XP Home - FBI Whitescreen Virus

XP Home PC with what I believe is the FBI Moneypak virus.  A screen loads shortly after the desktop appears saying that the user needs to pay money to the FBI and such.  You can't exit the screen and the screen appears for each user that logs onto the machine.

I attempted to launch safe mode and then run a scan, but each attempt at launching safe mode produces a 0x0000007B blue screen error.  I attempted to launch the recovery utility from the XP CD, but the same blue screen error appears.

I was able to use the desktop long enough to launch a chkdsk /f and it ran successfully on the next reboot with no errors or problems found.

What do I need to do to get this machine to a state where I can run a scan on it and clean it up?

Thank you
Who is Participating?
tailoreddigitalConnect With a Mentor Commented:
I just cleaned this virus out using,

The removal info is lower on the page, good luck
Sudeep SharmaTechnical DesignerCommented:

I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKIller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting



Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs

Thomas Zucker-ScharffSystems AnalystCommented:
SSharma has some really excellent advice in the above post.  If you still have difficulties though, the things I have found to work with this troublesome virus is to use UBUNTU to backup all the files on the affected disk (boot to UBUNTU from a DVD and then backup the affected drive - except the windows directory - to an external drive), then to use Chameleon from MalwareBytes to update and run MBAM.  The way it works is essentially the same as using Roguekiller and without rebooting updating and scanning with MBAM.  In this case, you should try it in safe mode with networking and go to your malwarebytes directory then to the tools subdirectory there you should find a file called svchost.exe (which is actually Chameleon, which stops rogue processes and then updates and runs MBAM).  

See the instructions for removing System Care Rogue Antimalware.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.