EvilZone
Community => General discussion => : silenthunder December 30, 2012, 05:06:03 AM
-
Well it was either google or you guys, and I think I'd rather hear firsthand knowledge from you guys that know what to do right away.
My friend somehow got this virus on his computer and brought it to me to get fixed. Here is a description of the virus:
1: Turn on the computer (Windows 7)
2: Type in password to log on
3: Desktop starts to load, taskbar flashes a time or two, screen goes black for a few seconds
4: The screen fills with a warning from "Internet Crime Complaint Center/Department of Federal Bureau of Investigations"
5: A section of the warning reads: "You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article" blahblahblah
6: "Fines may only be paid within 72 hours after the infringement." after the 72 hours im going to court blahblahblah
7: At the bottom there's a MoneyPak logo that's clickable and gives you steps on how to pay the $500 fine, which is also filled with terrible word choice: "Look for a MoneyPak in the prepaid section. Take it to the cashier and load it with a cash of $500" shit shit shit blahblahblah
8: The virus also activates the webcam and plays back a live feed of yourself.
9: I have no access to anything really, the CTRL+ALT+DEL command works but if I click taskmanager or anything, it's clear that it opens but the virus screen returns immediatly.
I've dealt with viruses before but I've never seen anything like this. All I would like help with is, how can I trick it or get around it to be able to view the desktop and stuff? I can probably handle it from there but tips are very appreciated :D.
Thanks
-
Boot into safemode, download and run this
It seems to work the best
http://www.bleepingcomputer.com/download/combofix/ (http://www.bleepingcomputer.com/download/combofix/)
-
Boot into safemode, download and run this
It seems to work the best
http://www.bleepingcomputer.com/download/combofix/ (http://www.bleepingcomputer.com/download/combofix/)
Well, I've got time and nothing to lose, I'm goin for it.
-
I've seen this virus several times and so far, that's the only thing that's really got rid of it
-
+1, I didn't even think of safe mode. It's now in my memory banks and I think I'll get that combofix software anyways rather than just doing it myself, if it seems to work so well.
EDIT: This program seems to work very well actually, got rid of it rather quickly, thank you for the help.
EDIT: Damnit, it was going so well and it deleted 3 files but its still there.
-
Malware bytes mate, boot into safe mode (should always do this) and make sure it's disconnected from the net as well (just a good habit) then run malware bytes on it. either install it to the comp or onto a flash drive. I'd personally go flashdrive, then after the computer is clean you can update it and then proceed to use it whenever this happens again.
-
I haven't had much luck with malware bytes with this particular virus but you might as well try it. I'm surprised combo fix didn't get rid of it completely. It's always worked for me no problem
-
Just go to msconfig and unmark strange contents from the startup tab, if it marks itself again. Then you will have to search for the virus files in safemode and delete them with cmd prompt. This might help,
www.evilzone.org/tutorials/become-an-antivirus/msg12115/#msg12115
-
That sounds like an awesome virus :)
Just indentify the files, bootup a linux live CD and remove it , easy as that.
While your at it install it :P
-
That's the FBI virus. I deal with it at work all the time. Google on FBI virus removal specifically. It will show you where the files are and all.
-
lol I never heard of such a virus before. Scammers are getting clever :D before it was fake AV's (scareware) and now it's FBI virus... (still falls under scareware).
-
I haven't done it in awhile but you can boot up a live linux cd like Proxx mentioned and get clamav going on the drive or manually remove them. Unfortunately it won't affect anything in the registry. With Clamav.
-
lol I never heard of such a virus before. Scammers are getting clever :D before it was fake AV's (scareware) and now it's FBI virus... (still falls under scareware).
We call it ransomware at work if it asks for money.
-
lol I never heard of such a virus before. Scammers are getting clever :D before it was fake AV's (scareware) and now it's FBI virus... (still falls under scareware).
This is more of ransomware or something along those lines, it wants you to dump $500 into a bank account to get rid of it.
We call it ransomware at work if it asks for money.
Sorry didn't see that post lol, now I'm not as dumb as I thought I was..anyways, my mom ended up googling it while I was at work and I think she's got the tut and will fix it for me..
-
ransomeware lol. we should make hostageware while we're at it
-
ransomeware lol. we should make hostageware while we're at it
haha yeah, good one :)
-
ransomeware lol. we should make hostageware while we're at it
lol what will it do? Take the computer as a hostage and demande money for its freedome ?
-
lol what will it do? Take the computer as a hostage and demande money for its freedome ?
I believe this (http://en.wikipedia.org/wiki/PGPCoder) is pretty close. Granted, it doesn't actually physically lock the computer and leave you a note asking for money. That would be a pretty badass program.
What's interesting is that the authors were honest. Paid up, they gave you the resources for decryption (at least for certain variants).
-
I haven't done it in awhile but you can boot up a live linux cd like Proxx mentioned and get clamav going on the drive or manually remove them. Unfortunately it won't affect anything in the registry. With Clamav.
to change the registry via cmd use the command REG[parameters] registry/location.
this sound like a real badass virus. i wanna to run it in a virtual machine just to see what happens. ;D
-
I heard that some people had luck booting to safemode then restoring their computer to a few days before. Then update java and flash as those are the possible attack points and the exploit has since been patched. And yeah, ransomware is quite a clever idea, I remember there was some fake antivirus ransomware on a family member's computer that said you had a virus and that you had to buy their bullshit software to clean it.
-
Rescue Disk might help. Btw where i can get this virus, I want to run it on virtual pc.
-
My mom ended up taking it from me while i was out the other night and looked up a tutorial to get rid of it
-
If you have a chance to grab the sample, please do an MD5 of the executable.
Perhaps it's been researched before (most likely), and as such, you'll be able to find it easily on live malware repositories.
If you can't do an MD5 of it, just zip it and set the password "infected". Do it like the pro's. ;)
-
If you have a chance to grab the sample, please do an MD5 of the executable.
Perhaps it's been researched before (most likely), and as such, you'll be able to find it easily on live malware repositories.
If you can't do an MD5 of it, just zip it and set the password "infected". Do it like the pro's. ;)
Unfortunately my mom cleaned it as thoroughly as possible and I wasn't allowed to keep it a little longer so I had to return it to my friend. The main think I wanted to know is how she got rid of it, because it'd be a nice addition to my knowledge base, but having that virus and taking out certain elements would be nice for pulling things on my other friends..