It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Originally posted by Wrabbit2000
reply to post by Skada
Ditto to Skada's suggestion. If you don't get the whole suite, get "Autoruns" as a minimum. Make sure you run it as administrator. It comes from Microsoft directly so it's clean as far as that goes. It's the single best free Util I know of to see EVERYTHING starting and running on a machine. It's also the #1 thing, literally, #1 that I put on any clean format/install I do on a Windows machine.
Also...I hadn't seen you mention it. Are you using Malwarebytes? That is, believe it or not, what the IT department at the school was using to clean this little bugger. Safe-Mode then Malwarebytes on a full scan. It sounds almost too simplistic for how evil this one is ..but they've found it to work in most cases?
Originally posted by luciddream
Get a Malware detector/removers, Malware Bytes, also get a Registry Cleaner, probably you torrent it if you can't find a free one.
I had a similar attack, when i tried to "skip an ad" - It had an invisible layer, that made me acknowledge a virus file download.
FBI Web Cam Virus(ATS).
Originally posted by samlf3rd
Hello ATS, I need some quick help.
My friend had the FBI virus on his computer. We couldn't get in via safe mode (any version of safe mode at all-the virus was still active). After I ran the program and deleted this file called "1c54cad4.exe". Now when I start windows (safe mode or not) a command prompt opens and says that (the .exe that Hitman Pro deleted)
"1c54cad4.exe is not a recognized as an internal operable program or batch file".
So some program in the system is still calling that virus file-how can I find that program? How can I fine this entry in the system and tell the computer to ignore it? Is there a list of .exe's that run on startup that is in the registry somewhere? I checked in msconfig and nothing out of the ordinary is there. I also ran Hijackthis and the call for the exe wasn't in there either.
Originally posted by Skada
you may have to use a live boot disk such as Ultimate Boot Disk for Windows, Linux Live (any distro may work), or even creating or finding a Pre-Installation Environment Disk with Windows 7 would work. Or if you can some how get into safe mode or similar, you will need to get to the registry. Regedit or similar registry editing software.
look under these reg keys for your little exe file.
Or you can run a search for your EXE file and delete it from your registry. Or you can try setting your PC back to another day.
If your PC is MS Windows, consider downloading Sysinternals Suite.
Originally posted by KeepYourAnonymity
I had this same virus and payed my buddy to get rid of it. He cleaned up all the junk files, programs not used, and did a malwarebytes scan and found the location of the virus to delete it
Originally posted by ShadellacZumbrum
reply to post by samlf3rd
If you can get Windows or safe mode to load hit the CRTL-ALT-DEL to open the task manager. Have a look at the processes. Look for anything that doesn't make sense like files with numbers.exe or a combination of letters and numbers.exe.
Then do a search on your system for that file name. But just because you are able to find that file and delete does not mean that you will kill the issue.
If you really want to do it effortlessly .. Download COMBOFIX.exe from Bleeping Computers. com
About 5-10 minutes later you will be good to go and everything will be clean.
Keep in mind that allot of times antivirus programs do not work so well if you have a virus before you install the anti-virus.
P.S. .. . By thye way., .. you had better check that system for CHILD PORN since it has something to do with the FBI. .. . .. Just sayin'.edit on 13-5-2013 by ShadellacZumbrum because: (no reason given)