• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1518
  • Last Modified:

FBI Virus

Someone brought me their Dell Insprion N4110 laptop and told me he got the FBI virus. I have looked on the site and read what everyone is suggesting but I am unable to boot in Safemode and the computer just goes to blue background screen. I have taken the HD out ( a task in itself with this laptop) and tried to put it on another machine, It tells me that it needs to be formated before it can be used. I did not format of course. I have been unable to get any virus scanners to read the drive. It is running Windows 7 Home prem. I tried the emsisoft but that wont ready it either
1 Solution
Lee W, MVPTechnology and Business Process AdvisorCommented:
I cleaned this or a variant recently from a client.  I don't remember EXACTLY where things were buried, but with that experience, if the user wasn't an admin, it's easy enough to remove - rename the user's TEMP and Temporary Internet Files folders in their profile.  If necessary, try renaming iexplore.exe to disable it for now (it uses IE).  Then review the registry settings for programs that start (HKLM/HKCU \Software\Microsoft\Windows\CurrentVersion\Run)

As for reading the drive, I've seen some weird, annoying problems getting Win7 to read some drives via USB.  Try attaching it to an XP machine.  Else, attach it internally via SATA or boot to a boot CD/USB flash drive and press Shift-F10 during Windows Setup to get  a command prompt and do things from there.
also, you can start the task manager to force the start of an installer like malwarebytes, or if the explorer.exe isn't running for some reason, you can start it in there with the run program command line.  It sounds to me that it does boot, but explorer.exe doesn't run and so you get the blank desktop with nothing but a mouse pointer.
It is hard to start the task manager if the system is unable read the drive.
It is interesting when you put the drive in another computer it does not think the drive is formated, but when the drive is in the laptop will boot to a blank bue screen.  Does that mean that it is starting to boot to windows but stops at a blank blue screen? If that is just a blank desktop then maybe you could some how get into the task manager. But if the blue screen occurs before you see the windows boot up screen then obviously the os is corrupted.  what happens if you try to boot to a memory stick or a cd that has the ultimate boot disc software on it. Will it recognize the drive, will it see that it is already formated.
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Sudeep SharmaTechnical DesignerCommented:

You got the blue blank screen on Safe Mode, are you able to login to normal mode then? Did you try to run any virus removal tool from there?
Try using the Boot CD from Microsoft to get the system booting again.

If you are getting a pop-up message about "FBI MoneyPak...", the detailed steps are at the link below.

Several members of EE have been able to use the instructions here:
caustin5042Author Commented:
got the system to boot into safe mode. Once I got there I was ablel to use the bleepingcomputer instructions. got rid of the virus then reran emsisoft again in normal mode seems to be clean!!

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now