The FBI scam virus in essence locks your computer on a scam screen stating you broke some law about pornography (not that ANYONE on this site would watch porn on their computers) or bestiality or whatever. You could also go to jail etc., BUT pay a $200 or $300 with a moneypack card in 72 hours - all will be forgiven and your computer will be unlocked. This is what is referred to a "ransom ware" . OF course it's BS. However it is one of the more common virus out there today. There are at least a half dozen threads on this site about variations of the virus.
OK - I caught this bad boy the other day and it was tricky to fix. There are thousands of threads and commercial sites that propose to fix this. Here's the problem. If you only have the one account set up on your computer, you can't even get on the internet. And even if you have another account on your computer, the frozen one is probably your main account with administrative rights, which you are going to need. You can't even access the frozen account by starting in the safe mode because the latest version of the virus reboots your computer. I'm going to give simple instructions on how to beat this thing.
*turn off your computer
*turn on your computer while tapping F8
* a black & white screen will come up with various options that you can arrow to. Arrow to the option "Safe Mode with Command Prompt.
*Your normal choice of accounts will come up. Log on the main one as you would always do and you will get a command prompt like this: WINDOWS/System32/. Type w/o the quotes "control.exe".
*The control panel will come up in a goffey font - navigate to user accounts.
* set up a new user account - call anything you want, but give it administrator rights NOT standard.
* shut down your computer and then restart it normally. Open your new account, go to the internet to this addy: http://www.surfright.nl/en/products/ and download hitmanPro. Make sure you get the correct one - there's a 32 and 64 bit version. Do not download before you need it - they only give you a 30 day free trial. Then go here and download the free version of Malwarebytes: http://www.malwarebytes.org/lp/malware_lp_form/ and update it as needed.
*restart your computer tapping F8 until the B&W screen comes up. Arrow down to safe mode with networking and hit enter. Sign in to your new account and run hitman. When that finishes and you let it clean up what it found run a full scan (not a quick scan) with Malwarebytes - this could take hours. Clean anything it finds.
* restart your computer and sign into your regular account. Should be just fine.
Hopefully I saved someone the hours of agony these bastards cost me. Of course for good reason - I would never let a computer store or a remote geek have access to my computer, so I had to do it.
- ftime
- 04-24-2013, 04:07 PM
- ElumEno
- 04-24-2013, 05:35 PM
Damn good info... Hell I vote to sticky this one.
The scam has hit quite a few people that I know.
The scam has hit quite a few people that I know.
- Capt. Lincoln F. Stern
- 04-24-2013, 09:46 PM
oh I hate this one..
- joesmo888
- 04-25-2013, 10:43 AM
you don't need to do all this nonsense.
all you do is go into safe mode with networking. bring up system restore, click on that.. restore to the day before before you got the virus and then let your computer re-set. as simple as that
works on any virus, spyware whatever you happen to catch.
also good to do if your computer suddenly starts running slow.
all you do is go into safe mode with networking. bring up system restore, click on that.. restore to the day before before you got the virus and then let your computer re-set. as simple as that
works on any virus, spyware whatever you happen to catch.
also good to do if your computer suddenly starts running slow.
- Capt. Lincoln F. Stern
- 04-25-2013, 12:19 PM
I still say install a Linux distro (or use a Mac which is based on FreeBSD Unix) and not worry about it
If your email is web based (yahoo, google, etc) and all you need is a browser and basic office then a linux distro will serve you better..
If your email is web based (yahoo, google, etc) and all you need is a browser and basic office then a linux distro will serve you better..
- Jewish Lawyer
- 04-25-2013, 01:07 PM
Alternately, mark the time you got nailed, boot up in safe mode, delete the new files created at the time. I've had to do it several times...
- ftime
- 04-25-2013, 02:48 PM
The latest version of the virus DOES NOT allow a boot up in safe mode or safe mode with networking. A different version of the virus disallows restore function. So close - but no cigar. People attempting the safe mode with networking will merely create a perpetual circle. And "all that nonsense" removes any chance of the original infection returning.
Virus spec: no boot up in safe mode with networking or safe mode. Restore function disabled. Tried all the easy stuff first. Wouldn't have spent the time if it had worked.
Virus spec: no boot up in safe mode with networking or safe mode. Restore function disabled. Tried all the easy stuff first. Wouldn't have spent the time if it had worked.
- joesmo888
- 04-25-2013, 02:58 PM
The latest version of the virus DOES NOT allow a boot up in safe mode or safe mode with networking. A different version of the virus disallows restore function. So close - but no cigar. People attempting the safe mode with networking will merely create a perpetual circle. And "all that nonsense" removes any chance of the original infection returning.in that case what you do is re-boot into safe mode with command prompt instead. put in explorer and then bam you are in. then from there you can bring up system restore.
Virus spec: no boot up in safe mode with networking or safe mode. Restore function disabled. Tried all the easy stuff first. Wouldn't have spent the time if it had worked. Originally Posted by ftime
i'm not a computer geek at all btw, this is stuff i learned in college
- ftime
- 04-25-2013, 04:01 PM
You lost me. You put in explorer and do what? You left out six steps. I really don't know if you can get to a restore function that way, but I suspect it would be harder. And if the original virus was some kind of program - restore won't work. If your suggesting downloading the software in the safe mode on the infected account - seems possible. Not an easy solution. If you would like, I'll send you a link from the source of the original infection. Then you can try to test your concept. Just messin' with ya. Don't think that will work or is any easier. But it is an opinion. My solution worked - so it's a fact. Seriously - restore will not fix all things.
- Jewish Lawyer
- 04-25-2013, 07:47 PM
How about a drone strike on the bastards who created the file?
- ftime
- 04-25-2013, 07:58 PM
Because we don't have the technology to find them.
- mirandalee
- 04-25-2013, 08:46 PM
I got this awhile back all u gotta do is turn the computer off then hit the F2 button when u power back on the computer and set your internet to a different day you were on the internet. This is what I did to bypass this. When you click on system resore just pick a different date u were on the internet.
- thehighlander
- 04-25-2013, 08:48 PM
This FBI Money Pak Scam is from Downloading a so called add on that some website says u must install in order to watch free porn. My Friend got it from downloading a ADD ON
It feeds into your registery and doesn't show much immediately...Takes about 3-5 days and all of the sudden is locks out everything... The only Good way to Clean it is to wipe the system to "Factory"
I suggest for my friends that people have 2 computers at home...One with essential files should not be used to watch porn...and download or stream "Free" stuff from internet
It feeds into your registery and doesn't show much immediately...Takes about 3-5 days and all of the sudden is locks out everything... The only Good way to Clean it is to wipe the system to "Factory"
I suggest for my friends that people have 2 computers at home...One with essential files should not be used to watch porn...and download or stream "Free" stuff from internet
- Capt. Lincoln F. Stern
- 04-25-2013, 10:50 PM
There is an alternative way (actually 2) both require a separate CLEAN system. Using the clean system you download and create a BOOTABLE thumbdrive with scanners on it.. there are some linux distros pre-created for this and can work.
The other way requires a USB to SATA/PATA adapter, you remove the infected drive, connect it up the usb adapter cable, spin up the drive on an external power brick the adapter came with (if its a 3.5 inch drive) then scan using the CLEAN system to scan drive letter ____ (whatever it was assigned.)
I have scanned desktop drives with a laptop and get good results.
The other way requires a USB to SATA/PATA adapter, you remove the infected drive, connect it up the usb adapter cable, spin up the drive on an external power brick the adapter came with (if its a 3.5 inch drive) then scan using the CLEAN system to scan drive letter ____ (whatever it was assigned.)
I have scanned desktop drives with a laptop and get good results.
- ftime
- 04-26-2013, 07:51 AM
I thought I would share these pearls from the Microsoft website. BTW - I attempted system restore before using my method. The malware tricks the registry into to thinking that evil piece that was added had always been there. Restore works on some things - NOT everything.
Hi,
Using System Restore when there is malware present may result in the Restore Points being
infected as well. So its usually best to remove the malware before using System Restore if
at all possible. There are some malware infections that it is ok to use System Restore to
remove however unless one is very sure it is best not to do so.
If you need to check for malware here are my recommendations - these will allow you to do
a thorough check and removal without ending up with a load of spyware programs running
resident which can cause as many issues as the malware and maybe harder to detect as the
cause.
No one program can be relied upon to detect and remove all malware. Added that often easy
to detect malware is often accompanied by a much harder to detect and remove payload. So
its better to be overly thorough now than to pay the high price later. Check with these to an
extreme overkill point and then run the cleanup only when you are very sure the system is clean.
These can be done in Safe Mode - repeatedly tap F8 as you boot however you should also run
them in regular Windows when you can.
TDSSKiller.exe. - Download to the Desktop - then go to it and Right Click on it - RUN AS ADMIN
it will show any infections in the report after running - if it will not run change the name from
tdsskiller.exe to tdsskiller.com. Whether it finds anything or not does not mean you should not
check with the other methods below.
http://support.kaspersky.com/viruses/solutions?qid=208280684
Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone.
(If Rootkits run UnHackMe)
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
Malwarebytes - free
http://www.malwarebytes.org/
Run the Microsoft Malicious Removal Tool
Start - type in Search box -> MRT find at top of list - Right Click on it - RUN AS ADMIN.
You should be getting this tool and its updates via Windows Updates - if needed you can
download it here.
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)
Microsoft Malicious Removal Tool - 32 bit
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
Microsoft Malicious Removal Tool - 64 bit
http://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en
also install Prevx to be sure it is all gone.
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other
security programs. This is a scanner only, VERY EFFECTIVE, if it finds something come back
here or use Google to see how to remove.
http://www.prevx.com/ <-- information
http://info.prevx.com/downloadcsi.asp <-- download
PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp
Try the trial version of Hitman Pro :
Hitman Pro is a second opinion scanner, designed to rescue your computer from malware
(viruses, trojans, rootkits, etc.) that have infected your computer despite all the security
measures you have taken (such as anti virus software, firewalls, etc.).
http://www.surfright.nl/en/hitmanpro
--------------------------------------------------------
If needed here are some online free scanners to help
http://www.eset.com/onlinescan/
New Vista and Windows 7 version
http://onecare.live.com/site/en-us/center/whatsnew.htm
Original version
http://onecare.live.com/site/en-us/default.htm
http://www.kaspersky.com/virusscanner
Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antiv irus+free+online+scan&aq=f&oq= &aqi=g1
--------------------------------------------------------
Also do these to cleanup general corruption and repair/replace damaged/missing
system files.
Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup
Start - type this in Search Box -> COMMAND find at top and RIGHT CLICK -
RUN AS ADMIN
Enter this at the prompt - sfc /scannow
How to analyze the log file entries that the Microsoft Windows Resource Checker
(SFC.exe) program generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228
Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.
How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html
Also from the MS site for you restore fanatics:
System Restore almost always cannot remove a virus/malware and in most cases, will make things worse by masking the effects of the virus for a short time while it continues to do damage to a system. Use System Restore after using both a good antivirus (a couple of good free ones are out there such as Microsoft Security Essentials, Avast and AVG) AND a good antimalware/antispyware program (Malwarebytes and Superantispyware are good free examples) if your system still has difficulties. If after antimalware programs and System Restore have been used and the system is still unstable, a reload of the operating system is probably required, which is generally beyond the scope of most home users.
Spirit13 - Linux, removing drive could work, but well beyond most users abilities. Again I would contend, many users on this board wouldn't be comfortable allowing others to work on their computer.
Hi,
Using System Restore when there is malware present may result in the Restore Points being
infected as well. So its usually best to remove the malware before using System Restore if
at all possible. There are some malware infections that it is ok to use System Restore to
remove however unless one is very sure it is best not to do so.
If you need to check for malware here are my recommendations - these will allow you to do
a thorough check and removal without ending up with a load of spyware programs running
resident which can cause as many issues as the malware and maybe harder to detect as the
cause.
No one program can be relied upon to detect and remove all malware. Added that often easy
to detect malware is often accompanied by a much harder to detect and remove payload. So
its better to be overly thorough now than to pay the high price later. Check with these to an
extreme overkill point and then run the cleanup only when you are very sure the system is clean.
These can be done in Safe Mode - repeatedly tap F8 as you boot however you should also run
them in regular Windows when you can.
TDSSKiller.exe. - Download to the Desktop - then go to it and Right Click on it - RUN AS ADMIN
it will show any infections in the report after running - if it will not run change the name from
tdsskiller.exe to tdsskiller.com. Whether it finds anything or not does not mean you should not
check with the other methods below.
http://support.kaspersky.com/viruses/solutions?qid=208280684
Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone.
(If Rootkits run UnHackMe)
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
Malwarebytes - free
http://www.malwarebytes.org/
Run the Microsoft Malicious Removal Tool
Start - type in Search box -> MRT find at top of list - Right Click on it - RUN AS ADMIN.
You should be getting this tool and its updates via Windows Updates - if needed you can
download it here.
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)
Microsoft Malicious Removal Tool - 32 bit
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
Microsoft Malicious Removal Tool - 64 bit
http://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en
also install Prevx to be sure it is all gone.
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other
security programs. This is a scanner only, VERY EFFECTIVE, if it finds something come back
here or use Google to see how to remove.
http://www.prevx.com/ <-- information
http://info.prevx.com/downloadcsi.asp <-- download
PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp
Try the trial version of Hitman Pro :
Hitman Pro is a second opinion scanner, designed to rescue your computer from malware
(viruses, trojans, rootkits, etc.) that have infected your computer despite all the security
measures you have taken (such as anti virus software, firewalls, etc.).
http://www.surfright.nl/en/hitmanpro
--------------------------------------------------------
If needed here are some online free scanners to help
http://www.eset.com/onlinescan/
New Vista and Windows 7 version
http://onecare.live.com/site/en-us/center/whatsnew.htm
Original version
http://onecare.live.com/site/en-us/default.htm
http://www.kaspersky.com/virusscanner
Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antiv irus+free+online+scan&aq=f&oq= &aqi=g1
--------------------------------------------------------
Also do these to cleanup general corruption and repair/replace damaged/missing
system files.
Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup
Start - type this in Search Box -> COMMAND find at top and RIGHT CLICK -
RUN AS ADMIN
Enter this at the prompt - sfc /scannow
How to analyze the log file entries that the Microsoft Windows Resource Checker
(SFC.exe) program generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228
Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.
How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html
Also from the MS site for you restore fanatics:
System Restore almost always cannot remove a virus/malware and in most cases, will make things worse by masking the effects of the virus for a short time while it continues to do damage to a system. Use System Restore after using both a good antivirus (a couple of good free ones are out there such as Microsoft Security Essentials, Avast and AVG) AND a good antimalware/antispyware program (Malwarebytes and Superantispyware are good free examples) if your system still has difficulties. If after antimalware programs and System Restore have been used and the system is still unstable, a reload of the operating system is probably required, which is generally beyond the scope of most home users.
Spirit13 - Linux, removing drive could work, but well beyond most users abilities. Again I would contend, many users on this board wouldn't be comfortable allowing others to work on their computer.