Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Removing "Internet Crime Complaint Center"  FBI Virus

Posted on 2012-12-29
6
Medium Priority
?
1,372 Views
Last Modified: 2012-12-30
I am working on a Windows XP computer that is infected with the FBI virus.  I have tried every suggestion online and cannot seem to get around this.  The "Internet Crime Complaint Center" Screen comes up in both normal and Safe mode and I cannot get around it.  Ctrl+ Alt+ Del does nothing.  I tried Norton's bootable recovery tool scanner as well as Kaspersky's bootable Rescue disk.  Neither are able to locate the virus and remove it.  Norton boot disk found it but reported that it could not remove it.  I even removed the drive and placed rkill and the iexplorer version of rkill in the startup folder still without any luck.
This is the 2nd computer in the last week with this infection that I have had. Anyone have any suggestions?
0
Comment
Question by:waytron
6 Comments
 
LVL 13

Expert Comment

by:themrrobert
ID: 38730236
In safe mode, Run Regedit. Search for WinLogon and Startup Entries and write down all the files that are not explorer.exe or blank.  Delete them afterwards. (Search HKEY_LOCAL_MACHINE, and HKEY_CURRENT_USER)  Also remove any bad keys in >Software>Microsoft>Windows>Current Version>Run / RunOnce and remove any bad keys.

Once you feel you have removed the keys, press F5 to refresh and make sure the keys are not re-written.

After you are sure you got them, unplug your computer. Yes, there are risks, but 99.9% chance everything will be fine.  (You don't want the computer to shut down normally, this will signal the virus and it will re-plant itself).

The key here is to be sure you found and removed the keys the virus is using to start up at boot, and power off as quickly possible after deletion.

Good luck!  (If you can download ComboFix from bleepingcomputer.org and run that on the infected machine, it's probably going to be your best bet)
0
 
LVL 1

Author Comment

by:waytron
ID: 38730278
Even in safe mode, I cannot run anything.  The FBI warning comes up before anything and nothing works.
0
 
LVL 70

Accepted Solution

by:
garycase earned 1000 total points
ID: 38730357
Try the suggestions here -- the bootable Hitman Pro "Kickstart" USB key has worked well on the couple of occasions when I've used it on this virus [I've seen it about 5 times in the past month].

http://malwaretips.com/blogs/fbi-anti-piracy-warning-moneypak/
0
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

 
LVL 93

Assisted Solution

by:nobus
nobus earned 1000 total points
ID: 38730466
i've had success with windows offline Defender cd : http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
0
 
LVL 1

Author Comment

by:waytron
ID: 38730722
Thank you guys for your suggestions and I will try them the next time.  This one is a real nasty one so I am sure it will surface again.

I ended up removing the hard drive and placing 2 renamed rkill and 1 renamed combofix into the startup folder and then putting the drive back and booting up normally.  Rkill seemed to work this time and after awhile combofix finally opened up.  The Screen was in somewhat of a reversed mode and the radio buttons were not showing but after some guessing where the OK buttons were, I was able to get combofix to run.  After combofix rebooted the computer all was fine and I was able to follow up with Malwarebytes and roguekiller scans to remove a few remnants.  All seems fine now.
0
 
LVL 1

Author Closing Comment

by:waytron
ID: 38730732
Thanks again.  Everyone online talks about removing this from safe mode but this is the 2nd time that I could not get into safe mode without the virus taking over.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question