan ransom prevent boot up in safe mode, prevent successfully doing a system restore, and will not allow the infected computer to perform any function that would enable a scan from a flash drive or CD.

    At this point what is likely required for removal is to install the infected hard drive as a non boot drive in another computer and then performing a removal scan using malwarebytes for instance.

    These trojans are getting nastier and tougher to remove all the time and are fully capable of blowing right by many of the top rated AV programs.
     
  14. Chesafreak

    Chesafreak

    Joined:
    Nov 8, 2011
    Messages:
    2,192
    Likes Received:
    176
    Location:
    Chesapeake, VA
    I just converted another person from Windows to Ubuntu after they got the FBI virus last week. They got tired of paying for virus removal and asked me how to stop it. The downside to how many people I have converted to Ubuntu is I lose money because they don't need me anymore.
     
  15. Toyman

    Toyman

    Joined:
    May 6, 2003
    Messages:
    2,600
    Likes Received:
    36
    Location:
    West Michigan