"FBI Computer Locked"

View previous topic View next topic Go down

"FBI Computer Locked"

Post by killem123 on 27th March 2013, 9:27 pm

Not sure how it happened - but my computer has locked up with a bogus "FBI" logo and message requesting $300 to "unlock" my computer (what a bunch of crap!). After rebooting, the same message (FBI / locked computer) appears on the screen. Not sure why my Trend Micro virus software allowed this to happen...but guess that's a separate matter. What I've done so far:

1. Was able to boot the infected computer in Safe mode.

2. Per your site's instruction, I saved the adwcleaner and Malwarebytes programs onto a thumb drive on a separate (uninfected) computer and ran them on the infected computer (was unable to run directly from the internet on the infected computer.)

3. After running the programs, both indicated no viruses were found...making me wonder if I properly installed the programs. Here's the log file from AdwCleaner:

# AdwCleaner v2.115 - Logfile created 03/27/2013 at 14:37:09
# Updated 17/03/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Allred - ALLRED_FAMILY
# Boot Mode : Safe mode
# Running from : J:\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Public\Desktop\eBay.lnk

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKU\S-1-5-21-3750444814-3653419749-3341479254-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16519

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Allred\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1283 octets] - [27/03/2013 13:53:28]
AdwCleaner[R2].txt - [1218 octets] - [27/03/2013 14:37:09]

########## EOF - C:\AdwCleaner[R2].txt - [1278 octets] ##########

=================================================================

4. Note: when I ran Malwarebyte set-up program I got a couple of error msgs saying "a problem has occurred". I clicked 'ok' in the error msg dialog box and the program appeared to keep installing/running (I later rec'd a msg saying something about the subscription being outdated 102 days, etc.) but eventually was presented a screen that offered "Quick" or "Full" scans. I selected "Full scan" as your site instructed) and the computer chunked away for 30 minutes. Here is the resulting log file:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
[You must be registered and logged in to see this link.]

Database version: v2012.12.14.11

Windows 8 x64 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16519
Allred :: ALLRED_FAMILY [administrator]

Protection: Disabled

3/27/2013 2:02:10 PM
mbam-log-2013-03-27 (14-02-10).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 435316
Time elapsed: 32 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
========================================================

***After getting "no malicious" items, I set the infected computer to boot in Normal mode and re-booted to see if somehow the problem had resolved itself...but after logging into the computer I immediately got the same bogus FBI / computer locked screen.

Hope you can HELP!!!! - Thank you!

killem123
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-04-13
OS OS : XP
Points Points : 24354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "FBI Computer Locked"

Post by Superdave on 28th March 2013, 1:09 am

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
****************************************************************
That's really weird because MBAM is supposed to take care of that malware.

Remove the Adware:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

*************************************************************
Save these instructions so you can have access to them while in Safe Mode.

Please click [You must be registered and logged in to see this link.] to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "FBI Computer Locked"

Post by killem123 on 4th June 2013, 7:35 pm

Dave - Shortly after this issue surfaced, through rebooting in Safe mode, etc. my virus software (somehow?) seemed to clean the virus and my computer began functioning normally again.

My apology for the long delay in closing the loop on this matter. I greatly appreciate your effort to help!

killem123
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-04-13
OS OS : XP
Points Points : 24354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "FBI Computer Locked"

Post by Superdave on 4th June 2013, 10:34 pm

You really should run the AdwCleaner to delete those items. We should also run a few more scans to make sure everything is gone.You will be surprised what we will find.

Please download [You must be registered and logged in to see this link.] to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum