Help-Had FBI virus, removed it now on startup command prompt looks for an exe that isn't there.

page: 2
0
<< 1    3 >>

log in

join

posted on May, 13 2013 @ 11:20 AM
link   
When you say the FBI virus, do you mean the virus (though its not really a virus its a torjan / ransomeware not that it matters) that accuses you of watching child porn and tries to get you to pay a fine?

I removed that successfully off someones computer a 6 months ago, though this was a UK version called the Metropolitan Police Virus. The guy was almost having a heart attack as he got it watching porn on his wifes laptop while she was visiting her parents. Ive never seen anyone so happy as when i gave it back to him clean


Its not all that difficult to remove it you take the right steps in the right order.

edit on 13-5-2013 by PhoenixOD because: (no reason given)




posted on May, 13 2013 @ 11:29 AM
link   
reply to post by ShadellacZumbrum
 




If you really want to do it effortlessly .. Download COMBOFIX.exe from Bleeping Computers. com


That program should only really be run under the instruction of someone from BleepingComputers.com as its very powerful and can do some damage amongst other problems.



posted on May, 13 2013 @ 11:35 AM
link   
reply to post by PhoenixOD
 

Hilarious! And yes it is Ransome ware (I believe) MoneyPack-your computer is blocked here's your IP...
Yep

It is gone, but like I said I deleted a file while running HitManPro-or maybe emer emergency, and after that everytime I go on the desktop nothings loads and command prompt pops up telling me that file can't be found.
Nothing in msconfig, can't find anything in the registry (I am sure I am missing it somewhere).



posted on May, 13 2013 @ 11:37 AM
link   
reply to post by samlf3rd
 


Here is a guide to removing it, id talk you though it but im super busy revising for an exam tomorrow >.<

malwaretips.com...
edit on 13-5-2013 by PhoenixOD because: (no reason given)



posted on May, 13 2013 @ 11:45 AM
link   
reply to post by PhoenixOD
 


Thanks for the tips.

However, it appears that all the viruses are gone. The computer runs fine, besides windows looking for that initial file.

I have gone through every step you posted already, like I said viruses are gone, but no explorer.exe just command prompt looking for that file. Nothing in msconfig startup (all normal windows and adobe).



posted on May, 13 2013 @ 12:14 PM
link   
reply to post by samlf3rd
 


So you have reset the restore point to a time before the virus happened?

if you have then what i would try next is to use Regedit and do a search for "1c54cad4.exe" and delete any entries that point towards it. Keep searching through the registry until all references to it are gone as there might be more than one.

I'd recommend doing a registry backup first though.

edit on 13-5-2013 by PhoenixOD because: (no reason given)



posted on May, 13 2013 @ 12:49 PM
link   
reply to post by PhoenixOD
 


I have used COMBOFIX.exe probably 1000 times or more with no problems whatsoever. I have also recommended it 100's of times and the users had great success.

If you have had issues with it maybe it was an isolated incident.



posted on May, 13 2013 @ 12:53 PM
link   
reply to post by PhoenixOD
 


Ironically there are no restore points other than yesterday, and none under "Show me more restore points".

I did a search also in regedit and there was no file found in there.???



posted on May, 13 2013 @ 01:00 PM
link   

Originally posted by ShadellacZumbrum
reply to post by PhoenixOD
 


I have used COMBOFIX.exe probably 1000 times or more with no problems whatsoever. I have also recommended it 100's of times and the users had great success.

If you have had issues with it maybe it was an isolated incident.


This is from the instructions for using the program from the bleepingcomputer.com website :



Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper.

source



You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

Source

When they say 'helper' they mean a registered helper at the site. Id guess the warnings are there for a reason.

Last two times i used combofix it unregistered my Transcender practice exams and i had to email the company and convince them to send me new keys for each of my bought products.

edit on 13-5-2013 by PhoenixOD because: (no reason given)



posted on May, 13 2013 @ 01:06 PM
link   
reply to post by samlf3rd
 


There is one sneaky way to find out whats calling the file but it involves some programing knowledge. When one program calls another it sends some traceable information to the second program. I once wrote a program that could track that info a long time ago.

I might see if i can dig it out if you are still stuck with the problem tomorrow , i really have to get back to revising for today lol.

But let me add that if there is nothing in the registry pointing to the program its trying to run then there must be a part of the virus still remaining on the computer. That part will be getting activated when the computer starts up and its that program that is calling the .exe.

Have you tried running norton eraser? Its free and very powerful, though like combofix its slightly on the risky side. but i have not personally had any problems with it. You dont install it , you just download it and run it once.

edit on 13-5-2013 by PhoenixOD because: (no reason given)



posted on May, 13 2013 @ 01:45 PM
link   
reply to post by PhoenixOD
 


Yep, they are trying to cover themselves. But that's O.K.

I will continue to use it and recommend it.

It has been HUGELY Successful for me.

I suspect they have that disclaimer there to detour those who do not have much knowledge in the way of computers. I will even bet that Malware Bytes, Symantec, and Norton all have similar disclaimers.



posted on May, 13 2013 @ 01:53 PM
link   
reply to post by ShadellacZumbrum
 


I used to use it and it has worked in the past on some things but since ive started to use transcender to do practice exams ive found it destroyed the registration information for each exam ive bought every time i ran it.

edit on 13-5-2013 by PhoenixOD because: (no reason given)



posted on May, 13 2013 @ 02:23 PM
link   
reply to post by ShadellacZumbrum
 


Shade, you were right-ComboFix Fixed it!!!


I have ran combofix numerous times as well, but like Pheonix said it can be dangerous and I have had it mess up lots of things-like the ever famous "lost wireless connectivity". I was going to post my log on Bleeping Computer but things look great so far!

Thank you guys for all your help! I couldn't of done it without the Internet's most intelligent minds.



posted on May, 13 2013 @ 02:44 PM
link   
My sister-in-law got this virus last week (she had AVG as her scanner).... all I did was create a Microsoft Standalone System Sweeper boot CD (it's a Pre-boot virus scan.... it boots from CD and not the infected hard drive)

Download from cnet (32bit version)
Download from cnet (64bit version)

The only thing is you have to be hard wired into the internet to download the virus definitions (there is another option in program that gives you a website to download them from on another computer, put on cd, then run from infected computer.... u2u me with if you have any questions with it and I'll try to help you out



posted on May, 13 2013 @ 03:28 PM
link   
That file is listed as a TROJAN and WORM...so it attaches to many unknown to you locations and waits until some later time to re-launch.

Nasty thing....I had to have it professionally removed becasue they were better equiped that me...and even they had issues getting rid of it as it changes location, name, type over and over again, leaving copies everywhere it can.

PS In mine...it REMEMBERED my ISP address OFFLINE somewhere and is STILL trying to gain unauthorized access.



posted on May, 13 2013 @ 03:47 PM
link   
Once you get your computer back up and running, my room-mate shared this program called Peer Block with me. You can download it at their homepage, here.

Peerblock will actually keep people, governments and organizations from accessing your P.C. It does allow HTTP access, but you can turn that off quickly with the press of a button.



posted on May, 13 2013 @ 05:10 PM
link   
reply to post by samlf3rd
 


Sam,

Thats Great News.

Now, I would uninstall any anti-virus you have on the system and re-install it. Make sure you have ONLY 1 Anti-virus installed as multiple instances regardless of brand can cause conflicts and issues.

Glad I was able to help.

P.S. .. Tell your buddy if he wants to look at porn, he can go to the local Kiosk at the mall. That is really the ONLY Safe porn.



posted on May, 13 2013 @ 05:41 PM
link   
reply to post by samlf3rd
 


I've had that virus before and my anti-virus wouldn't pick it up, so I took care of it myself.
You might try this, it worked for me. YMMV, though.
First go into task manager, look for the running process and narrow it down to the suspect process(es) .exe.

Next go into windows explorer search for the suspected process, (make sure hidden files are unhidden) and search for part of the file name (not the exact name because usually they will copy themselves, i.e. virus232 to virus 233) once you find it (or them), don't delete it, but rename them to something different and then after renaming them, move the file to a different folder.

Once that is done, go to the task manager and end the process(es) then go to msconfig and un-check them for start up. Now delete the moved files and you should be good.
If you can't delete them before you restart, try it after restarting. No promises that this will work but it's worth a shot as long as you know what processes are and aren't legit, so be careful what you modify.


ETA
Whoop, too late.
I'll leave that for anyone else who might have the same problem.
edit on 13-5-2013 by kx12x because: (no reason given)



posted on May, 13 2013 @ 11:02 PM
link   
Out of curiosity, why would the government put a virus on your friend's computer? Are you sure it isn't yours? Is there something you want to share with us armchair conspiracy theorists?
edit on 13-5-2013 by AfterInfinity because: (no reason given)



posted on May, 13 2013 @ 11:11 PM
link   
reply to post by AfterInfinity
 



Click here.

The Government Is Planting Child Porn On Your Computer

www.abovetopsecret.com...





new topics
 
0
<< 1    3 >>

log in

join