FBI Browser Lock Virus

[abohemianmind]

I might have the FBI ransom virus. I was surfing the web and then all of a sudden, a tab popped up that said I had illegal movies etc on my computer and the FBI has locked down my computer. A box kept popping up, asking me if I wanted to leave the page or stay. I clicked leave, but the box popped up again and again and again. I then clicked stay but had the same problem. I couldn't click out of the browser window either, until I eventually was fast enough to do so (I hope it was me, anyway).

My computer seems fine, but I have yet to turn it off. Is that how they download the virus? Or is it already on?

 

[andrew129260]

1.) Do you have all your data backed up?

2.) Can you provide a Screenshot?

3.) Was it only in your browser that the warning was displayed in?

Please read this entirely before we begin malware removal:


Before we start with malware assistance, I want to inform you of a few things:

1.) I am not a recognized malware removal expert. I do not have a certification from a malware removal school. Having said that, I have removed a lot of malware with PCs and have years of experience.
But just like no antivirus program is 100% effective, neither am I. My goal is to simply clean up your PC from any malware, and assist you in any way possible to help you secure your PC.

2.) Sevenforums (This forum)and I will NOT be held responsible for anything that might go wrong with your pc.

3.) You agree to follow all directions given, until I advise that your pc is clean and you are free of threats. You will not abandon the thread.

4.)

Do you agree to these terms?​

If yes, reply with a Yes. If not, please state so and I will flag an official malware remover, or I will recommend another place for malware removal assistance.

 

[abohemianmind]

1.) Do you have all your data backed up?

2.) Can you provide a Screenshot?

3.) Was it only in your browser that the warning was displayed in?

Do you agree to these terms?​

I am backed up. I cannot provide a screenshot. And it only happened in my browser. I have since restarted my computer and have had no problems. But yes, I do accept your terms.

 

[andrew129260]

Are your files locked? Are you able to access your personal files?

If so, then it most likely was a simple scare attempt that was on the webpage, and the threat was not actually on your pc.


Here is a guide on it:

3 Easy Ways to remove the "FBI MoneyPak" virus

Or we can do the manual way.

I always prefer the manual way. But if you are savvy enough, go with the guide.



Still though, I suggest doing the following:

1.) Download herdprotect: (choose the portable version)

Download herdProtect - Free Anti-Malware Platform

2.) Run the scan.

3.) When the scan finishes, save the results per the screenshot below. Then upload the log here.

DO NOT REMOVE ANYTHING YET. I will advise if anything needs removed when I receive the log.

Attached Images

 

[abohemianmind]

File was too long to post so I saved as notepad document and attached. And none of my files are locked, either.

 

[andrew129260]

File was too long to post so I saved as notepad document and attached. And none of my files are locked, either.

Please read the following carefully, answering all questions and confirming all that was asked of you.


Yup that was what you were supposed to do Well that is good. Seems like just an ad then to trick and scare you.

I notice you have some iobit products installed. Uninstall all of them. There software is very untrustworthy. Things like registry cleaners and registry defraggers are snake oil and should not be used. They cause more problems and solve nothing.

You do have some Interesting items though.

Let see what else is going on here:

1.) Download malwarebytes anti malware found here:

https://www.malwarebytes.org/

Choose the Free version download.

2.) After it downloads, run the installation and install it.

3.) After install, open malwarebytes.

Choose to update now.

When your updated, you should see something like this in the screenshot:

4.) Then choose to run a scan after updates complete.

5.) After the scan completes, Remove anything found. Restart the computer.

6.) Open malwarebytes. Click the history button.

Then Click on application logs.

Choose the latest scan log, and click the view button.

Click on the export button, then choose text file. Save it somewhere.


7.) Post your results by using the paperclip and upload the log.

 

[abohemianmind]

Malware bytes scan log.

 

[andrew129260]

1.) Download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool

• Vista/Windows 7/8 users right-click and select Run As Administrator.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Upload the contents of that logfile in your next reply using the paper clip on the reply box.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

2.) Using AdwCleaner v3: Scan & Clean:

Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Upload the contents of that logfile in your next reply using the paper clip on the reply box.

Junkware Removal tool:


3.) Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Upload the contents of that logfile in your next reply using the paper clip on the reply box.
• When completed make sure to re-enable your antivirus

 

[abohemianmind]

Here's the adw scan

 

[andrew129260]

ok make sure to run the clean in adwcleaner and run jrt from step 3 above. I will then tell you what to remove from herdprotect when you run a new scan and post a log.

 

[abohemianmind]

Junkware Removal log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by artiste on Fri 07/25/2014 at 21:29:49.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\artiste\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair"
Successfully deleted: [Folder] "C:\Users\artiste\AppData\Roaming\microsoft\windows\start menu\programs\free window registry repair"



~~~ FireFox

Successfully deleted: [File] C:\Users\artiste\AppData\Roaming\mozilla\firefox\profiles\nu81rwi8.default\user.js
Emptied folder: C:\Users\artiste\AppData\Roaming\mozilla\firefox\profiles\nu81rwi8.default\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/25/2014 at 21:39:48.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[andrew129260]

Ok good. Uninstall all iobit software, reg booster, cleaner anything like that.

Restart

Then post a new herdprotect log.

 

[abohemianmind]

herdprotect log

 

[andrew129260]

File path: 		c:\windows\system32\registrydefragboottime.exe
Publisher: 		IObit
Signer: 		IObit Information Technology
MD5: 			2a99f3410342f2b058109cfeedf45f64
SHA-1: 			fce475b15e702b3490a11f3d122649f18244380d
Created: 		7/20/2014 10:52:57 AM
Detections: 		1
Determination: 		Inconclusive
			- Emsisoft Anti-Malware as Gen:Trojan.Heur.0q0@umJwE0j (Undefined malware)

You are still showing iobit products installed. Make sure you completely remove them/uninstall them. Ibiot products are known to cause a lot of issues with windows.
_____________________________________________________________________________________________

Make sure your data is backed up either on an external hard drive or somewhere else before proceeding:

1.) Please download and save the file TFC by Old Timer. Again, save the file to your downloads folder or your desktop. Do not run it.

Downloading TFC


2.) Close your programs before running this tool. TFC will close ALL open programs.

3.) Browse to where you saved tfc. Right click on tfc.exe and choose Run As Administrator.

4.) Click the Start button to begin the cleaning process and let it run uninterrupted to completion. When it finishes it will say total files cleaned, and the start button will be grayed out. Click exit.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.



__________________________________________________________________________________________

1.)Download security check below.

This will show me what security software you use and what the status is of services such as windows firewall:

Downloading SecurityCheck

Open and run: SecurityCheck.exe
Follow the instructions inside the window that appears.

When done, a Notepad report opens automatically, called: checkup.txt

Please post the checkup.txt in your reply using the paperclip:

 

[abohemianmind]

Sorry. I've been busy working the past few weeks. My computer is actually fine now. Nothing happened with that FBI virus scare. And I think anything harmful has been removed.

 

[andrew129260]

Sorry. I've been busy working the past few weeks. My computer is actually fine now. Nothing happened with that FBI virus scare. And I think anything harmful has been removed.

While it might appear fine, I would like to be sure.

Please do as requested above.