Virus removal help : FBI Cybercrimes locout

[Blinkin]

Hello All:

We have a notebook with Windows 7 that suddenly popped up with a "FBI" lockout screen for "distributing pornography" and while we can get the safe mode to load, we need to find out a reliable way to remove the virus. Anyone out there able to help us?

To make sure that this was malware, we actually called the local field office and inquired... so it is malware... We were told that the vast majority of self removal directions on the web were ineffective, so we're hoping someone knows something that works... the next step is a repair shop and we really can't afford it.

Thanks

[Raveled]

I see that every couple of months on a relative's PC. What I use is a program called Hitman Pro. Download it, and you can install it to a spare USB drive. Stick that in the affected PC, and choose to boot from the stick. It should kill the virus.

[Blinkin]

You see it every couple of months on the same computer? It seems like anit-virus isn't catching it then.

Ok, next question. I have a thumb drive, but it may have a virus on it.. how do I clean the thing without infecting our other computer (This one)? Can I just incert it into a USB port and scan it with anti-virus?

[Oreo]

I was ale to remove it, but I already had Kapersky loaded on our infected PC. I went into Safe Mode with networking, and was able to remove the virus in three steps that each needed a reboot. It took about half and hour. Not sure if it would work do get the Kapersky trial offer while in safe mode.

[Vekseid]

If you have someone with you who can reinstall the OS if something goes wrong:

http://www.bleepingcomputer.com/download/combofix/

Download to thumb drive on clean computer -> Boot into 'safe mode with command prompt' (I'm assuming you have someone sighted helping you? I think this skips accessibility loading, unfortunately : /) -> Manually execute Combofix via the command prompt.

If you are concerned with it reinfecting your clean computer via the thumb drive, you can double-check to make sure that autorun is disabled. on your windows XP machine.

[Rogue]

You see it every couple of months on the same computer? It seems like anit-virus isn't catching it then.

Ok, next question. I have a thumb drive, but it may have a virus on it.. how do I clean the thing without infecting our other computer (This one)? Can I just incert it into a USB port and scan it with anti-virus?

Also, Avast antivirus can scan Thumbdrives and remove viruses from them in general. I'm not sure about this specific one though...

[Blinkin]

Well, we thought that we had removed the thing, then we didn't have wireless connection and we activated that and... it came back. Now, we can't even get into safe mode, and when we do, we can't access anything without a 5 minute pause. We've called a repair service and are going to fork out the $140 to get it fixed... not that we can afford it, but can't afford not to. *sighs* Being blind and on a fixed income doesn't allow for this sort of expense and we're still reeling after a bank snafu that left us with a $400 negative balance 6 weeks ago.

God, I love life!

[Trieste]

It sounds like a mild version of what I've heard referred to as 'extortionware' or 'scareware'. It's my understanding that these are ridiculously awful to fix, and really disruptive. I'm really sorry that you have to deal with this, Blinkin.

I would suggest for the future that you either pick up a new thumb drive or wipe an old one clean (or have someone do it for you), then make sure that you have a toolkit installed on said thumb drive. Things like MBAM, combofix, etc.

That leaves you in the future with an uninfected thumb drive toolkit that might be able to help you. You seem to run into problems like this quite a lot. I wonder if it wouldn't be worthwhile to put things like NoScript on your browser as well. I'm not sure what about your browsing habits seems to attract nasties, but some prevention seems like it's in order.

Again, you have my sympathies and best wishes.

[Blinkin]

Thanks for the thoughts. I'm still having trouble with the first request thread; still can't get past the bank's verification page and have no idea why. My wife's computer (The one now effected with the scareware) can access the bank, but she hates doing it... so, I really need to figure that one out, but no one seems to be able to tell me why it's doing it. The bank's internet banking department swears that it's my computer, the repair guy who took 3 weeks to fix it swears that there's nothing wrong with the computer... lol

In the end, the problems were acutally a result of said repair tech... who didn't seem to mind infecting the computer with whatever he used.

We have changed anti-virus and malware protection on my laptop, and my wife's laptop (Using McAffee's) was up to date... but viruses hit everyone eventually. This one just happen to be a hard one to get rid of.

On a side note, we were on an airport's website looking at the transportation schedules when we got the damned thing. It's more than old enough that it should of been blocked, so who knows how it got in.

So... at least it isn't costing $200-250 to fix, which is what we got quoted from 3 other repair services... I should of called the place I use to use when I could see to start with... I know that they are reliable but hard to get to.