Fake FBI Trojan Locked Up My PC! Help?

  • Active since 1995, Hearth.com is THE place on the internet for free information and advice about wood stoves, pellet stoves and other energy saving equipment.

    We strive to provide opinions, articles, discussions and history related to Hearth Products and in a more general sense, energy issues.

    We promote the EFFICIENT, RESPONSIBLE, CLEAN and SAFE use of all fuels, whether renewable or fossil.
  • Super Cedar firestarters 30% discount Use code Hearth2024 Click here
Status
Not open for further replies.
Hearth Mistress

Hearth Mistress

Minister of Fire
Jan 24, 2012
852
Pt Pleasant, PA (SE PA)
www.linkedin.com
I'm not completely computer stupid but this one is beyond me. It is a fake page that tells me the FBI knows I have stolen software, kiddie porn, etc and unless I go buy a $300 money order my computer will remained locked. It also warns that If I try to bypass the warning my hard drive will be erased. None of which is true or going to happen.

However, I can't get it off, can't get into safe mode at all in anyway, it will let me select safe mode but immediately reboots in normal mode and the warning page is there. I cannot do anything and reading about how to fix it online all talks abut going into safe mode and selecting a previous restore point to get rid of it. While that has worked for many others, I can't get this sucker into safe mode, even unplugged from the internet, it goes right back to the warning page with no other controls.

We run windows 7 home edition on a Dell about 2 years old. My cable provider and anti virus software provider told me that they can't prevent or control malware or trojan attacks because they are often downloading unbeknownst to the user on a picture or video. They can't possibly control all of the content out there.

I have a work laptop and an iPad too but really want my home PC fixed so my hubby can use it again.

Any ideas out there that don't require safe mode? I don't want to totally restore the computer if there is another option but don't trust myself to sit and do pages of reg edits either.

Any info is appreciated!
 
Same thing happened to me. Win7 on a Dell desktop. Was careful to not fiddle around with anything, called a local professional computer dude who specializes in Windows and works from his home. Super guy, knew immediately what I was talking about. I took my computer to him, and the next day he called and said..."All done, cleaned up, tuned up a little, come get it". He charged me ~$100.00. No complaints. Found him in the phone book. It was a holiday...first place I called didn't answer...he did. Duh. I get occasional info e-mails from him. He's a pro. Rick
 
Tough one. The only way I know to stomp it is by running malwarebytes from a USB flash drive. But that is from safe mode. <>
 
My wife had a similar issue and I had to reformat the hard drive and start from scratch. Do you have the factory discs that came with the pc?
 
daveswoodhauler said:
My wife had a similar issue and I had to reformat the hard drive and start from scratch. Do you have the factory discs that came with the pc?
Click to expand...
There are no "discs" sent out anymore, its on a partition of the hard drive, no recovery disks and since I can't get into safe mode, I can't access that partition or at least I don't think I can.

BrotherBart said:
Tough one. The only way I know to stomp it is by running malwarebytes from a USB flash drive. But that is from safe mode. <>
Click to expand...
I just looked at the boot sequence in the bios menu and it looks like I can boot from a USB device or CD. I think I can burn a cd from my laptop so maybe I'll try that before trying anything else.

I hope the people who create this crap rot in hell!
 
First off, just want to make clear I'm not an expert on this.

Hearth Mistress said:
There are no "discs" sent out anymore, its on a partition of the hard drive, no recovery disks and since I can't get into safe mode, I can't access that partition or at least I don't think I can.
Click to expand...

F8 Startup Options should include Safe mode with command prompt-- if you can get into that you might be able to access that partition.

If you can get into safe mode command prompt, see:
http://malwaretips.com/blogs/fbi-cybercrime-division-icspa-virus/
about restoring to previous configuration via command prompt

That link looks straightforward and promising if you haven't seen it yet.

Note the msconfig step. I was thinking of suggesting trying that from regular mode as a remedy to prevent the loading of the virus at startup but apparently that won't work.

Edit: If you can't get into safe mode-command prompt then you need to start at method 4 in the link -- loading Hitman pro onto a flash drive.

Note: Hitman is offered as a 30 day free trial but installed on your flash drive only you shouldn't have to worry about it annoying you. I use Malwarebytes and can recommend it but know nothing about Hitman other than it's available at shareware sites as a trial and what I see on this page. If it's the only way to get into windows by booting from the flash drive with Hitman on it, seems worth the try.

If for some reason you can't fix it and it looks like the only thing left is a reinstall of windows, it's probably a good idea to first try a "repair install". This is different from repair console. Repair install, if it is available as an option for you will keep your current installation but often fixes problems. Something to consider.

In the future, for safer browsing and downloading, you might want to look into setting up a VM virtual machine to run a browser in for questionable sites. You can test run questionable software on the VM without it affecting your real system. VMware is free as are some others.
 
It's called ransomware, I had it once too. Malwarebytes was my goto page for the solution. I believe I was able to browse for a short time before the FBI page would show up.
 
Do you have more than one user account on your PC? Would you be above creating one? If you create a new user (but be aware this has other implications) - you will more than likely be able to run malwarebytes and test the whole machine. Going back to a single user machine can be a PIA.
 
Try ctrl f11 at startup, should got you to system restore.
Also there are some AV programs that will boot from a disc that run under Linux,
I think I have free one from Kaspersky.
 
Start up in safe mode. Restore the system to an earlier save date. That should hopefully do the trick.
 
  • Like
Reactions: save$
I got exactly the SAME thing. I got on one of my other computers and googled a fix for it. You can get step by step instructions that way.Took about an hour to fix. I suggest you fix it yourself so you have the knowledge to do it as it is quite common. There is also a step if safe mode dont work which was the case with my comp.
 
Sisu said:
Start up in safe mode. Restore the system to an earlier save date. That should hopefully do the trick.
Click to expand...
I can't get into safe mode to load a restore point, that is the issue. It will allow me to go into all of the safe mode options but as soon as it gets to safe mode, it immediatly reboots to normal mode with that stupid page, only option is to turn off by ho,ding in the power button, no other commands work!
 
Jags said:
Do you have more than one user account on your PC? Would you be above creating one? If you create a new user (but be aware this has other implications) - you will more than likely be able to run malwarebytes and test the whole machine. Going back to a single user machine can be a PIA.
Click to expand...
I only have 1 user set up because my hubby is the only one that uses it. I have a work laptop, work iPad and personal iPad so I really don't use it. I have no issue creating a new user but in the state it is in, don't know that I can. This happened after my deafest husband spent several hours watching videos on line. I will absolutely set up an admin user once I get this squared away! Thanks for the idea!
 
Dave A. said:
In the future, for safer browsing and downloading, you might want to look into setting up a VM virtual machine to run a browser in for questionable sites. You can test run questionable software on the VM without it affecting your real system. VMware is free as are some others.
Click to expand...

My husband watches videos online posted on boards similar to ours here but they are mostly you tube videos on firearms, military field footage,etc - no porn ;)

I'm not sure exactly what a virtual machine is but I will look into it as I am really sick of these trojans and malware. This is the first time I haven't been able to get into safe mode though, these creeps are getting really good at screwing unsuspecting users!
 
Gun porn is an easy target. If you have a root virus and it sounds like you do, you will have to try booting from a USB drive or CD with a basic OS and root bug removal software. But if your hubby visits eastern European weapons websites I wouldn't bother. Their malware is getting very sophisticated and they have a defense against this too. The only recourse in that case is a low level format of the drive and reinstallation of the OS.
 
My laptops have CD/DVD drives so I can boot from them if I have to. Usually you can download that stuff and burn a system CD from the computer manufacturing site. For example Toshiba has them for my systems. Dell has a lot of that stuff online, I would look there. Or look on the box that your system came in, maybe it had a system CD in there? My older laptop has a CD that will restore that system to the minimum original configuration that it came in, and download the rest from Toshiba off the net. Worst case reformat the HD and reinstall the application SW on it.

These guys that write this malware stuff, they should be crucified. You have to run virus and malware protection all the time now. I use Microsoft which is free for earlier versions, and runs automatically on Windows8. It is fairly low profile and pretty good. Norton has become so system resource greedy that it has become a worm in itself, sucking up way too much system overhead, and it also spawns tons of pop-ups, reminders, and stupid status windows. I nuke that on any system I buy, and even that is a PITA to remove from any system now. They have all these pop-ups asking if you really really really want to remove Norton and be EXPOSED TO THE HORRORS OF THE EARTH (meaning Nigerians)... makes you wonder if Norton is not paying these gins to write malware so they make more money 'protecting' people from it with subscriber services.

Good luck. Videos are but one source of malware. SPAM is the most common source of virus, worms, spyware and malware. Never open any email attachment from anyone that you do not know. Also do not store email on your home system. Use a free service like Yahoo or Gmail and let their servers store it for free.
 
Clicking on ads on suspect sites is another portal to disaster. Don't do this.
 
Virus writers are giving porn sites a bad name. >>
 
I just found my jump drive and downloaded Hitman on to it. It is too late to screw around with it now but will give it a whirl in between my conference calls Friday, I work from home so no one but the bird and the dogs will hear me curse at it. Worse case, I can reformat as there isn't much stored on it but that will be my last resort. I appreciate all the help, you guys are great!!

Gun porn killed my PC, I'm convinced and knowing my hubby, as an avid collector, has an unhealthy obsession with all military firearms, especially eastern european models new and old, that is for sure the culprit! If he wasn't sleeping, I'd be yelling at him ;)
 
Get hubby his own computer. An older Mac will suffice.
 
Or get him a PC and put Linux on it. Few viruses or malware are written for Linux or UNIX systems.

As for eastern Europe and viruses, when I was a computer design engineer in the high tech glory days, I worked with several guys that had escaped from the eastern block. One from Bulgaria had 2 PhDs, and he said he made less money than bricklayers under the communist system. He was forced by the DS (Bulgarian secret police) with other engineers to write computer virus programs to bring down the evil western empire. That is why eastern Europe is notorious for malware and computer viruses. The skills remain. The guy from Bulgaria (his name was Vess) became a dissident, and he was sent by the DS to Libya as punishment to work with Gaddafi's Soviet support group. He was there when Reagan bombed Gaddafi's tent from aircraft carriers. The Soviets had suddenly disappeared a dew days before the bombing, and Gaddafi was furious with them as they obviously were tipped off that the bombing was going to happen ahead of time. So he took away their vodka. Well, Russians simply cannot function without vodka. So as it turns out Vess was from a local village that made brandy. He knew how to make a still, and how to sprout wheat and ferment it in a bathtub, and then cook it to distill it to the beverage that the Russians required to keep going. I asked him how much he made, and he replied, "How much to you want?" Basically he could make as much as they wanted... he was eventually able to trade vodka for a weekend pass to Greece. Once in Greece, he made his way to Austria. Austria had no extradition treaty with the eastern block. Once he made it there he was sponsored by a US company and eventually got a visa to work in the US. I went on a trip with him to Boston the same week he became a US citizen. He was so happy to be out of the mess of Eastern Europe and the computer virus factory that he was forced to work in.

Sorry, a bit off track there... anyway, Eastern Europe is one of the origins of computer virus and malware, and it remains so today.
 
begreen said:
If you have a root virus and it sounds like you do, you will have to try booting from a USB drive or CD with a basic OS and root bug removal software.
Click to expand...

I believe this is the specific version that she is fighting:
FBI Cybercrime Division virus.

If you haven't seen this link, check it out. If you can get to regedit, start by doing those steps. It may allow for a reboot that doesn't crank up the virus stuff and allow you to work with the PC.
http://www.2-spyware.com/remove-fbi-virus.html
 
Status
Not open for further replies.

Similar threads

thewoodlands
  • Locked
New Virus
Replies
2
Views
978
The Inglenook
Defiant
Defiant
Top Bottom