Help With FBI Fake Virus - Malwarebytes Did Not Detect It

[muskyx1]

So my PC was locked up by that Fake FBI MoneyPack virus. Rebooted into safe mode and ran Malwarebytes using the latest updates (it was already installed at the time of the infection). Problem now is that it did not detect it.

Would really appreciate some help.

[KeithP]

You might try the free edition of SuperAnti Spyware. You could also take a look at http://windows.microsoft.com/en-US/w...fender-offline

-KeithP

[SagaLore]

Your safest action is to back your stuff up, and reformat the drive (including resetting the mbr).

If you visit risky sites, you should log in with a limited user account, use firefox with noscript, keep flash up to date, don't let the browser invoke adobe reader, and uninstall java if you don't need it.

[muskyx1]

Weird, I have WinPatrol installed which detects unwanted start Up programs and asks you if it's OK. When I booted into safe mode, the latest start up program entry was userinit.exe. I ran both Malwarebytes and SuperAntiSpyware, and both found nothing. I booted up in regular mode and the Fake FBI screen popped up again. I booted back into safe mode and deactivated the userinit.exe start up program in WinPatrol, and again booted up normally. The fake FBI screen has yet to return. Is it possible that the userinit.exe is also fake and related to this FBI malware? Every 5 minutes or so, WinPatrol warns me that it's trying to re-join the start up programs again.

[jmarti445]

I can easily assist, remove the virus from the startup folder and reboot windows, its a scareware and easy to remove.

[Iron Woode]

Quote:

Originally Posted by muskyx1

Weird, I have WinPatrol installed which detects unwanted start Up programs and asks you if it's OK. When I booted into safe mode, the latest start up program entry was userinit.exe. I ran both Malwarebytes and SuperAntiSpyware, and both found nothing. I booted up in regular mode and the Fake FBI screen popped up again. I booted back into safe mode and deactivated the userinit.exe start up program in WinPatrol, and again booted up normally. The fake FBI screen has yet to return. Is it possible that the userinit.exe is also fake and related to this FBI malware? Every 5 minutes or so, WinPatrol warns me that it's trying to re-join the start up programs again.

MSCONFIG is your friend at this point. Disable everything in Start Up and then reboot and see what happens.

Malwarebytes isn't perfect. You can also try MSE.

I bet Hitman Pro can remove this infection.

[ZimZum]

Emsisoft emergency kit.

[MadScientist]

I would run rkill in safe mode with networking first. http://www.bleepingcomputer.com/download/rkill/ Then check your LAN settings in IE that proxy server is not checked. Then run MBAM.

http://www.fixpcyourself.com/how-to-...oneypak-virus/

If MBAM still does not detect it try this, run rkill first:
http://www.bleepingcomputer.com/viru...pak-ransomware

[Danimal1209]

Using MSCONFIG > Startup Tab > the second column shows manufacturer. Usually, illegitimate software will say Unknown.

[tcsenter]

Offline detection and cleaning FTW. I always keep an external enclosure handy, for PATA and SATA, in both 2.5" and 3.5". Anyone comes to me with one of these nasty rogue programs, drive automatically goes into an external enclosure and I run three proggies on it from another computer; MSSE, MalwareBytes, and then a top AV product like Norton, BitDefender, or Kaspersky. Sure, it takes a while, but its not like you must sit there watching the progress indicator.

[NiceCold]

still no work?

use combo fix but i do not recommend as it is advance and can mess up your pc. use at your own risk.



ps. can watch porn in linux ubunto live cd catch virus?

[smakme7757]

Format.

Once you're infected there is no guarentee that you can completely scrub your system.

The aim of the game is to not get infected, once you are - Format!

[jrob6519]

I agree...full format only real cure!

[T_Yamamoto]

I was able to get rid of it with malwarebytes.

[smakme7757]

Quote:

Originally Posted by T_Yamamoto

I was able to get rid of it with malwarebytes.

What's your plan for not getting infected again?
Such a massive virus is bound to leave bits and pieces all over the place.

[MadScientist]

Almost 90% of the computer repair work I do now is cleaning infected computers. I totally agree that the only sure way of getting rid of a virus is to format and re-install the OS, but I also agree with John's statement from his website.

"Ok, I'm infected. What about a fresh Windows install? If you reinstall the operating system then you'll need to reinstall Windows updates (unless you have a slipstreamed copy), drivers, assorted software, tweaks, and all of your other peripherals which could easily take several hours. You'll then need to figure out how you were infected in the first place in order to prevent it from happening in the future. This is one of the main reasons that I rarely recommend a clean install. As long as you take the time to learn how to clean an infected system a fresh Windows install should be a last resort (unless you have a recent known good image of your drive)." http://www.elitekiller.com/malware.htm

The only time I format and reinstall the OS is when the OS is beyond repair, or the person has a good image of the drive. I have yet to encounter the latter.

Most people, no matter how many times I tell them to do so, never backup their important files, i.e., music, pictures, documents. An infected computer I worked on this week had 92GB of music files on it.

To answer smakme7757's question. Quoting John again: "The fact is that no single antivirus or antispyware application can successfully remove all malware circulating around the internet. It's not unusual to resort to an arsenal of security products in an attempt to ensure that everything has been properly removed."

If your computer is infected go to John's website, download his rogue removal kit, unzip it and read his Readme.pdf file.

To keep your computer from being infected again read and follow mechBgon's "How (and why) to secure your Windows PC" http://www.mechbgon.com/build/security2.html

And as John points out: "Most of all I can't stress enough how important it is to use common sense!"

[T_Yamamoto]

Quote:

Originally Posted by smakme7757

What's your plan for not getting infected again?
Such a massive virus is bound to leave bits and pieces all over the place.

Tell my brother (it was his lappy that got the virus) to use better judgement.

[SparkyJJO]

Awful lot of "nuke happy" people on here

It IS quite possible to fully disinfect a PC, and in most cases it isn't that hard to remove any remaining traces. I do it at work all the time. Aside from some people who just can't stay away from the dark corners of the internet I rarely have a reinfection.

[JEDIYoda]

Quote:

Originally Posted by jmarti445

I can easily assist, remove the virus from the startup folder and reboot windows, its a scareware and easy to remove.

Please describe in detail what you are talking about?

Many experienced users have had issues with the FBI warning virus....

[VirtualLarry]

My friend just got this on his computer, while he was away for the day.

I asked him if he has Java installed, he said yes.

I told him it was probably a poisoned ad.

[JEDIYoda]

Quote:

Originally Posted by VirtualLarry

My friend just got this on his computer, while he was away for the day.

I asked him if he has Java installed, he said yes.

I told him it was probably a poisoned ad.

Its quite a bit worse than a poisoned add.....if it is the FBI fake virus it locks your computer up......

Foe the people that have the real FBI virus its no laughing matter.....

I am sorry to inform you that you don`t get this virus by leaving and coming back to your computer...

[VirtualLarry]

Quote:

Originally Posted by JEDIYoda

I am sorry to inform you that you don`t get this virus by leaving and coming back to your computer...

You can, if you leave a web page open, that has rotating ads, that come from an ad server that is hacked or otherwise distributing "poisoned" ads, and your local computer system has a currently-exploitable vulnerability, like current versions of Java.

[VirtualLarry]

The sad irony is, if you've heard how this "FBI moneypak virus" works, the new "Six Strikes" system being implemented by ISPs around the country, in concert with demands from the RIAA/MPAA, is eerily similar.

Suddenly, whereever you browse on the internet, a page pops up, accusing you of something, and you either have to admit guilt, or pay a fine to contest it.

And your internet connection can be throttled, or cut off.

All without you actually doing something wrong.

[JEDIYoda]

Quote:

Originally Posted by VirtualLarry

You can, if you leave a web page open, that has rotating ads, that come from an ad server that is hacked or otherwise distributing "poisoned" ads, and your local computer system has a currently-exploitable vulnerability, like current versions of Java.

I am sorry that will not happen if you are on a legitimate site and not some questionable porn site or other site.....

[VirtualLarry]

Quote:

Originally Posted by JEDIYoda

I am sorry that will not happen if you are on a legitimate site and not some questionable porn site or other site.....

Even legit site's ad servers have been compromised. LegitReviews was compromised a few months back, and even these forums have had their ad servers compromised at least once in the past. What you say, simply isn't true.