?
Solved

XP Home - FBI Whitescreen Virus

Posted on 2013-05-30
3
Medium Priority
?
486 Views
Last Modified: 2013-11-22
XP Home PC with what I believe is the FBI Moneypak virus.  A screen loads shortly after the desktop appears saying that the user needs to pay money to the FBI and such.  You can't exit the screen and the screen appears for each user that logs onto the machine.

I attempted to launch safe mode and then run a scan, but each attempt at launching safe mode produces a 0x0000007B blue screen error.  I attempted to launch the recovery utility from the XP CD, but the same blue screen error appears.

I was able to use the desktop long enough to launch a chkdsk /f and it ran successfully on the next reboot with no errors or problems found.

What do I need to do to get this machine to a state where I can run a scan on it and clean it up?

Thank you
0
Comment
Question by:TacomaVA
3 Comments
 
LVL 23

Accepted Solution

by:
tailoreddigital earned 2000 total points
ID: 39208806
I just cleaned this virus out using,
http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/

The removal info is lower on the page, good luck
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39208819
@TacomaVA,

I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKIller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting
http://www.experts-exchange.com/A_1940.html

Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_4922.html

Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_5124.html

Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs

Sudeep
0
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 39208977
SSharma has some really excellent advice in the above post.  If you still have difficulties though, the things I have found to work with this troublesome virus is to use UBUNTU to backup all the files on the affected disk (boot to UBUNTU from a DVD and then backup the affected drive - except the windows directory - to an external drive), then to use Chameleon from MalwareBytes to update and run MBAM.  The way it works is essentially the same as using Roguekiller and without rebooting updating and scanning with MBAM.  In this case, you should try it in safe mode with networking and go to your malwarebytes directory then to the tools subdirectory there you should find a file called svchost.exe (which is actually Chameleon, which stops rogue processes and then updates and runs MBAM).  

See the instructions for removing System Care Rogue Antimalware.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question