FBI Anti Piracy scam

[cuzzzzzz]

Hi... my main computer locked up this AM, with an FBI Anti-piracy message stating that I had illegal downloads (wrong) on my computer. Google shows this to be a scam (they request $200 to "unlock" it). I was able to get Malwarebytes running on it, by double clicking on it's icon just before the screen locked (you can reboot through Cont..Alt.. Del).. waiting results. Any known, proven remedies for this virus?

cuzzzzz

[K A Hall]

My experience is Malwarebytes gets rid of it for the most part. It's been a while since I have had to deal with that particular malware though.

[rjfvillarosa]

This is a nice little stand alone app that is very successful in getting rid of that scam.
Emsisoft Anti-Malware - Best antivirus and firewall to protect from viruses, bots, spyware, keyloggers, trojans, scareware and rootkits

[cuzzzzzz]

I was able to get Malwarebytes to do a full scan.. it found no virus. While still able to access my computer I performed a scan with Verizon's current AV program (I pay a monthly fee for this!).. found nothing wrong (I believe Verizon just switched from McAfee to some other company.. maybe that's what let this virus in)

I rebooted, and the FBI virus locked my computer. Since these vandals can get paid via these payment cards that one has to buy at a store and then type in the code on the card, I would think it would be easy to track them down.

I need an AV program that runs immediately from a CD/DVD on bootup. I'll try to contact Emsisoft for suggestions.

Idiots who make these viruses should get long prison terms.

Thanks for all your responses.

cuzzzzz

[rjfvillarosa]

Quote:

Originally Posted by cuzzzzzz Since these vandals can get paid via these payment cards that one has to buy at a store and then type in the code on the card, I would think it would be easy to track them down.

The question that keeps cropping up for me when I have to clean up one of these infections is:- how do you put the payment card information in to your computer when it has frozen you out and it doesn't give you the information to put on the payment card.
Download Emsisoft on to another machine into it's own folder, it doesn't install you run it from the .exe as a standalone. Run the app and update it. You now have two choices. You can slave the harddrive from the infected machine to the machine with Emsisoft and run a scan on the infected harddrive, or copy the whole folder containing the updated Emsisoft to a pendrive and try and run it before the infected machine freezes or try running it in safemode. I have had success with both methods.

[K A Hall]

Now that I think about it I did have to pull the drive / slave it to get rid of this last time. Still I could have sworn Mbytes handled it.

[bob]

Reboot in safe mode with networking then download an antivirus/malware program.
If it starts rightaway then it is in your startup programs. Disable all startup programs if needed

[rjfvillarosa]

Quote:

Originally Posted by K A Hall Still I could have sworn Mbytes handled it.

A fully updated version of malwarebytes will deal with it and best results are when the infected harddrive is slaved to another machine. I am pretty sure the definitions for this pest were released by Malwarebytes about a month ago.

[cuzzzzzz]

Looks like I'll have to slave it. Also, can't get emsisoft to run.. when I click on their EEK folder as directed (on this machine, on a flashdrive, not the infected computer), get an "install the last disk of the multidisk file" error.. have downloaded the thing twice. Also, no answer to my emails to them.

Also, can't get to safe mode on the infected machine.. F8 (and other standard F keys) doesn't work.

Will never understand the mindset of these vandals.

Thanks again for your suggestions.

cuzzzzz

[cuzzzzzz]

two things.. first.. I would think that I could connect the infected IDE hard drive to this computer as slave via a USB adapter/enclosure rather than having to open this case. See any problems?

Second... this computer has the updated FREE malwarebytes program.. is this as full featured as the purchased version? I'm still going to try to get Emsisoft's program working.

i'm computer literate.. actual have assembled several of my computers (the infected one about 4 years ago.. has XP on it (as do ALL my computers... love XP)), so feel free to suggest any more complicated solutions if necessary.

cuzzzzz

[glc]

1. No problem.

IDE/SATA to USB 2.0 Cable Adapter - Turn Your 2.5", 3.5" or 2020

2. Free MBAM is full featured enough. Install Emsisoft on the hard drive of the non-infected computer.

[cuzzzzzz]

Thanks glc.. I've used USB adapters or enclosures many times to get files from my kids drives.

Will try MWB.. having troubles getting emsisoftware going (see posts above).

cuzzzzz

[rjfvillarosa]

cuzzzzz. not sure what problem you are having but the emsisoft app downloads as a zip file, download it from here to it's own folder and unzip it to the same folder.
Emsisoft Free Emergency Kit: portable malware scanner | Free removal of Viruses, Bots, Spyware, Keyloggers and Trojans

[cuzzzzzz]

rfjvillarosa.. thank you for the link.. it worked well (this computer had no malware). Previously I had gone to their homepage directly and everything I downloaded gave the same error message mentioned above.

I'll remove the hard drive from the infected computer either tonight or tomorrow and scan it.

thanks again

cuzzzzz

[rjfvillarosa]

cuzzzzz. out of interest take a read of the latest blog from Malwarebytes about a new Russian ransomeware threat.

Malwarebytes articles and dealing with malware

[cuzzzzzz]

No luck.. you hear a beep when the USB cable is plugged in, then nothing with this hard drive (the first time that I connected it, it said found new HD, but since then it doesn't even do that. Even when it said found new drive it didn't show up in My Computer). I tried it both as master (suggested by the lit with the adapter) and as slave.

When I removed the second hard drive (data) from the corrupted computer and tried with the same adapter, you hear the beep, it's recognized by the computer, and it worked fine, and I scanned that one with both emsisoft and malwarebytes and it was clean.

Looks like the virus is in the boot sector?

Will never understand why people do this.

[rjfvillarosa]

Quote:

Originally Posted by cuzzzzzz second hard drive (data) from the corrupted computer

Is all your data on this second harddrive? Is a format and reinstall of the OS out of the question?

[Jbc223456]

Just out of curiosity, when you hooked your drive up via USB, did you connect the drive up to power as well? I would assume that your computer wouldn't recognize the drive unless the infected drive was connected via USB and through a SATA power connector as well.

[cuzzzzzz]

JBC, Yes... the adapter is coupled with a power supply. Again, works well with 2 other HDs that I tested. It just stops cold once the USB "beep" sounds.

rjfvillarosa, a lot of data is backed up, but the last week or so of data, and tons of photos and some recent videos, weren't. Based on what I'm seeing, I'm not sure that I can access the corrupted HD to format it. I'll probably have to get a new HD. I have all legal programs, but I'm wondering what will happen when I try to install my copy of XP, now that MS doesn't support it. And, of course, the drudgery of re-installing all my programs, ISP settings, etc.

Thanks both of you for your help and interest.. let me know of any ideas or facts that may help me.. I'll keep this thread up to date with any new results that may shed light on the problem.

cuzzzzz

[glc]

XP will reinstall and reactivate with no problem as long as you haven't activated it in the past 120 days.

Formatting a corrupted hard drive is no problem. Put it back in the machine it came out of and boot it with a zero fill utility.

[cuzzzzzz]

Update: When I first bought my USB IDE-adapter I liked it a lot so bought a second to be sure of having a backup. Just to be thorough, I set up my infected hard-drive with the brand new adapter (by Cable s to Go), and the corrupted drive WAS finally recognized. Somehow, between the scan of the data drive from the corrupted computer and trying the main drive a problem occured. So, I scanned it with MalwareBytes last night.. it took over 6 hours, and found nothing mailcious.. and I think it only searched the first (of two) partitions. This morning I tried Emsisoft. I specifically designated the attached, corrupted, drive for scanning, but it started with C: and appears to be going through ALL drives on the computer plus the corrupted one. In just under 2 hours, it is up to the corrupted drive, has found EIGHT risks, including four on the corrupted drive (when I first downloaded Emsisoft it scanned my good C: drive and found nothing wrong.. today some of the at risk files were on C. Still running (73% done).

I'll post final results. If all works out well, looks like I'll be buying the Emsisoft program and dropping Verizon's Security Suite (which as I mentioned above, I think just changed programs)

In today's PCMAG post it mentions a Comodo Cleaning System 6 as a good, free AV program.. anyone familiar with it?

Thanks again all

cuzzzzz

[rjfvillarosa]

I will be very interested to see what Emsisoft comes up with.

[cuzzzzzz]

Success! Thank you all for suggestions and turning me on to Emsisoft. Going to delete MalwareBytes and buy Emsisoft. One thing.. if I install it before I'm able to stop Verizon from continuing their Security Suite (basically McAfee), will I have problems?

Also.. rjfvillarosa.. you mentioned that you (and I'm sure others) would like to know what Emsisoft found, and removed. They found 22 risks (some risks had 2-4 files).. I'd bet most were on the two partitions of the compromised hard drive, but didn't sit and watch for the >5 hrs needed. I'd bet the first 6or more listed here were. I've listed them in the reverse order found, since the corrupted drive's 2 partitions were scanned last:

Gen: Variant.Adware.Solimbail (B)
Riskware:Win32.installIQ (A)
Trojan:Win32.INSTALLIQ.AMN (A)
Adware: win32.KMLIIDW.AMN (A)
Riskware:win32.toolbar.Searchsiter.AMN (A) (word after search unclear)
Adware: win32.yontoo.AMN (A)
Trojan: win32.weelsof.AMN (A)
Trojan: win32.Agent.AMN (A)
Trojan: Sirefef.RG (B)
Riskware:win32.Killapplicat.A (A)
Riskware: win32.Killapp (A)
Exploit: TIFF.gen (B) (first found.. on good computer's C drive)

Agian, thank you all.. I hope the info above help's others.

cuzzzzz

[glc]

I would think that you can simply uninstall the Verizon McAfee suite using add/remove programs.

[rjfvillarosa]

I have seen a few of them before but not all of them, probably the same nasties with different names.
Once you have refitted that harddrive and it is booting up ok, I would uninstall McAfee using Ccleaner and then do a full three pass registry clean using Ccleaner. Let me know how that works out.

Panama Red deserves a thankyou for telling me about Emsisoft in the first place...Well done again Mr Red...

[cuzzzzzz]

I'm sure I'd be able to uninstall it, but I've been paying Verizon a monthly fee for their security suite, so have to go through them (billing, etc) to un-subscribe.

Thanks again all.

[rjfvillarosa]

Thats naughty. Most of the ISP's over here give free security suites, they probably make an allowance for it in your monthly bill but they won't tell you that.....

[cuzzzzzz]

Hmmm.. I sent an email to Emsisoft with some questions that I had... their reply today directed me to check with MalwareBytes re the technical stuff.. the link they gave me didn't work, however.

[Iman74]

Instead of creating a new thread about this I thought to post it here. The FBI virus is getting nastier and almost impossible to remove. Here is what I encountered so far with the newer versions of it:

1. No matter what profile you log into it shows.
2. Sometimes I can get into Safe Mode: lately not so much.
3. Scanning as a secondary drive from another computer I am finding squat. Am I doing something wrong? If I am I can't think of what.
4. Resulting in a lot of rebuilds and that is getting old fast even though my company makes money off of it.
5. One computer that had the variation where even in Safe Mode I can't do anything, I was successful in using MS's bootable CD for Windows Defender and it cleaned it enough so I can load and update Malwarebytes in Safe Mode and clean up the rest plus a lot of manual removals. Malwarebytes is good but far from perfect.
6. That CD didn't work for others though; grrrr..... Meaning I run it and it reports the PC is clean. What the hell???

Any new tools especially something I can boot from that I can use to fight the fight? Again rebuilding this PC's especially when there is a question where the customer put the MS Office license and all their other programs becomes more of a hassle than it's worth.

I should have been a truck driver when I had the chance. :-D