Fake FBI Trojan Locked Up My PC! Help?

Post in 'DIY and General non-hearth advice' started by Hearth Mistress, May 29, 2013.

  1. Hearth Mistress

    Hearth Mistress
    Expand Collapse
    Minister of Fire

    Joined:
    Jan 24, 2012
    Messages:
    852
    Likes Received:
    616
    Loc:
    Pt Pleasant, PA (SE PA)
    I'm not completely computer stupid but this one is beyond me. It is a fake page that tells me the FBI knows I have stolen software, kiddie porn, etc and unless I go buy a $300 money order my computer will remained locked. It also warns that If I try to bypass the warning my hard drive will be erased. None of which is true or going to happen.

    However, I can't get it off, can't get into safe mode at all in anyway, it will let me select safe mode but immediately reboots in normal mode and the warning page is there. I cannot do anything and reading about how to fix it online all talks abut going into safe mode and selecting a previous restore point to get rid of it. While that has worked for many others, I can't get this sucker into safe mode, even unplugged from the internet, it goes right back to the warning page with no other controls.

    We run windows 7 home edition on a Dell about 2 years old. My cable provider and anti virus software provider told me that they can't prevent or control malware or trojan attacks because they are often downloading unbeknownst to the user on a picture or video. They can't possibly control all of the content out there.

    I have a work laptop and an iPad too but really want my home PC fixed so my hubby can use it again.

    Any ideas out there that don't require safe mode? I don't want to totally restore the computer if there is another option but don't trust myself to sit and do pages of reg edits either.

    Any info is appreciated!
     
    Collapse Signature Expand Signature

    Helpful Sponsor Ads!





  2. fossil

    fossil
    Expand Collapse
    Accidental Moderator
    Staff Member

    Joined:
    Sep 30, 2007
    Messages:
    10,527
    Likes Received:
    2,412
    Loc:
    Bend, OR
    Same thing happened to me. Win7 on a Dell desktop. Was careful to not fiddle around with anything, called a local professional computer dude who specializes in Windows and works from his home. Super guy, knew immediately what I was talking about. I took my computer to him, and the next day he called and said..."All done, cleaned up, tuned up a little, come get it". He charged me ~$100.00. No complaints. Found him in the phone book. It was a holiday...first place I called didn't answer...he did. Duh. I get occasional info e-mails from him. He's a pro. Rick
     
    Collapse Signature Expand Signature
  3. BrotherBart

    BrotherBart
    Expand Collapse
    Hearth.com LLC Mid-Atlantic Division
    Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    32,421
    Likes Received:
    9,635
    Loc:
    Northern Virginia
    Tough one. The only way I know to stomp it is by running malwarebytes from a USB flash drive. But that is from safe mode. <>
     
    Collapse Signature Expand Signature
  4. daveswoodhauler

    daveswoodhauler
    Expand Collapse
    Minister of Fire

    Joined:
    May 20, 2008
    Messages:
    1,847
    Likes Received:
    96
    Loc:
    Massachusetts
    My wife had a similar issue and I had to reformat the hard drive and start from scratch. Do you have the factory discs that came with the pc?
     
    Collapse Signature Expand Signature
  5. Hearth Mistress

    Hearth Mistress
    Expand Collapse
    Minister of Fire

    Joined:
    Jan 24, 2012
    Messages:
    852
    Likes Received:
    616
    Loc:
    Pt Pleasant, PA (SE PA)
    There are no "discs" sent out anymore, its on a partition of the hard drive, no recovery disks and since I can't get into safe mode, I can't access that partition or at least I don't think I can.

    I just looked at the boot sequence in the bios menu and it looks like I can boot from a USB device or CD. I think I can burn a cd from my laptop so maybe I'll try that before trying anything else.

    I hope the people who create this crap rot in hell!
     
    Collapse Signature Expand Signature
  6. heat seeker

    heat seeker
    Expand Collapse
    Minister of Fire

    Joined:
    Feb 25, 2011
    Messages:
    2,579
    Likes Received:
    380
    Loc:
    Northern CT
    I second that!
     
    Collapse Signature Expand Signature
  7. Dave A.

    Dave A.
    Expand Collapse
    Minister of Fire

    Joined:
    Mar 17, 2013
    Messages:
    614
    Likes Received:
    73
    Loc:
    SE PA
    First off, just want to make clear I'm not an expert on this.

    F8 Startup Options should include Safe mode with command prompt-- if you can get into that you might be able to access that partition.

    If you can get into safe mode command prompt, see:
    http://malwaretips.com/blogs/fbi-cybercrime-division-icspa-virus/
    about restoring to previous configuration via command prompt

    That link looks straightforward and promising if you haven't seen it yet.

    Note the msconfig step. I was thinking of suggesting trying that from regular mode as a remedy to prevent the loading of the virus at startup but apparently that won't work.

    Edit: If you can't get into safe mode-command prompt then you need to start at method 4 in the link -- loading Hitman pro onto a flash drive.

    Note: Hitman is offered as a 30 day free trial but installed on your flash drive only you shouldn't have to worry about it annoying you. I use Malwarebytes and can recommend it but know nothing about Hitman other than it's available at shareware sites as a trial and what I see on this page. If it's the only way to get into windows by booting from the flash drive with Hitman on it, seems worth the try.

    If for some reason you can't fix it and it looks like the only thing left is a reinstall of windows, it's probably a good idea to first try a "repair install". This is different from repair console. Repair install, if it is available as an option for you will keep your current installation but often fixes problems. Something to consider.

    In the future, for safer browsing and downloading, you might want to look into setting up a VM virtual machine to run a browser in for questionable sites. You can test run questionable software on the VM without it affecting your real system. VMware is free as are some others.
     
    Collapse Signature Expand Signature
  8. StihlHead

    StihlHead
    Expand Collapse
    Guest

  9. Highbeam

    Highbeam
    Expand Collapse
    Minister of Fire

    Joined:
    Dec 28, 2006
    Messages:
    11,408
    Likes Received:
    1,801
    Loc:
    Cascade Foothills, WA
    It's called ransomware, I had it once too. Malwarebytes was my goto page for the solution. I believe I was able to browse for a short time before the FBI page would show up.
     
    Collapse Signature Expand Signature
  10. Jags

    Jags
    Expand Collapse
    Moderate Moderator
    Staff Member

    Joined:
    Aug 2, 2006
    Messages:
    17,163
    Likes Received:
    5,873
    Loc:
    Northern IL
    Do you have more than one user account on your PC? Would you be above creating one? If you create a new user (but be aware this has other implications) - you will more than likely be able to run malwarebytes and test the whole machine. Going back to a single user machine can be a PIA.
     
    Collapse Signature Expand Signature
  11. WES999

    WES999
    Expand Collapse
    Minister of Fire

    Joined:
    Jan 12, 2008
    Messages:
    990
    Likes Received:
    267
    Loc:
    Mass north of Boston
    Try ctrl f11 at startup, should got you to system restore.
    Also there are some AV programs that will boot from a disc that run under Linux,
    I think I have free one from Kaspersky.
     
    Collapse Signature Expand Signature
  12. Sisu

    Sisu
    Expand Collapse
    Feeling the Heat

    Joined:
    Sep 28, 2009
    Messages:
    466
    Likes Received:
    38
    Loc:
    Ontario
    Start up in safe mode. Restore the system to an earlier save date. That should hopefully do the trick.
     
    Collapse Signature Expand Signature
    save$ likes this.
  13. Seasoned Oak

    Seasoned Oak
    Expand Collapse
    Minister of Fire

    Joined:
    Oct 17, 2008
    Messages:
    4,309
    Likes Received:
    758
    Loc:
    Eastern Central PA
    I got exactly the SAME thing. I got on one of my other computers and googled a fix for it. You can get step by step instructions that way.Took about an hour to fix. I suggest you fix it yourself so you have the knowledge to do it as it is quite common. There is also a step if safe mode dont work which was the case with my comp.
     
    Collapse Signature Expand Signature
  14. Retired Guy

    Retired Guy
    Expand Collapse
    Minister of Fire

    Joined:
    Oct 27, 2011
    Messages:
    502
    Likes Received:
    132
    Loc:
    Cape Vincent, NY
  15. Hearth Mistress

    Hearth Mistress
    Expand Collapse
    Minister of Fire

    Joined:
    Jan 24, 2012
    Messages:
    852
    Likes Received:
    616
    Loc:
    Pt Pleasant, PA (SE PA)
    I can't get into safe mode to load a restore point, that is the issue. It will allow me to go into all of the safe mode options but as soon as it gets to safe mode, it immediatly reboots to normal mode with that stupid page, only option is to turn off by ho,ding in the power button, no other commands work!
     
    Collapse Signature Expand Signature
  16. Hearth Mistress

    Hearth Mistress
    Expand Collapse
    Minister of Fire

    Joined:
    Jan 24, 2012
    Messages:
    852
    Likes Received:
    616
    Loc:
    Pt Pleasant, PA (SE PA)
    I only have 1 user set up because my hubby is the only one that uses it. I have a work laptop, work iPad and personal iPad so I really don't use it. I have no issue creating a new user but in the state it is in, don't know that I can. This happened after my deafest husband spent several hours watching videos on line. I will absolutely set up an admin user once I get this squared away! Thanks for the idea!
     
    Collapse Signature Expand Signature
  17. Hearth Mistress

    Hearth Mistress
    Expand Collapse
    Minister of Fire

    Joined:
    Jan 24, 2012
    Messages:
    852
    Likes Received:
    616
    Loc:
    Pt Pleasant, PA (SE PA)
    My husband watches videos online posted on boards similar to ours here but they are mostly you tube videos on firearms, military field footage,etc - no porn ;)

    I'm not sure exactly what a virtual machine is but I will look into it as I am really sick of these trojans and malware. This is the first time I haven't been able to get into safe mode though, these creeps are getting really good at screwing unsuspecting users!
     
    Collapse Signature Expand Signature
  18. begreen

    begreen
    Expand Collapse
    Mooderator
    Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    60,657
    Likes Received:
    7,675
    Loc:
    South Puget Sound, WA
    Gun porn is an easy target. If you have a root virus and it sounds like you do, you will have to try booting from a USB drive or CD with a basic OS and root bug removal software. But if your hubby visits eastern European weapons websites I wouldn't bother. Their malware is getting very sophisticated and they have a defense against this too. The only recourse in that case is a low level format of the drive and reinstallation of the OS.
     
    Collapse Signature Expand Signature
  19. StihlHead

    StihlHead
    Expand Collapse
    Guest

    My laptops have CD/DVD drives so I can boot from them if I have to. Usually you can download that stuff and burn a system CD from the computer manufacturing site. For example Toshiba has them for my systems. Dell has a lot of that stuff online, I would look there. Or look on the box that your system came in, maybe it had a system CD in there? My older laptop has a CD that will restore that system to the minimum original configuration that it came in, and download the rest from Toshiba off the net. Worst case reformat the HD and reinstall the application SW on it.

    These guys that write this malware stuff, they should be crucified. You have to run virus and malware protection all the time now. I use Microsoft which is free for earlier versions, and runs automatically on Windows8. It is fairly low profile and pretty good. Norton has become so system resource greedy that it has become a worm in itself, sucking up way too much system overhead, and it also spawns tons of pop-ups, reminders, and stupid status windows. I nuke that on any system I buy, and even that is a PITA to remove from any system now. They have all these pop-ups asking if you really really really want to remove Norton and be EXPOSED TO THE HORRORS OF THE EARTH (meaning Nigerians)... makes you wonder if Norton is not paying these gins to write malware so they make more money 'protecting' people from it with subscriber services.

    Good luck. Videos are but one source of malware. SPAM is the most common source of virus, worms, spyware and malware. Never open any email attachment from anyone that you do not know. Also do not store email on your home system. Use a free service like Yahoo or Gmail and let their servers store it for free.
     
  20. begreen

    begreen
    Expand Collapse
    Mooderator
    Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    60,657
    Likes Received:
    7,675
    Loc:
    South Puget Sound, WA
    Clicking on ads on suspect sites is another portal to disaster. Don't do this.
     
    Collapse Signature Expand Signature
  21. BrotherBart

    BrotherBart
    Expand Collapse
    Hearth.com LLC Mid-Atlantic Division
    Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    32,421
    Likes Received:
    9,635
    Loc:
    Northern Virginia
    Virus writers are giving porn sites a bad name. >>
     
    Collapse Signature Expand Signature
  22. Hearth Mistress

    Hearth Mistress
    Expand Collapse
    Minister of Fire

    Joined:
    Jan 24, 2012
    Messages:
    852
    Likes Received:
    616
    Loc:
    Pt Pleasant, PA (SE PA)
    I just found my jump drive and downloaded Hitman on to it. It is too late to screw around with it now but will give it a whirl in between my conference calls Friday, I work from home so no one but the bird and the dogs will hear me curse at it. Worse case, I can reformat as there isn't much stored on it but that will be my last resort. I appreciate all the help, you guys are great!!

    Gun porn killed my PC, I'm convinced and knowing my hubby, as an avid collector, has an unhealthy obsession with all military firearms, especially eastern european models new and old, that is for sure the culprit! If he wasn't sleeping, I'd be yelling at him ;)
     
    Collapse Signature Expand Signature
  23. begreen

    begreen
    Expand Collapse
    Mooderator
    Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    60,657
    Likes Received:
    7,675
    Loc:
    South Puget Sound, WA
    Get hubby his own computer. An older Mac will suffice.
     
    Collapse Signature Expand Signature
  24. StihlHead

    StihlHead
    Expand Collapse
    Guest

    Or get him a PC and put Linux on it. Few viruses or malware are written for Linux or UNIX systems.

    As for eastern Europe and viruses, when I was a computer design engineer in the high tech glory days, I worked with several guys that had escaped from the eastern block. One from Bulgaria had 2 PhDs, and he said he made less money than bricklayers under the communist system. He was forced by the DS (Bulgarian secret police) with other engineers to write computer virus programs to bring down the evil western empire. That is why eastern Europe is notorious for malware and computer viruses. The skills remain. The guy from Bulgaria (his name was Vess) became a dissident, and he was sent by the DS to Libya as punishment to work with Gaddafi's Soviet support group. He was there when Reagan bombed Gaddafi's tent from aircraft carriers. The Soviets had suddenly disappeared a dew days before the bombing, and Gaddafi was furious with them as they obviously were tipped off that the bombing was going to happen ahead of time. So he took away their vodka. Well, Russians simply cannot function without vodka. So as it turns out Vess was from a local village that made brandy. He knew how to make a still, and how to sprout wheat and ferment it in a bathtub, and then cook it to distill it to the beverage that the Russians required to keep going. I asked him how much he made, and he replied, "How much to you want?" Basically he could make as much as they wanted... he was eventually able to trade vodka for a weekend pass to Greece. Once in Greece, he made his way to Austria. Austria had no extradition treaty with the eastern block. Once he made it there he was sponsored by a US company and eventually got a visa to work in the US. I went on a trip with him to Boston the same week he became a US citizen. He was so happy to be out of the mess of Eastern Europe and the computer virus factory that he was forced to work in.

    Sorry, a bit off track there... anyway, Eastern Europe is one of the origins of computer virus and malware, and it remains so today.
     
  25. Jags

    Jags
    Expand Collapse
    Moderate Moderator
    Staff Member

    Joined:
    Aug 2, 2006
    Messages:
    17,163
    Likes Received:
    5,873
    Loc:
    Northern IL
    I believe this is the specific version that she is fighting:
    FBI Cybercrime Division virus.

    If you haven't seen this link, check it out. If you can get to regedit, start by doing those steps. It may allow for a reboot that doesn't crank up the virus stuff and allow you to work with the PC.
    http://www.2-spyware.com/remove-fbi-virus.html
     
    Collapse Signature Expand Signature

Share This Page