Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

XP Home - FBI Whitescreen Virus

Posted on 2013-05-30
3
Medium Priority
?
484 Views
Last Modified: 2013-11-22
XP Home PC with what I believe is the FBI Moneypak virus.  A screen loads shortly after the desktop appears saying that the user needs to pay money to the FBI and such.  You can't exit the screen and the screen appears for each user that logs onto the machine.

I attempted to launch safe mode and then run a scan, but each attempt at launching safe mode produces a 0x0000007B blue screen error.  I attempted to launch the recovery utility from the XP CD, but the same blue screen error appears.

I was able to use the desktop long enough to launch a chkdsk /f and it ran successfully on the next reboot with no errors or problems found.

What do I need to do to get this machine to a state where I can run a scan on it and clean it up?

Thank you
0
Comment
Question by:TacomaVA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 23

Accepted Solution

by:
tailoreddigital earned 2000 total points
ID: 39208806
I just cleaned this virus out using,
http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/

The removal info is lower on the page, good luck
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39208819
@TacomaVA,

I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKIller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting
http://www.experts-exchange.com/A_1940.html

Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_4922.html

Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_5124.html

Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs

Sudeep
0
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 39208977
SSharma has some really excellent advice in the above post.  If you still have difficulties though, the things I have found to work with this troublesome virus is to use UBUNTU to backup all the files on the affected disk (boot to UBUNTU from a DVD and then backup the affected drive - except the windows directory - to an external drive), then to use Chameleon from MalwareBytes to update and run MBAM.  The way it works is essentially the same as using Roguekiller and without rebooting updating and scanning with MBAM.  In this case, you should try it in safe mode with networking and go to your malwarebytes directory then to the tools subdirectory there you should find a file called svchost.exe (which is actually Chameleon, which stops rogue processes and then updates and runs MBAM).  

See the instructions for removing System Care Rogue Antimalware.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question