No IP after cleaning up FBI Scam

Posted on 2013-10-24
Medium Priority
Last Modified: 2016-11-23
After cleaning up an FBI Scam, I cannot get an IP address to save my life...help!

Also, I cannot turn the Windows Firewall back on.

I've cleaned several computers with this fbi scam, but this has been a chore.

I've got a Dell Inspiron Laptop with Win7 64bit.  

To repair the virus I start with Rogue Killer, then MalwareBytes Rootkit removal (and there were several) then I uninstall any malware on the computer that I can possibly find, remove add ons run MBytes full malware scan and then Ccleaner including the Registry cleaner.

I've disabled 3rd party services and Startup programs.
Tried Safe Mode with Networking
Tried reinstalling Ethernet drivers

What else can I do?

Thanks in advance!

Phil W.
Question by:philw3995
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1

Expert Comment

by:Bird Dog
ID: 39597139
The last time I removed this virus it ran in safe mode as well. I ended up killing it in safemode by changing the name of process explorer .exe file and shutting the virus down. Then I could remove the virus manually and clean the startup with autoruns.
LVL 24

Expert Comment

ID: 39597361
FWIW: The few times I removed this virus from friends' PCs were by booting up in safe mode with command prompt and typing rstrui.exe to do system restore to a point before the virus.  Then scanning with MBAM -- just to make sure. Worked each time (except when a system restore point was unavailable).

Author Comment

ID: 39599326
On the surface the virus is gone.  I'm not getting an ip address and windows firewall is not working.
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.


Author Comment

ID: 39599359
Really surprised with the lack of technicians helping out here.  

Going to restore to factory, as much as I hate to!

Expert Comment

ID: 39600487
The difficult part is there is a risk with running a bajillion fixers.... while they have benefits and I use all of them that you named you run the risk of deleting data that is necessary for system functionality especially when registry keys have been deleted. I would be led to believe this is a possibility.

Restoring is going to be the quickest most efficient and reliable method to get up and running.

Expert Comment

ID: 39600757
Microsoft does have a FixIt tool here -> http://support.microsoft.com/fixit/
and it runs through diagnosing the networking issues... it may repair damaged files.

You could also try a scandisk repair - chkdsk /r ran in the administrative command prompt...

Accepted Solution

philw3995 earned 0 total points
ID: 39601888
I ran the Win7 disc and chose to Upgrade to do a Repair, which actually worked on this computer...haven't had success with that option much, usually says OS is newer than CD.

Anyway, after the upgrade the computer went into repair .Net Framework which I'm assuming was the problem with the Internet and Windows Firewall not working.

I'm thinking, mebaby333's idea of running MS FixIt may have worked.

After, I got it working MS Updates messed up and then reversed the procedure.  I've changed the settings on the Updates and have been installing them two at a time.

Thanks for all of your help!

Expert Comment

ID: 39601934
Glad to hear you got it fixed :)
LVL 24

Expert Comment

ID: 39602647
Great. You fixed it. :-)

Author Closing Comment

ID: 39623810
My solution for Repairing/Upgrading Windows 7 fixed the issue with not having an IP address after removing the FBI virus.  

It also triggered the repair of .Net Framework and Windows Updates.

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question