Solved

XP Home - FBI Whitescreen Virus

Posted on 2013-05-30
3
471 Views
Last Modified: 2013-11-22
XP Home PC with what I believe is the FBI Moneypak virus.  A screen loads shortly after the desktop appears saying that the user needs to pay money to the FBI and such.  You can't exit the screen and the screen appears for each user that logs onto the machine.

I attempted to launch safe mode and then run a scan, but each attempt at launching safe mode produces a 0x0000007B blue screen error.  I attempted to launch the recovery utility from the XP CD, but the same blue screen error appears.

I was able to use the desktop long enough to launch a chkdsk /f and it ran successfully on the next reboot with no errors or problems found.

What do I need to do to get this machine to a state where I can run a scan on it and clean it up?

Thank you
0
Comment
Question by:TacomaVA
3 Comments
 
LVL 23

Accepted Solution

by:
tailoreddigital earned 500 total points
ID: 39208806
I just cleaned this virus out using,
http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/

The removal info is lower on the page, good luck
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 39208819
@TacomaVA,

I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKIller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting
http://www.experts-exchange.com/A_1940.html

Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_4922.html

Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_5124.html

Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs

Sudeep
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 39208977
SSharma has some really excellent advice in the above post.  If you still have difficulties though, the things I have found to work with this troublesome virus is to use UBUNTU to backup all the files on the affected disk (boot to UBUNTU from a DVD and then backup the affected drive - except the windows directory - to an external drive), then to use Chameleon from MalwareBytes to update and run MBAM.  The way it works is essentially the same as using Roguekiller and without rebooting updating and scanning with MBAM.  In this case, you should try it in safe mode with networking and go to your malwarebytes directory then to the tools subdirectory there you should find a file called svchost.exe (which is actually Chameleon, which stops rogue processes and then updates and runs MBAM).  

See the instructions for removing System Care Rogue Antimalware.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra) Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”. It’s kind of a no-brainer. “The following procedure works for me, so here is …
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question