Help With FBI Fake Virus - Malwarebytes Did Not Detect It

Discussion in 'Security' started by muskyx1, Nov 5, 2012.

  1. muskyx1

    muskyx1 Member

    Joined:
    Apr 20, 2005
    Messages:
    128
    Likes Received:
    0
    So my PC was locked up by that Fake FBI MoneyPack virus. Rebooted into safe mode and ran Malwarebytes using the latest updates (it was already installed at the time of the infection). Problem now is that it did not detect it.

    Would really appreciate some help.
     
  2. KeithP

    KeithP Diamond Member

    Joined:
    Jun 15, 2000
    Messages:
    5,140
    Likes Received:
    1
  3. SagaLore

    SagaLore Elite Member

    Joined:
    Dec 18, 2001
    Messages:
    24,000
    Likes Received:
    0
    Your safest action is to back your stuff up, and reformat the drive (including resetting the mbr).

    If you visit risky sites, you should log in with a limited user account, use firefox with noscript, keep flash up to date, don't let the browser invoke adobe reader, and uninstall java if you don't need it.
     
  4. muskyx1

    muskyx1 Member

    Joined:
    Apr 20, 2005
    Messages:
    128
    Likes Received:
    0
    Weird, I have WinPatrol installed which detects unwanted start Up programs and asks you if it's OK. When I booted into safe mode, the latest start up program entry was userinit.exe. I ran both Malwarebytes and SuperAntiSpyware, and both found nothing. I booted up in regular mode and the Fake FBI screen popped up again. I booted back into safe mode and deactivated the userinit.exe start up program in WinPatrol, and again booted up normally. The fake FBI screen has yet to return. Is it possible that the userinit.exe is also fake and related to this FBI malware? Every 5 minutes or so, WinPatrol warns me that it's trying to re-join the start up programs again.
     
    #4 muskyx1, Nov 6, 2012
    Last edited: Nov 6, 2012
  5. jmarti445

    jmarti445 Senior member

    Joined:
    Dec 16, 2003
    Messages:
    299
    Likes Received:
    0
    I can easily assist, remove the virus from the startup folder and reboot windows, its a scareware and easy to remove.
     
  6. Iron Woode

    Iron Woode Lifer

    Joined:
    Oct 10, 1999
    Messages:
    21,591
    Likes Received:
    6
    MSCONFIG is your friend at this point. Disable everything in Start Up and then reboot and see what happens.

    Malwarebytes isn't perfect. You can also try MSE.

    I bet Hitman Pro can remove this infection.
     
  7. ZimZum

    ZimZum Golden Member

    Joined:
    Aug 2, 2001
    Messages:
    1,282
    Likes Received:
    0
    Emsisoft emergency kit.
     
  8. MadScientist

    MadScientist Platinum Member

    Joined:
    Jul 15, 2001
    Messages:
    2,002
    Likes Received:
    0
    #8 MadScientist, Nov 10, 2012
    Last edited: Nov 10, 2012
  9. Danimal1209

    Danimal1209 Senior member

    Joined:
    Nov 9, 2011
    Messages:
    355
    Likes Received:
    0
    Using MSCONFIG > Startup Tab > the second column shows manufacturer. Usually, illegitimate software will say Unknown.
     
  10. tcsenter

    tcsenter Lifer

    Joined:
    Sep 7, 2001
    Messages:
    17,689
    Likes Received:
    1
    Offline detection and cleaning FTW. I always keep an external enclosure handy, for PATA and SATA, in both 2.5" and 3.5". Anyone comes to me with one of these nasty rogue programs, drive automatically goes into an external enclosure and I run three proggies on it from another computer; MSSE, MalwareBytes, and then a top AV product like Norton, BitDefender, or Kaspersky. Sure, it takes a while, but its not like you must sit there watching the progress indicator.
     
  11. NiceCold

    NiceCold Senior member

    Joined:
    May 14, 2011
    Messages:
    543
    Likes Received:
    0
    still no work?

    use combo fix but i do not recommend as it is advance and can mess up your pc. use at your own risk.



    ps. can watch porn in linux ubunto live cd catch virus?
     
    #11 NiceCold, Nov 25, 2012
    Last edited: Nov 25, 2012
  12. smakme7757

    smakme7757 Golden Member

    Joined:
    Nov 20, 2010
    Messages:
    1,479
    Likes Received:
    0
    Format.

    Once you're infected there is no guarentee that you can completely scrub your system.

    The aim of the game is to not get infected, once you are - Format!
     
  13. jrob6519

    jrob6519 Member

    Joined:
    May 10, 2011
    Messages:
    35
    Likes Received:
    0
    I agree...full format only real cure!
     
  14. T_Yamamoto

    T_Yamamoto Lifer

    Joined:
    Jul 6, 2011
    Messages:
    13,811
    Likes Received:
    2
    I was able to get rid of it with malwarebytes.
     
  15. smakme7757

    smakme7757 Golden Member

    Joined:
    Nov 20, 2010
    Messages:
    1,479
    Likes Received:
    0
    What's your plan for not getting infected again?
    Such a massive virus is bound to leave bits and pieces all over the place.
     
  16. MadScientist

    MadScientist Platinum Member

    Joined:
    Jul 15, 2001
    Messages:
    2,002
    Likes Received:
    0
    Almost 90% of the computer repair work I do now is cleaning infected computers. I totally agree that the only sure way of getting rid of a virus is to format and re-install the OS, but I also agree with John's statement from his website.

    "Ok, I'm infected. What about a fresh Windows install? If you reinstall the operating system then you'll need to reinstall Windows updates (unless you have a slipstreamed copy), drivers, assorted software, tweaks, and all of your other peripherals which could easily take several hours. You'll then need to figure out how you were infected in the first place in order to prevent it from happening in the future. This is one of the main reasons that I rarely recommend a clean install. As long as you take the time to learn how to clean an infected system a fresh Windows install should be a last resort (unless you have a recent known good image of your drive)." http://www.elitekiller.com/malware.htm

    The only time I format and reinstall the OS is when the OS is beyond repair, or the person has a good image of the drive. I have yet to encounter the latter.

    Most people, no matter how many times I tell them to do so, never backup their important files, i.e., music, pictures, documents. An infected computer I worked on this week had 92GB of music files on it.

    To answer smakme7757's question. Quoting John again: "The fact is that no single antivirus or antispyware application can successfully remove all malware circulating around the internet. It's not unusual to resort to an arsenal of security products in an attempt to ensure that everything has been properly removed."

    If your computer is infected go to John's website, download his rogue removal kit, unzip it and read his Readme.pdf file.

    To keep your computer from being infected again read and follow mechBgon's "How (and why) to secure your Windows PC" http://www.mechbgon.com/build/security2.html

    And as John points out: "Most of all I can't stress enough how important it is to use common sense!"
     
    #16 MadScientist, Dec 1, 2012
    Last edited: Dec 1, 2012
  17. T_Yamamoto

    T_Yamamoto Lifer

    Joined:
    Jul 6, 2011
    Messages:
    13,811
    Likes Received:
    2
    Tell my brother (it was his lappy that got the virus) to use better judgement.
     
  18. SparkyJJO

    SparkyJJO Lifer

    Joined:
    May 16, 2002
    Messages:
    13,352
    Likes Received:
    2
    Awful lot of "nuke happy" people on here :p

    It IS quite possible to fully disinfect a PC, and in most cases it isn't that hard to remove any remaining traces. I do it at work all the time. Aside from some people who just can't stay away from the dark corners of the internet I rarely have a reinfection.
     
  19. JEDIYoda

    JEDIYoda Lifer

    Joined:
    Jul 13, 2005
    Messages:
    23,888
    Likes Received:
    5
    Please describe in detail what you are talking about?

    Many experienced users have had issues with the FBI warning virus....
     
  20. VirtualLarry

    VirtualLarry Lifer

    Joined:
    Aug 25, 2001
    Messages:
    33,357
    Likes Received:
    27
    My friend just got this on his computer, while he was away for the day.

    I asked him if he has Java installed, he said yes.

    I told him it was probably a poisoned ad.
     
  21. JEDIYoda

    JEDIYoda Lifer

    Joined:
    Jul 13, 2005
    Messages:
    23,888
    Likes Received:
    5
    Its quite a bit worse than a poisoned add.....if it is the FBI fake virus it locks your computer up......

    Foe the people that have the real FBI virus its no laughing matter.....

    I am sorry to inform you that you don`t get this virus by leaving and coming back to your computer...
     
  22. VirtualLarry

    VirtualLarry Lifer

    Joined:
    Aug 25, 2001
    Messages:
    33,357
    Likes Received:
    27
    You can, if you leave a web page open, that has rotating ads, that come from an ad server that is hacked or otherwise distributing "poisoned" ads, and your local computer system has a currently-exploitable vulnerability, like current versions of Java.
     
  23. VirtualLarry

    VirtualLarry Lifer

    Joined:
    Aug 25, 2001
    Messages:
    33,357
    Likes Received:
    27
    The sad irony is, if you've heard how this "FBI moneypak virus" works, the new "Six Strikes" system being implemented by ISPs around the country, in concert with demands from the RIAA/MPAA, is eerily similar.

    Suddenly, whereever you browse on the internet, a page pops up, accusing you of something, and you either have to admit guilt, or pay a fine to contest it.

    And your internet connection can be throttled, or cut off.

    All without you actually doing something wrong.
     
  24. JEDIYoda

    JEDIYoda Lifer

    Joined:
    Jul 13, 2005
    Messages:
    23,888
    Likes Received:
    5
    I am sorry that will not happen if you are on a legitimate site and not some questionable porn site or other site.....
     
  25. VirtualLarry

    VirtualLarry Lifer

    Joined:
    Aug 25, 2001
    Messages:
    33,357
    Likes Received:
    27
    Even legit site's ad servers have been compromised. LegitReviews was compromised a few months back, and even these forums have had their ad servers compromised at least once in the past. What you say, simply isn't true.