Solved

XP Home - FBI Whitescreen Virus

Posted on 2013-05-30
3
479 Views
Last Modified: 2013-11-22
XP Home PC with what I believe is the FBI Moneypak virus.  A screen loads shortly after the desktop appears saying that the user needs to pay money to the FBI and such.  You can't exit the screen and the screen appears for each user that logs onto the machine.

I attempted to launch safe mode and then run a scan, but each attempt at launching safe mode produces a 0x0000007B blue screen error.  I attempted to launch the recovery utility from the XP CD, but the same blue screen error appears.

I was able to use the desktop long enough to launch a chkdsk /f and it ran successfully on the next reboot with no errors or problems found.

What do I need to do to get this machine to a state where I can run a scan on it and clean it up?

Thank you
0
Comment
Question by:TacomaVA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 23

Accepted Solution

by:
tailoreddigital earned 500 total points
ID: 39208806
I just cleaned this virus out using,
http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/

The removal info is lower on the page, good luck
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39208819
@TacomaVA,

I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKIller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting
http://www.experts-exchange.com/A_1940.html

Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_4922.html

Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_5124.html

Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs

Sudeep
0
 
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
ID: 39208977
SSharma has some really excellent advice in the above post.  If you still have difficulties though, the things I have found to work with this troublesome virus is to use UBUNTU to backup all the files on the affected disk (boot to UBUNTU from a DVD and then backup the affected drive - except the windows directory - to an external drive), then to use Chameleon from MalwareBytes to update and run MBAM.  The way it works is essentially the same as using Roguekiller and without rebooting updating and scanning with MBAM.  In this case, you should try it in safe mode with networking and go to your malwarebytes directory then to the tools subdirectory there you should find a file called svchost.exe (which is actually Chameleon, which stops rogue processes and then updates and runs MBAM).  

See the instructions for removing System Care Rogue Antimalware.
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question