FBI Ransomware

[trampy]

I had the Fbi ransomware a couple of days ago but I did a system restore and ran malwarebytes and it found 1 file so I thought it fixed the problem but today It came back so I did the same thing but I believe its still on my pc somewhere, please help me kill it.

 

[Gary]

FBI Virus - (Removal Help) - PCTuneUp.ORG

Try the above.

 

[cottonball]

trampy,

PCTuneUp is not a program recommended to deal with the issue you have.

Let's see what the following short scan shows...

Please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)


When you get to the website, go to where it says:
(Download link) Lien de téléchargement
Select the version that applies to your system: x64 (64-bit)
Click the applicable dark-blue button to download.


Save to the Desktop.


Close all windows and browsers.
Right-click and select: Run as Administrator


At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.


Press: SCAN



When done, a report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.

 

[trampy]

Rogue killer results

Here are the results from rogue killer, sorry for taking so long I just got back home.

 

[trampy]

I didnt delete anything rogue killer found, I was waiting for the go ahead from you guys.

 

[gied]

Do system restore.
For me, it looks like a reinfection or a trojan/downloader on the system.
Thus scan with hitman pro or other broad range anti-malware program after cleaning up.
Consider getting better antivirus

 

[VistaKing]

Run RogueKiller once more and click on the Delete button and upload the log . The PC will tell you to restart . Restart the PC.

 

[trampy]

Here is the new log

 

[VistaKing]

Good that stuff got removed. How's the PC running ?

Lets see what cottonball will advise you to do next .

 

[Gary]

I had the Fbi ransomware a couple of days ago but I did a system restore and ran malwarebytes and it found 1 file so I thought it fixed the problem but today It came back so I did the same thing but I believe its still on my pc somewhere, please help me kill it.

You do need to remove all of your restore points as they are no doubt infected as well. I use Avast Internet Security and it has kept me clean.

 

[trampy]

How do I remove my previous restore points?

 

[VistaKing]

Open System by clicking the rb: right-click Computer, and then click Properties.

In the left pane, click

System protection.



Under Protection Settings, click Configure.

Under Disk Space Usage, click Delete.

Click Continue, and then click OK.

 

[cottonball]

trampy,

Please go to the: Farbar Recovery Scan Tool Download

Select the 64-bit version.
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to disclaimer.
Press the Scan button.

FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply. <<---
The first time the tool is run, it also makes another log: Addition.txt
Also post the: Addition.txt <<---

 

[trampy]

Here are the logs.

 

[VistaKing]

You do have a rootkit and files that need to be removed .

cottonball will take care of that for you

 

[trampy]

Ty for all the help.

 

[cottonball]

Still have more work to do, but, it will be sometime Sunday afternoon.

My eyes are closing...

 

[VistaKing]

Once we remove the malicious software I do recommend uninstalling Spybot - Search & Destroy

Using RevoUninstaller

Download Free Version :ar:
Download



30-Day Trial Pro for 64-bit Programs :ar:
Download



Right-click Revo Uninstaller choose Run as administrator to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Advanced option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

 

[jimbo45]

Hi there
Once you've got this issue fixed make a BACKUP of a CLEAN copy of Windows - then if this type of event happens again just wipe the HDD / partition and restore the OS.

If you don't have a clean backup then my recommendation is re-install Windows --I'd NEVER trust a computer that had been infected and "cleansed". 100% for me every time - wipe the HDD / partition and total re-install of the OS.

My view anyway is that NO Virus removal tool is ever 100% reliable --same as A/V protection itself --it's not really possible to protect a computer 100% either - although with some safe surfing and practices and say something like MSE you should normally be fine.

IMO you are much better off - particularly if browsing "dubious / torrent" sites to do your Internet browsing on a VIRTUAL machine so you can just delete it if it gets infected and simply start a new one.

However regular BACKUP if you don't use VM's though is recommended.

BTW if you separate the OS + pgms partition from your own data (photos, documents, multi-media etc) a typical backup should only take around 20 - 30 mins --same for a restore so you are hardly needing to spend a lot of time on this --you could do your backup at night too. If you swap / change HDD's as well then just restore the backed up image to the new HDD -- simple too.

If you have an SSD - backup / restore becomes even quicker -- on my system complete OS backup takes JUST 7 (yes SEVEN) minutes. !!! Restore takes 12 since I'm restoring the image from a USB device. Hardly a large time consumer -- I always take a backup before installing anything / looking at certain websites etc etc. Backup / Restore is Much better than using uninstallers / registry fixed etc etc.

Use something like FREE MACRIUM for backup and restore if you don't want to pay for a commercial solution. I use Acronis (paid product) but Free Macrium should be fine for your needs.

Cheers
jimbo

 

[trampy]

OK I deleted spybot sd, Im sorry I was falling asleep only part of the message I paid attention to was
" I do recommend uninstalling Spybot - Search & Destroy "