1. Welcome Hearth.com Guests and Visitors - Please enjoy our forums!
    Hearth.com GOLD Sponsors who help bring the site content to you:
    Hearthstone Soapstone and Cast-Iron stoves( Wood, Gas or Pellet Stoves and Inserts)

Fake FBI Trojan Locked Up My PC! Help?

Post in 'DIY and General non-hearth advice' started by Hearth Mistress, May 29, 2013.

  1. Hearth Mistress

    Hearth Mistress Minister of Fire

    Joined:
    Jan 24, 2012
    Messages:
    852
    Loc:
    Pt Pleasant, PA (SE PA)
    I'm not completely computer stupid but this one is beyond me. It is a fake page that tells me the FBI knows I have stolen software, kiddie porn, etc and unless I go buy a $300 money order my computer will remained locked. It also warns that If I try to bypass the warning my hard drive will be erased. None of which is true or going to happen.

    However, I can't get it off, can't get into safe mode at all in anyway, it will let me select safe mode but immediately reboots in normal mode and the warning page is there. I cannot do anything and reading about how to fix it online all talks abut going into safe mode and selecting a previous restore point to get rid of it. While that has worked for many others, I can't get this sucker into safe mode, even unplugged from the internet, it goes right back to the warning page with no other controls.

    We run windows 7 home edition on a Dell about 2 years old. My cable provider and anti virus software provider told me that they can't prevent or control malware or trojan attacks because they are often downloading unbeknownst to the user on a picture or video. They can't possibly control all of the content out there.

    I have a work laptop and an iPad too but really want my home PC fixed so my hubby can use it again.

    Any ideas out there that don't require safe mode? I don't want to totally restore the computer if there is another option but don't trust myself to sit and do pages of reg edits either.

    Any info is appreciated!

    Helpful Sponsor Ads!





  2. fossil

    fossil Accidental Moderator Staff Member

    Joined:
    Sep 30, 2007
    Messages:
    10,382
    Loc:
    Bend, OR
    Same thing happened to me. Win7 on a Dell desktop. Was careful to not fiddle around with anything, called a local professional computer dude who specializes in Windows and works from his home. Super guy, knew immediately what I was talking about. I took my computer to him, and the next day he called and said..."All done, cleaned up, tuned up a little, come get it". He charged me ~$100.00. No complaints. Found him in the phone book. It was a holiday...first place I called didn't answer...he did. Duh. I get occasional info e-mails from him. He's a pro. Rick
  3. BrotherBart

    BrotherBart Hearth.com LLC Mid-Atlantic Division Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    29,924
    Loc:
    Northern Virginia
    Tough one. The only way I know to stomp it is by running malwarebytes from a USB flash drive. But that is from safe mode. <>
  4. daveswoodhauler

    daveswoodhauler Minister of Fire

    Joined:
    May 20, 2008
    Messages:
    1,847
    Loc:
    Massachusetts
    My wife had a similar issue and I had to reformat the hard drive and start from scratch. Do you have the factory discs that came with the pc?
  5. Hearth Mistress

    Hearth Mistress Minister of Fire

    Joined:
    Jan 24, 2012
    Messages:
    852
    Loc:
    Pt Pleasant, PA (SE PA)
    There are no "discs" sent out anymore, its on a partition of the hard drive, no recovery disks and since I can't get into safe mode, I can't access that partition or at least I don't think I can.

    I just looked at the boot sequence in the bios menu and it looks like I can boot from a USB device or CD. I think I can burn a cd from my laptop so maybe I'll try that before trying anything else.

    I hope the people who create this crap rot in hell!
  6. heat seeker

    heat seeker Minister of Fire

    Joined:
    Feb 25, 2011
    Messages:
    2,309
    Loc:
    Northern CT
    I second that!
  7. Dave A.

    Dave A. Minister of Fire

    Joined:
    Mar 17, 2013
    Messages:
    614
    Loc:
    SE PA
    First off, just want to make clear I'm not an expert on this.

    F8 Startup Options should include Safe mode with command prompt-- if you can get into that you might be able to access that partition.

    If you can get into safe mode command prompt, see:
    http://malwaretips.com/blogs/fbi-cybercrime-division-icspa-virus/
    about restoring to previous configuration via command prompt

    That link looks straightforward and promising if you haven't seen it yet.

    Note the msconfig step. I was thinking of suggesting trying that from regular mode as a remedy to prevent the loading of the virus at startup but apparently that won't work.

    Edit: If you can't get into safe mode-command prompt then you need to start at method 4 in the link -- loading Hitman pro onto a flash drive.

    Note: Hitman is offered as a 30 day free trial but installed on your flash drive only you shouldn't have to worry about it annoying you. I use Malwarebytes and can recommend it but know nothing about Hitman other than it's available at shareware sites as a trial and what I see on this page. If it's the only way to get into windows by booting from the flash drive with Hitman on it, seems worth the try.

    If for some reason you can't fix it and it looks like the only thing left is a reinstall of windows, it's probably a good idea to first try a "repair install". This is different from repair console. Repair install, if it is available as an option for you will keep your current installation but often fixes problems. Something to consider.

    In the future, for safer browsing and downloading, you might want to look into setting up a VM virtual machine to run a browser in for questionable sites. You can test run questionable software on the VM without it affecting your real system. VMware is free as are some others.
  8. StihlHead

    StihlHead Guest

  9. Highbeam

    Highbeam Minister of Fire

    Joined:
    Dec 28, 2006
    Messages:
    9,827
    Loc:
    base of Mt. Rainier on the wet side, WA
    It's called ransomware, I had it once too. Malwarebytes was my goto page for the solution. I believe I was able to browse for a short time before the FBI page would show up.
  10. Jags

    Jags Moderate Moderator Staff Member

    Joined:
    Aug 2, 2006
    Messages:
    15,642
    Loc:
    Northern IL
    Do you have more than one user account on your PC? Would you be above creating one? If you create a new user (but be aware this has other implications) - you will more than likely be able to run malwarebytes and test the whole machine. Going back to a single user machine can be a PIA.
  11. WES999

    WES999 Minister of Fire

    Joined:
    Jan 12, 2008
    Messages:
    952
    Loc:
    Mass north of Boston
    Try ctrl f11 at startup, should got you to system restore.
    Also there are some AV programs that will boot from a disc that run under Linux,
    I think I have free one from Kaspersky.
  12. Sisu

    Sisu Feeling the Heat

    Joined:
    Sep 28, 2009
    Messages:
    466
    Loc:
    Ontario
    Start up in safe mode. Restore the system to an earlier save date. That should hopefully do the trick.
    save$ likes this.
  13. Seasoned Oak

    Seasoned Oak Minister of Fire

    Joined:
    Oct 17, 2008
    Messages:
    3,908
    Loc:
    Eastern Central PA
    I got exactly the SAME thing. I got on one of my other computers and googled a fix for it. You can get step by step instructions that way.Took about an hour to fix. I suggest you fix it yourself so you have the knowledge to do it as it is quite common. There is also a step if safe mode dont work which was the case with my comp.
  14. Retired Guy

    Retired Guy Feeling the Heat

    Joined:
    Oct 27, 2011
    Messages:
    473
    Loc:
    Cape Vincent, NY
  15. Hearth Mistress

    Hearth Mistress Minister of Fire

    Joined:
    Jan 24, 2012
    Messages:
    852
    Loc:
    Pt Pleasant, PA (SE PA)
    I can't get into safe mode to load a restore point, that is the issue. It will allow me to go into all of the safe mode options but as soon as it gets to safe mode, it immediatly reboots to normal mode with that stupid page, only option is to turn off by ho,ding in the power button, no other commands work!
  16. Hearth Mistress

    Hearth Mistress Minister of Fire

    Joined:
    Jan 24, 2012
    Messages:
    852
    Loc:
    Pt Pleasant, PA (SE PA)
    I only have 1 user set up because my hubby is the only one that uses it. I have a work laptop, work iPad and personal iPad so I really don't use it. I have no issue creating a new user but in the state it is in, don't know that I can. This happened after my deafest husband spent several hours watching videos on line. I will absolutely set up an admin user once I get this squared away! Thanks for the idea!
  17. Hearth Mistress

    Hearth Mistress Minister of Fire

    Joined:
    Jan 24, 2012
    Messages:
    852
    Loc:
    Pt Pleasant, PA (SE PA)
    My husband watches videos online posted on boards similar to ours here but they are mostly you tube videos on firearms, military field footage,etc - no porn ;)

    I'm not sure exactly what a virtual machine is but I will look into it as I am really sick of these trojans and malware. This is the first time I haven't been able to get into safe mode though, these creeps are getting really good at screwing unsuspecting users!
  18. begreen

    begreen Mooderator Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    52,404
    Loc:
    South Puget Sound, WA
    Gun porn is an easy target. If you have a root virus and it sounds like you do, you will have to try booting from a USB drive or CD with a basic OS and root bug removal software. But if your hubby visits eastern European weapons websites I wouldn't bother. Their malware is getting very sophisticated and they have a defense against this too. The only recourse in that case is a low level format of the drive and reinstallation of the OS.
  19. StihlHead

    StihlHead Guest

    My laptops have CD/DVD drives so I can boot from them if I have to. Usually you can download that stuff and burn a system CD from the computer manufacturing site. For example Toshiba has them for my systems. Dell has a lot of that stuff online, I would look there. Or look on the box that your system came in, maybe it had a system CD in there? My older laptop has a CD that will restore that system to the minimum original configuration that it came in, and download the rest from Toshiba off the net. Worst case reformat the HD and reinstall the application SW on it.

    These guys that write this malware stuff, they should be crucified. You have to run virus and malware protection all the time now. I use Microsoft which is free for earlier versions, and runs automatically on Windows8. It is fairly low profile and pretty good. Norton has become so system resource greedy that it has become a worm in itself, sucking up way too much system overhead, and it also spawns tons of pop-ups, reminders, and stupid status windows. I nuke that on any system I buy, and even that is a PITA to remove from any system now. They have all these pop-ups asking if you really really really want to remove Norton and be EXPOSED TO THE HORRORS OF THE EARTH (meaning Nigerians)... makes you wonder if Norton is not paying these gins to write malware so they make more money 'protecting' people from it with subscriber services.

    Good luck. Videos are but one source of malware. SPAM is the most common source of virus, worms, spyware and malware. Never open any email attachment from anyone that you do not know. Also do not store email on your home system. Use a free service like Yahoo or Gmail and let their servers store it for free.
  20. begreen

    begreen Mooderator Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    52,404
    Loc:
    South Puget Sound, WA
    Clicking on ads on suspect sites is another portal to disaster. Don't do this.
  21. BrotherBart

    BrotherBart Hearth.com LLC Mid-Atlantic Division Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    29,924
    Loc:
    Northern Virginia
    Virus writers are giving porn sites a bad name. >>
  22. Hearth Mistress

    Hearth Mistress Minister of Fire

    Joined:
    Jan 24, 2012
    Messages:
    852
    Loc:
    Pt Pleasant, PA (SE PA)
    I just found my jump drive and downloaded Hitman on to it. It is too late to screw around with it now but will give it a whirl in between my conference calls Friday, I work from home so no one but the bird and the dogs will hear me curse at it. Worse case, I can reformat as there isn't much stored on it but that will be my last resort. I appreciate all the help, you guys are great!!

    Gun porn killed my PC, I'm convinced and knowing my hubby, as an avid collector, has an unhealthy obsession with all military firearms, especially eastern european models new and old, that is for sure the culprit! If he wasn't sleeping, I'd be yelling at him ;)
  23. begreen

    begreen Mooderator Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    52,404
    Loc:
    South Puget Sound, WA
    Get hubby his own computer. An older Mac will suffice.
  24. StihlHead

    StihlHead Guest

    Or get him a PC and put Linux on it. Few viruses or malware are written for Linux or UNIX systems.

    As for eastern Europe and viruses, when I was a computer design engineer in the high tech glory days, I worked with several guys that had escaped from the eastern block. One from Bulgaria had 2 PhDs, and he said he made less money than bricklayers under the communist system. He was forced by the DS (Bulgarian secret police) with other engineers to write computer virus programs to bring down the evil western empire. That is why eastern Europe is notorious for malware and computer viruses. The skills remain. The guy from Bulgaria (his name was Vess) became a dissident, and he was sent by the DS to Libya as punishment to work with Gaddafi's Soviet support group. He was there when Reagan bombed Gaddafi's tent from aircraft carriers. The Soviets had suddenly disappeared a dew days before the bombing, and Gaddafi was furious with them as they obviously were tipped off that the bombing was going to happen ahead of time. So he took away their vodka. Well, Russians simply cannot function without vodka. So as it turns out Vess was from a local village that made brandy. He knew how to make a still, and how to sprout wheat and ferment it in a bathtub, and then cook it to distill it to the beverage that the Russians required to keep going. I asked him how much he made, and he replied, "How much to you want?" Basically he could make as much as they wanted... he was eventually able to trade vodka for a weekend pass to Greece. Once in Greece, he made his way to Austria. Austria had no extradition treaty with the eastern block. Once he made it there he was sponsored by a US company and eventually got a visa to work in the US. I went on a trip with him to Boston the same week he became a US citizen. He was so happy to be out of the mess of Eastern Europe and the computer virus factory that he was forced to work in.

    Sorry, a bit off track there... anyway, Eastern Europe is one of the origins of computer virus and malware, and it remains so today.
  25. Jags

    Jags Moderate Moderator Staff Member

    Joined:
    Aug 2, 2006
    Messages:
    15,642
    Loc:
    Northern IL
    I believe this is the specific version that she is fighting:
    FBI Cybercrime Division virus.

    If you haven't seen this link, check it out. If you can get to regedit, start by doing those steps. It may allow for a reboot that doesn't crank up the virus stuff and allow you to work with the PC.
    http://www.2-spyware.com/remove-fbi-virus.html

Share This Page