Sign in to follow this  
Followers 0
Rex Block

Malware Help

32 posts in this topic

Got hit last week. I picked it up surfing porn from Tube Galore. The "FBI" wanted me to pay a fine with an online money order service.

Fortunately (?) I have a surefire way of forcing my computer to die, providing me with an opportunity to bring it up in Safe Mode. From there I located & removed spurious entries in my Start menu.

Edited by boink36
Why post a link to a virus?
0

Share this post


Link to post
Share on other sites

Lmao had to take my lap top in for this virus my IT guy called it the FBI green dot virus even though had to take lap top in to have it removed thought it was really funny first time for me using phone will be back online Monday hopefully

0

Share this post


Link to post
Share on other sites

Or you could install security software on your PC that would probably block the malware from installing in the first place ...

p.s. "From there I located & removed spurious entries in my Start menu." Doing that only removes the links to the programs (in your Start menu), the malware programs are probably still installed on your computer.

0

Share this post


Link to post
Share on other sites

Not really concerned because that computer is on the 'about to be retired' list. I've just been using it while I adapt myself from Vista to Windows 8. The McAfee on the old computer had not been updated in a while.

0

Share this post


Link to post
Share on other sites

This is why I run custom Android ROMS on my phones that I compile myself. I can be sure that I don't get any of this malware shit on my phone. I know exactly what is running on it at all times and I can even turn off the GPS tracker and/or radio if I don't want to be tracked.

The worst is the Chinese Android phones that are purchased on ebay that come with Android ROMS that have Malware built into the OS itself. It's very difficult to remove it. I had to trash a phone the other day because the effort to remove the malware was not worth the time/money invested.

Also most phones these days have 2 batteries. One lithium ion battery and another watch type battery embedded deep in the phone to keep the GPS tracker running for emergency (read LE) purposes. [ It's basically to locate you if you are in distress and your main battery power is dead ].

I usually remove the watch battery and take out the main battery if I don't want my GPS coords tracked by big brother/telcos.

The best hobby phones are those that are extremely simple with no GPS tracker chips in them.

MtnDew

0

Share this post


Link to post
Share on other sites

Or stop running Microsoft Windows OS, which is crap IMO. Just my view though. Either get a MACbook or run Linux and you won't have any problems with malware or viruses at all.

Windows8 is a freaking joke. You couldn't pay me enough to run that crap OS.

MtnDEw

Or you could install security software on your PC that would probably block the malware from installing in the first place ...

p.s. "From there I located & removed spurious entries in my Start menu." Doing that only removes the links to the programs (in your Start menu), the malware programs are probably still installed on your computer.

0

Share this post


Link to post
Share on other sites
Or you could install security software on your PC that would probably block the malware from installing in the first place ...

I'm pretty well protected, but it go through anyway. WinPatrol apparently tried to stop it, but couldn't load in time. Luckily I was able to boot to Safe Mode and start up MalwareBytes which got rid of it.

0

Share this post


Link to post
Share on other sites
Or stop running Microsoft Windows OS, which is crap IMO. Just my view though. Either get a MACbook or run Linux and you won't have any problems with malware or viruses at all.

Windows8 is a freaking joke. You couldn't pay me enough to run that crap OS.

MtnDEw

Too bad about 90% of the software market doesn't support either of those formats, which is why unfortunately Windows is the big target for people making malware and viruses.

0

Share this post


Link to post
Share on other sites

Still having lap top worked on IT guy still having trouble getting rid of this virus told me this virus if not totally removed will just take over again rebooting in safe mode helps but virus still there spreading

0

Share this post


Link to post
Share on other sites

Man, I don't know half of what the fuck you guys are talking about, malware, safe mode, linux, I just turn on my computer and look at naked ladies. I must have more spyware, malware, whateverware on my system, even my malware fights with other malware which is probably why my computer still works. It is such a cesspool of spyware that even the viruses get sick and can't work. Ahhh, the bliss of ignorance.

0

Share this post


Link to post
Share on other sites

Man, this is a bunch of incompetent sissies blabbing about stuff they read on the interwebs.

If you picked up a "ransomware" virus, your only recourse is to have someone "wipe the machine clean" and reinstall your OS and all your files, which, hopefully, you've backed up somewhere.

0

Share this post


Link to post
Share on other sites
Man, this is a bunch of incompetent sissies blabbing about stuff they read on the interwebs.

If you picked up a "ransomware" virus, your only recourse is to have someone "wipe the machine clean" and reinstall your OS and all your files, which, hopefully, you've backed up somewhere.

Exactly what I am having done now

0

Share this post


Link to post
Share on other sites

The so called ransomware virus installs easily, often all it takes is visiting a website or clicking on an innocent looking link.

Perpetrators have gotten smarter at this: they've created legit-looking webpages, written in much better English compared to the early days of malware.

The demand for payment in exchange for unlocking your computer is often accompanied by a mugshot of you looking stupidly into your monitor. Why? They've hijacked your webcam as well (easily done).

You are asked to pay with one of these "one off" value coupons you can buy in Europe at every gas station. You enter the code, the payment goes through, and so goes your money. The payment can't be traced, and you have no recourse.

Needless to say, the thieves have no intention of unlocking your computer, so you're fucked, whether you pay or not.

Because the virus attaches itself deep into your system, a simple "virus scan" won't remove it.

My advice: 1) Immediately back up all your data, using, for example, Dropbox, Google Drive, SugarSync, SkyDrive. 2) Do not store sensitive information on your harddrive. 3) Keep program discs and serial# in a safe place.

If you catch ransomware, yank out your harddrive and start over.

And don't fall for these websites that offer you " a one click download to remove all malware", because these websites often are ransomware themselves.

0

Share this post


Link to post
Share on other sites
Exactly what I am having done now

Don't bother. Yank out the harddrive, buy a new one, start over.

0

Share this post


Link to post
Share on other sites
Don't bother. Yank out the harddrive, buy a new one, start over.

Depending on the severity of the "ransomware", some programs (like Combofix, for example) may be able to remove it. I've had lots of luck using programs like that in the past to remove particularly nasty infections. Although I have also encountered one or two instances where a complete reformat was necessary.

0

Share this post


Link to post
Share on other sites
Man, this is a bunch of incompetent sissies blabbing about stuff they read on the interwebs.

If you picked up a "ransomware" virus, your only recourse is to have someone "wipe the machine clean" and reinstall your OS and all your files, which, hopefully, you've backed up somewhere.

That's simply wrong. It most certainly is not the "only" recourse. Over the past year I've managed to clean the FBI virus on three different machines. All three were successfully cleaned and have had no signs of infection since.

There are several online "how-to's" on removing this malware. Most involve booting into safe mode, cleaning up a few register entries, searching for--and deleting--a couple of files, running a system scan and rebooting.

Reinstalling the OS is the last resort, especially if there are lots of apps installed. The latest fix (via Malwarebytes "quick scan") took all of 15 minutes; much less time than reinstalling the OS and reloading all the apps.

0

Share this post


Link to post
Share on other sites
That's simply wrong. It most certainly is not the "only" recourse. Over the past year I've managed to clean the FBI virus on three different machines. All three were successfully cleaned and have had no signs of infection since.

There are several online "how-to's" on removing this malware. Most involve booting into safe mode, cleaning up a few register entries, searching for--and deleting--a couple of files, running a system scan and rebooting.

Reinstalling the OS is the last resort, especially if there are lots of apps installed. The latest fix (via Malwarebytes "quick scan") took all of 15 minutes; much less time than reinstalling the OS and reloading all the apps.

I had a similar experience removing the fbi malware. I had to create a boot CD on another pc and it took my security provider a few days to update their virus definitions, but it was wiped clean and there are no issues over a month later.

0

Share this post


Link to post
Share on other sites

OK then, (if your computer gets the FBI ransom virus) definitely don't try the "Remove FBI Moneypack Virus: Free Virus Removal" procedure described here, because 2Big is sure it won't work :rolleyes:

By the way, I found the above link on the Symantec Norton (computer security software company) website, so at least this procedure is from a legitimate source and won't install still more malware on your system. See http://us.norton.com/ransomware/

Edited by N6_in_the_village
more info
0

Share this post


Link to post
Share on other sites

By the way, to clear one thing up - I'm not saying that the ransomware removal procedure on the Symantec Norton site (http://us.norton.com/ransomware/) is better than the one Rex Block listed on his original post (http://blog.malwarebytes.org/intelligence/2012/12/ransomware/). I'm just pointing out that well-known security software vendors are offering methods to remove the "FBI ransom" virus.

Actually, the procedure in Rex Block's link should be effective in more cases, because it is based on making and booting from a "rescue disk" (from another security software vendor, Kaspersky). The procedure given by Symantec Norton requires the capability to start your system in "Safe Mode with Networking" - but even "Safe Mode" could be blocked by the malware. The "rescue disk" method will allow you to at least boot up your computer and get started with the removal procedure.

Also, here are some warnings about the "FBI ransom" virus, from the FBI itself, and another gov'ment web site, the Internet Crime Complaint Center (IC3). Here's something to be aware of from the latest (Nov 30, 2012) warning:

In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud. Below is a screenshot of the new variation ...

So you need some assurance that your computer has been thoroughly checked and cleaned if your computer gets this (or any) virus.

http://www.ic3.gov/media/2012/121130.aspx

http://www.fbi.gov/scams-safety/e-scams

0

Share this post


Link to post
Share on other sites

As I was saying: 1. Drop a new harddrive into your computer. 2. Reinstall OS. 3. Done.

Or you could use the garbled procedure outlined in the post before mine.:cool:

0

Share this post


Link to post
Share on other sites
As I was saying: 1. Drop a new harddrive into your computer. 2. Reinstall OS. 3. Done.

Wrong again. (Twice in the same thread,even!) To wit: "3. Done." Your attempt at simplification falls short of the realities involved, unless, of course, you have no applications installed.

0

Share this post


Link to post
Share on other sites
... "3. Done." Your attempt at simplification falls short of the realities involved, unless, of course, you have no applications installed.

Ain't that the truth!

I bought a new machine almost a month ago and I'm still not completely transferred over to it.

0

Share this post


Link to post
Share on other sites

Or do like I did find a good IT guy and have him fix it. He told me he removed this virus from another computer said this virus is getting harder to remove.Should be back online tomorrow

0

Share this post


Link to post
Share on other sites

Having succeeded in disinfecting three machines of the FBI virus by different methods, I decided today to infect my old laptop (this machine) intentionally to test another approach that had worked on a more insidious virus a couple of years ago.

Went to a porn site where I know the FBI virus resides, opened up the URL, and in less than one minute--despite having the most current ESET Smart Security signatures--my laptop was infected. Couldn't do anything. No keyboard entry, no mouse control, no C-A-D to bring up task manager. Nada. Powered off the laptop. Rebooted, same thing. Tried once more. Same result. (In each case the desktop would appear for 2 seconds, then screen went gray, then the FBI warning and a solid freeze.

Rebooted in Safe mode. but that hung too. Didn't matter if I tried "with networking," "with DOS prompt," or just plain safe mode. If it didn't hang, it would show the Windows splash screen, then reboot. This was a deeper infestation than the other times I had successfully cleaned this virus.

Windows machines with multiple user accounts (mine is just such a machine) can logon as the System Administrator enabling them to maintain control of the machine and avoid the problems of many viruses. This allows the user to invoke deep-scan programs of choice, to edit registry entries and to delete suspicious files. But perhaps, most importantly, to do a system restore.

I logged on as Administrator, and up came the desktop. No sweat. No FBI warning. Next, went to Programs/Accessories/System Tools/System Restore. Picked the latest restore point--from last evening. My machine is set to do a system back up every night. Highly advisable, btw.....

Minutes later (less than 10) the restore completed and the machine rebooted. Came up as myself (not Administrator), desktop appeared and stayed up. Logged onto the boards, and here I am.

While I can't guarantee this will work in all cases, the exercise certainly demonstrates there are multiple ways to purge this virus, and many other viruses, without reloading the OS and apps.

Guessing that 2Big might not want to include IT experience/advisor on his resume, I nonetheless wish him and the rest of you virus-free machines! :D

0

Share this post


Link to post
Share on other sites

The average user can't tell a rescue disk from a Donna Summer disco medley.

Quote:

"This allows the user to invoke deep-scan programs of choice, to edit registry entries and to delete suspicious files. But perhaps, most importantly, to do a system restore."

Right, this is exactly what the average user can do.:cool:

0

Share this post


Link to post
Share on other sites
. . . I just turn on my computer and look at naked ladies. . . . Ahhh, the bliss of ignorance.

If this is you, take advice from MTNDEW and get a small laptop running on UBUNTU v12.04 - a variation of the LINUX OS. Dell builds this into some of their systems. I go to lots of the free porn forums- download movies, pics etc... My system is as stable today as when I installed the v7.10 system some 7 years ago! It's all you need to protect yourself from that kind of stuff. No virus/malware stuff to worry about. Break your Windoze computer and learn something new!

0

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0