FBI virus

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

FBI virus

Post by Celina268 on Sat 26 Jan 2013, 6:17 am

We are infected with the FBI virus. I cannot start in safe mode. I know I need a boot disc so I am out buying a CD and flash now. After that, I have no idea how to make a boot disc or what to do next. Of course this happens with my presentation due Monday!!! Thank you for your help! (We have Windows 7 desktop)

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: FBI virus

Post by Superdave on Sat 26 Jan 2013, 6:27 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Download Farbar Recovery Scan Tool and save it to a flash drive.

Depending on your type of system, you will have to select 32-bit or 64-bit accordingly. How do I tell?

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.


Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI virus

Post by Celina268 on Sat 26 Jan 2013, 9:10 am

When I did that, the computer response was "The subsystem needed to support the image type is not present." I used a cd. I tried a flash, but the computer would not recognize it was there.

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: FBI virus

Post by Celina268 on Sat 26 Jan 2013, 9:15 am

I out the flash in the laptop, it's shot. Brand new too. Dang virus. We'll have to rely on CDs from now on. I am out of flashes.

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: FBI virus

Post by Celina268 on Sat 26 Jan 2013, 9:32 am

I should also note that when I open the disc in the infected computer, it's empty, but if I check it on a non-infected comuter, it shows the farbar Recovery Scan tool.

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: FBI virus

Post by Superdave on Sat 26 Jan 2013, 10:15 am

Ok. Let's try a different recovery disk.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  • Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI virus

Post by Celina268 on Sat 26 Jan 2013, 3:59 pm

Ok, I can't get it to boot from the cd more than once, (i don't think anyway.) I get to the boot screen by pressing F12. and I get a screen that says Please select boot device:
ST3750528AS
HL-DT-ST DVDRAM GH41N
Generic- Compact
Generic- SM/xD-Picture
Generic- SD/MMC
Generic- MS/MS-Pro/HG
Generic- SD/MMC/MS/MSPRO

I choose the DVDRAM one and it brought my to the windows login. I put in my password...and it white screened and gave my the FBI thing again. Sooooo, I don't know what I did wrong. I have the burnt cd with the OTLPE on ii in the drive. Ugh. I am getting frustuated now.

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: FBI virus

Post by Celina268 on Sat 26 Jan 2013, 4:02 pm

I can tap F8 too, try opening in safemode and the same thing happens.

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: FBI virus

Post by Superdave on Sun 27 Jan 2013, 6:22 am

Please try your OTLPE recovery disk in another computer to see if it was created correctly.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI virus

Post by Celina268 on Sun 27 Jan 2013, 10:20 am

When I put in in my laptap it loads and opens and you can see the FRST Farbar File, so I assume it burned onto the disc. It's there when I put it in the laptop.

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: FBI virus

Post by Superdave on Sun 27 Jan 2013, 10:25 am

Celina268 wrote:When I put in in my laptap it loads and opens and you can see the FRST Farbar File, so I assume it burned onto the disc. It's there when I put it in the laptop.
If your going with the Farbar Recovery Scan tool you will need to use a flashdrive.
If you use the OTLPE Recovery disk you can use a disk.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI virus

Post by Celina268 on Sun 27 Jan 2013, 10:30 am

BLech, I had something else in there. The OTLPE didn't burn right. I am trying again.

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: FBI virus

Post by Superdave on Sun 27 Jan 2013, 10:48 am

Celina268 wrote: BLech, I had something else in there. The OTLPE didn't burn right. I am trying again.
Remember, the OTLPE is an ISO image and will need to be burned using an ISO image burner. There is one in the instructions.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI virus

Post by Celina268 on Sun 27 Jan 2013, 10:51 am

I have burned it twice. with Active ISo burner

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: FBI virus

Post by Celina268 on Sun 27 Jan 2013, 10:54 am

The first time I burned it, I went through the files and added it to the spot. THe second time I burned it I dragged it from the desktop into the burner. Each time it said it burn succesfully and ejected. When I open the CD there isn't anything in there. I don't have rewritables (and I only have 2 CDs left). I tried to reuse the CD but it won't let me, so there is something on it.

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: FBI virus

Post by Superdave on Sun 27 Jan 2013, 11:18 am

Celina268 wrote:The first time I burned it, I went through the files and added it to the spot. THe second time I burned it I dragged it from the desktop into the burner. Each time it said it burn succesfully and ejected. When I open the CD there isn't anything in there. I don't have rewritables (and I only have 2 CDs left). I tried to reuse the CD but it won't let me, so there is something on it.
That's why I always use RW's. You will know it is burned correctly when you can boot your computer with the disk. Don't forget you may have to re-configure your BIOS to boot from the disk.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI virus

Post by Celina268 on Sun 27 Jan 2013, 11:34 am

How will I know it's booting through the disc properly? I did that last night, changed the BIOS to boot from DVDRAM, but I think it only let me do it once. Each time I tried to restart, I had to re-configure again. Also, I only get one screen, (i posted previous) and pick DVDRAM. That's correct, right? THe other question I have is I wasn't sure when to place the CD in the infected computer since it's off and has to boot throught the disk and I have to reconfigure it to reboot through the disk, and all that. So those steps might be helpful. What was happening was after I re-configured, it went right to my login screen. I wasn't sure if it should have restarted itself to boot through the disk or not??

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: FBI virus

Post by Superdave on Sun 27 Jan 2013, 12:18 pm

How will I know it's booting through the disc properly? I did that last night, changed the BIOS to boot from DVDRAM, but I think it only let me do it once. Each time I tried to restart, I had to re-configure again. Also, I only get one screen, (i posted previous) and pick DVDRAM. That's correct, right?
Yes, your BIOS should always be set to boot from the disk drive.
THe other question I have is I wasn't sure when to place the CD in the infected computer since it's off and has to boot throught the disk and I have to reconfigure it to reboot through the disk, and all that
You should place the disk in the drive then re-boot.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI virus

Post by Celina268 on Sun 27 Jan 2013, 12:57 pm

Ok, I inserted the CD, which I believed burned correctly, and booted the infected computer and did NOT get REATOGO-X-PE so I am thinking it didn't burn correctly. (i inserted the CD, made sure it was booting from DVDRAM and shut it down and turned it back on. When I turned it on it came to my log in screen, I entered my password nad then it acted like it was going to my desktop and turned white again.) I think I may need a different ISO Burner. Or maybe I am not using the burner correctly. With the iso link, which one would you pick?

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: FBI virus

Post by Superdave on Sun 27 Jan 2013, 2:02 pm

I think I may need a different ISO Burner. Or maybe I am not using the burner correctly. With the iso link, which one would you pick?
Imgburner is my favourite burner. Just double-click on the OTLPE file and it should load Imgburner and then burn the ISO.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI virus

Post by Celina268 on Sun 27 Jan 2013, 3:47 pm

Ok, I've downloaded Imgburner. I've never used this one before. When I double click on OTLPE it comes up with a box the wants me to run or cancel. If I open Imgburner I have the option(s) to "write image file to disk" or "write files/folders to disk" (and the others-which I am sure you are versed in). I didn't chose an option since I haven't used this before. Can I drag OTLPE into Imgburner? Or is there a different way to burn it?

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: FBI virus

Post by Superdave on Mon 28 Jan 2013, 6:20 am

Celina268 wrote:Ok, I've downloaded Imgburner. I've never used this one before. When I double click on OTLPE it comes up with a box the wants me to run or cancel. If I open Imgburner I have the option(s) to "write image file to disk" or "write files/folders to disk" (and the others-which I am sure you are versed in). I didn't chose an option since I haven't used this before. Can I drag OTLPE into Imgburner? Or is there a different way to burn it?
You need to choose "write image file to disk" because it's a ISO file. Double-click on the OTLPE file and it will open Imgburner and the ISO file path will be there at the top. Insert your disk and click "write" at the bottom.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI virus

Post by Celina268 on Mon 28 Jan 2013, 9:24 am

When I double click on OTLPE it says "invalid or unsupported image file format"

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: FBI virus

Post by Celina268 on Mon 28 Jan 2013, 9:49 am

OK....I don't know why I decided to try, but I decided to try booting the infected computer in safe mode with comand prompt and it did! I typed 'explorer' in the command (because I remember that from somewhere) and now I sit waiting. I don't want to do anything because I have no idea what to do next, but I am in a safe mode. I hope you're back soon!

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: FBI virus

Post by Superdave on Mon 28 Jan 2013, 10:02 am

Ok. Please try running this is Safe Mode. If successful, try running it in Normal Mode.

Malwarebytes' Anti-Malware (MBAM)

If you already have Malwarebytes be sure to check for updates before scanning!


Download Malwarebytes Anti-Malware and save it to your desktop. Alternate download link

•Double-click mbam-setup.exe and follow the prompts to install the program.

•Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

•If an update is found, it will download and install the latest version.
•Once the program has loaded, select Perform Quick Scan, then click Scan.

•When the scan is complete, click OK, then Show Results to view the results.

•Be sure that everything is checked, and click Remove Selected.

•When completed, a log will open in Notepad. Save it to a convenient location like the Desktop.

•The log is also automatically saved and can be viewed later by clicking the Logs tab in MBAM.

Copy and Paste the contents of the report in your reply.

•Exit MBAM.
.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI virus

Post by Sponsored content Today at 7:37 pm


Sponsored content


Back to top Go down

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum