Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: My sister's FBI "bust"

04 Mar 2013   #1
gregrocker

 
My sister's FBI "bust"

My sister got the fake FBI virus today. Trying to help her on the phone we were able to System Restore to before it and it appears to be gone. Back on the desktop nothing is found by Malwarebytes or SuperAntiSpyware. She is running Windows Defender offline boot disk now.

An IT worker at her medical transcription company says it will never be completely removed and she should Clean Reinstall. This bothers me because usually I am the guy saying that but I think we were able to get before the infection so she should let it ride.

I realize there are likely many variants but wonder if there are any special scans I should have her run. Thanks.


My System SpecsSystem Spec
.
04 Mar 2013   #2
Brink

64-bit Windows 10 Pro
 
 

Hey Greg,

I'm in the camp to format and reinstall to be safe.
My System SpecsSystem Spec
04 Mar 2013   #3
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Same with me *medical transcription company*
My System SpecsSystem Spec
.

04 Mar 2013   #4
cottonball

Windows 7 Home Premium
 
 

gregrocker,

Brink's and Jacee's suggestions are the 'for sure' option, however, even though I am the underdog here , have used the following program with success:

HitmanPro Kickstart targets this ransomware.

You need to know if the infected computer is running a 32-bit or 64-bit system.

Download link for HitmanPro.Kickstart::
HitmanPro.Kickstart - Anti ransomware, politievirus, bundestrojaner, Reveton, BKA, GVU - SurfRight


You need to load a USB flash drive with HitmanPro Kickstart as follows...


Use a clean”(non-infected) computer, and download HitmanPro from the link above.


When HitmanPro opens, click the Kick icon at the bottom of the screen.


Plug the USB flash drive into the clean computer and follow the instructions from the first video on the website.


Next, plug in the USB drive just created into the infected machine.
Start the infected computer.


When the computer starts, press the key (on some machines its F10 or F2) that brings up the Boot Menu. From there, select to boot from the USB drive.
Info: http://www.selectrealsecurity.com/remove-ransomware
Save the changes, and press on.


Next, perform a system scan with HitmanPro Kickstart as seen in the second video.


After HitmanPro Kickstart is done, boot into Windows.



~~~~~~~~~~~
To remove the malicious files of the ransomware...


Download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:

Select the version that applies to your system. (See Note)
Click the dark-blue button to download.
Save to the Desktop.


Close all windows and browsers.
Right-click and select: Run as Administrator


At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)
Press: SCAN


When done, a report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.



Note:
To find out if the system is 32 or 64 bit:
Click: Start
Type System in the Start Search box
Click System in the Programs list.


The operating system is displayed as follows:

For a 64-bit version operating system, under System > System type, it shows:
64-bit Operating System

For a 32-bit version operating system, under System > System type, it shows:
32-bit Operating System
My System SpecsSystem Spec
04 Mar 2013   #5
gregrocker

 

Thank you all.

I'm sending her this thread now along with options for getting a Clean Reinstall - Factory OEM Windows 7 or Acer Recovery media and Restoring a system to factory load since she still has the factory preinstall until her brother gets back there to Clean Reinstall.

She asked me about backup before reinstall, if those files can be trusted with MSE, MBAM and SAS scans alone. She has a backup before the Acer laptop was shipped back for repairs a month ago which should be clean.

She also asked me if she is possibly infectious to others via email. Her medical transcriptions are done on another PC.
My System SpecsSystem Spec
04 Mar 2013   #6
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Greg I'm in the wipe and clean install group. This FBI infection can be passed to other computers creating a botnet. Your sister could of got it from anywhere. Here is a site that has a video at the top that explains the virus very well.

FBI Warns Against Ransomware Internet Scam | KSTP TV - Minneapolis and St. Paul

http://www.azfamily.com/news/consume...192079001.html

I would also recommend that all passwords be changed from a clean computer.Most important inform all banks and credit card companies ect. what has happened so they will be on the look out for strange happenings with your sisters accounts.
I would also recommend you sister informing friends she emails that her computer was infected so they are aware not to do things like opening email from her.
My System SpecsSystem Spec
04 Mar 2013   #7
King Arthur

Windows 7 Ultimate x64 SP1
 
 

Email can be a potential vector for infection since emails can be whole HTML webpages in their own right if they are not just plain text, and any attached files are obviously at risk of being virus carriers.
My System SpecsSystem Spec
04 Mar 2013   #8
cottonball

Windows 7 Home Premium
 
 

gregrocker.

Quote:
... if those files can be trusted with MSE, MBAM and SAS scans alone
Have seen where System Restore was used on the ransomware, and, although apparently successful, it was not. Furthermore, for some reason, some of the scans used are missing the issue.

Further intervention using tools such as Farbar Recovery Scan Tool, RogueKiller, and OTL has finally cleared the machine.

To answer the question above, IMO, unless further malware removal work is done on this machine, it is not to be trusted.
My System SpecsSystem Spec
05 Mar 2013   #9
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Excellent advice cottonball!
My System SpecsSystem Spec
05 Mar 2013   #10
cottonball

Windows 7 Home Premium
 
 

Thanks, Jacee.

I like to remove malware, vs. reinstall, but the truth is that on those ransomware infections, although they can be cleaned in most cases, the job is not an easy one. They are a big challenge.

The tools mentioned were just the ones that came to mind. In a real case scenario it goes much further than those.
My System SpecsSystem Spec
Reply

 My sister's FBI "bust"




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
"access denied" when using "assoc" and "ftype" from cmdline?
I tried to associate the file extension .txt to a new editor program with the well known cmdline programs ASSOC and FTYPE. No, assigning them through WinExplorer menu does not work. But this is another problem which should not discussed here. When I type now one of the following...
General Discussion
Kyboard deos not respond to the keys: "e", "d", "c" and "3"
Example sentence: vrytim I prss ths kys, nothing happns. Now I'm writing with my on-sreen keyboard. I'm clueless when it comes to computer stuff. How do I fix this? Is this a software problem, or a hardware problem?Help is much appreciated!
Hardware & Devices
Changing the "minimize" "maximize" and "close" buttons of a theme
Ok so I'm using a custom visual style made by another user however I don't really like the buttons used that I mentioned above. The creator states it is acceptable to change the theme to however you like as long as you don't redistribute it anywhere. Ok so I opened up the .msstyles file (using...
Customization
BSOD every few hours: mostly "STOP: 0x00000F4", "c00021a" & "c0000135"
Hi everyone! Yesterday my HP laptop (Windows 7) started getting BSOD with various types of errors (mostly "STOP: 0x00000F4", "STOP: 0x0000007A", "c00021a" and one "missing %hs, c0000135"). Most of the time it restarts without any issues and works fine right after the BSOD and then an hour or two...
BSOD Help and Support
Need to add "TASKBARS" (MSese for "Launchpads", "Docks" NOT "Toolbars"
My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar...
General Discussion
Remaking "My Music", "My Pictures", "My Videos" folders
hi, OK, this is a weird one. I wanted to move the "My Music", "My Pictures", "My Videos" folders to another HDD. I moved the "My Documents" Folder to this HDD without a problem but the others I accidentally set the whole HDD as the folder (if that makes sense). So now the music, videos and...
Customization


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:47.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App