Help with FBI virus aftermath

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />



From which user account do you run the OTL?
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Okay. Now please login to her User Account. After that it will show you a Black Screen like you said before...

Now press on Ctrl + Alt + Delete key on Your Keyboard.... Now it will show you one Task manager. In the task manager Click on File -- > New Task. Inside the New Task Window Type c:\WINDOWS\explorer.exe and press on Ok.

Now you will get your desktop back.... Let me know after that.....
 

Strawhatsheik

New Member
Thread author
May 20, 2013
5
kuttus said:
Okay. Now please login to her User Account. After that it will show you a Black Screen like you said before...

Now press on Ctrl + Alt + Delete key on Your Keyboard.... Now it will show you one Task manager. In the task manager Click on File -- > New Task. Inside the New Task Window Type c:\WINDOWS\explorer.exe and press on Ok.

Now you will get your desktop back.... Let me know after that.....

OM MY GOSH!!! IT'S BACK!! Everything!!! Thanks! THANK YOU SO MUCH!!! I will give it back to her tonight and if she finds anything wrong I'll let you know, but everything seems fine to me!!! Thank you guys so, SO MUCH!!!!
I will be a hero to her!!!
:)
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
It is still not completed... :)


STEP 1: Repair your Windows Registry from this infection malicious changes.

This infection has changed your Windows registry settings so that when you try to start the computer it will load the infections instead of your Windows Desktop.

  1. Download the WinlogOnFix.reg file to fix the malicious registry changes from This infection.
    REGISTRYFIX.REG DOWNLOAD LINK (This link will automatically download the registry fix called WinlogonFix.reg)
  2. Double-click on WinlogonFix.reg file to run it. Click “Yes” for Registry Editor prompt window,then click OK.
<hr />
 

Strawhatsheik

New Member
Thread author
May 20, 2013
5
kuttus said:
It is still not completed... :)


STEP 1: Repair your Windows Registry from this infection malicious changes.

This infection has changed your Windows registry settings so that when you try to start the computer it will load the infections instead of your Windows Desktop.

  1. Download the WinlogOnFix.reg file to fix the malicious registry changes from This infection.
    REGISTRYFIX.REG DOWNLOAD LINK (This link will automatically download the registry fix called WinlogonFix.reg)
  2. Double-click on WinlogonFix.reg file to run it. Click “Yes” for Registry Editor prompt window,then click OK.
<hr />


Hi, I'm sorry I've been gone so long. I just did what you said and ran the windows registry fix thing. Is there anything else I need to do? Thanks so much again!
 

Strawhatsheik

New Member
Thread author
May 20, 2013
5
kuttus said:
Is the computer starting up normally now?

Sadly, no. Her user screen still boots in command mode. I can keep typing in explorer.exe and it boots her screen, but it does not boot regularly. :(
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Okay. Please boot her screen by typing explorer.exe and do the following steps...


STEP 1: Repair your Windows Registry from this infection malicious changes.

This infection has changed your Windows registry settings so that when you try to start the computer it will load the infections instead of your Windows Desktop.

  1. Download the WinlogOnFix.reg file to fix the malicious registry changes from This infection.
    REGISTRYFIX.REG DOWNLOAD LINK (This link will automatically download the registry fix called WinlogonFix.reg)
  2. Double-click on WinlogonFix.reg file to run it. Click “Yes” for Registry Editor prompt window,then click OK.
<hr />
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top