Particularly Resistant FBI Virus

[boweasel]

Laptop seems to be clean now, but this was laborious. Every place I looked always seemed to start this FBI removal process with a safe mode boot of one sort or another, but I got perpetual BSODs on all of those (by the way it boots just fine into safe mode now)..

I'm just looking for an easier method of removal than what I did. in case it happens again.

I did not post any logs, or even run any of those tools, since I didn't know it was a requirement before I'd composed the topic. Apparently it won't let me post unless I indicate that I have included logs.

 

[kuttus]

Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
• Download List Parts and save it to the flash drive also.
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.
  Note If you do not know how to set your computer to boot from CD follow the steps here
• Wait for the CD to detect your hardware and load the operating system
• Your system should now display a Reatogo desktop
  Note as you are running from CD it is not exactly speedy
• Insert the USB with FRST
• Locate the flash drive with FRST and double click
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
• Next click List Parts and then click Scan
• It will make a log Results.txt on the flash drive. Please copy and paste it to your reply.

 

[boweasel]

Hi and welcome to the malwaretips.com forums!

Uhhhh... maybe this needs to be in a different forum. Did you actually read my post, or did I just get some kind of a form response?

I don't seem to be infected anymore. I clearly listed the steps I have taken to get rid of the virus. If you didn't read my post, how can you possibly be of any assistance? If all I'm going to get are automated responses, just robotically close the topic and I'll look elsewhere.

 

[kuttus]

I requested the log to make sure there is no more infections remain on the computer..... Without the log files we will not be able to tell what is happening on your computer......... I don't know Magic... He he he...

 

[boweasel]

Well, you're sort of missing my point - the laptop is clean. All this is in my post. I ran a full scan of Malwarebytes and it found no malicious objects. I then ran a scan using TdssKiller. Nothing. I then ran a full scan using Security Essentials. Nothing. There seems to be no point in downloading another tool, and running yet another scan on a PC I know to be free of infection.

Further investigation has turned up the information that having an internet connection might be the thing that triggers the BSOD when trying to boot into safe mode, SM w/ networking, or SM w / command prompt. I've seen it suggested that turning off the wireless or disabling thw wi-fi, or even simply unplugging the modem or router with enable a successful boot with SM w/ command prompt. If that's true, then there'd be no need to create a bootable flash drive, etc, etc.

I assumed that you good folks would be on the cutting edge for simple methods of ridding a PC of the FBI virus. I already know how to get rid of it using a Hirens CD and the Registry Restore component of that tool. I was looking for something easier.

 

[kuttus]

If you are sure your computer is free from infection may I know how can I assist you?

 

[boweasel]

If you are sure your computer is free from infection may I know how can I assist you?

I was looking for some sort of an easy Step1, Step 2, Step 3 script. Read paragraph 2 of my last post.

 

[kuttus]

I have given a Easy step in my first post... I don't think it is a Tough step... If it is a tough one for you try

STEP 1: Run a scan with OTL by OldTimer
<ol><li>Download the OTL utility using the below link :
<><a title="External link" href="http://oldtimer.geekstogo.com/OTL.exe" rel="nofollow external">OTL DOWNLOAD LINK</a> <em>(This link will automatically download OTL on your computer)</em></></li>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL.png" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>

Settings You need to Select in OTL

1. Click the Scan All Users checkbox.
2. Change Standard Registry to All.
3. Check the boxes beside LOP Check and Purity Check.

<em>Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="http://www.itxassociates.com/OT-Tools/OTL.scr" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="http://oldtimer.geekstogo.com/OTL.com" rel="nofollow external">OTL.com</a>.</em>

<hr />

 

[boweasel]

I have given a Easy step in my first post... I don't think it is a Tough step... If it is a tough one for you try

STEP 1: Run a scan with OTL by OldTimer
<ol><li>Download the OTL utility using the below link :
<><a title="External link" href="http://oldtimer.geekstogo.com/OTL.exe" rel="nofollow external">OTL DOWNLOAD LINK</a> <em>(This link will automatically download OTL on your computer)</em></></li>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

We are still not on the same page - reread my original post - when I had the virus a normal boot would ALWAYS display the FBI warning - no taskbar, no taskmgr, etc. Every safe mode method would bring a BSOD.

I explained this all in my original post. I could not have possibly downloaded or run an OTL scan from an FBI or BSOD screen.

I'm beginning to believe that asking this forum anything was a waste of my time, and yours.

 

[kuttus]

I don't seem to be infected anymore. I clearly listed the steps I have taken to get rid of the virus. If you didn't read my post, how can you possibly be of any assistance? If all I'm going to get are automated responses, just robotically close the topic and I'll look elsewhere.

First You said you are not infected anymore. Now you are saying you are getting FBI warning... What is going on?

We are still not on the same page - reread my original post - when I had the virus a normal boot would ALWAYS display the FBI warning - no taskbar, no taskmgr, etc. Every safe mode method would bring a BSOD.

I explained this all in my original post. I could not have possibly downloaded or run an OTL scan from an FBI or BSOD screen.

I'm beginning to believe that asking this forum anything was a waste of my time, and yours.

boweasel I know you are not able to boot the computer normally that is why I recommend you the OTLPENet scan which you have to do from the OTLPE Boot CD.... You are not ready to do that one as well..