fbi virus/malware help

pc-rebuilders

pc-rebuilders

Member
Reaction score
6
Location
Daytona Beach, Fl. US
Have a Vista machine with Dept. of Justice (FBI) virus/malware that starts immediately. Can't start machine in safe mode with or without networking, it goes into a bootloop. Have tried Ultimate boot to try to find it to delete, but name seems to change and hidden somewhere that's hard to find. Tried bitdefender offline, but no luck, any suggestions or tools?
 
I have found a lot of these to be in the ProgramData folder. With the UBCD, did you run Autoruns and look for files in the unusual (well, usual for them) locations? Did D7's malware scan show any love?
 
I'd try running D7 from Ultimate and see what the "Out of Place Files" option in Malware Scan finds. Use AutoRuns to look for everything that is starting on boot. Also, scanning from a Windows Defender Offline disc has worked well for us. You could also try Kaspersky, AVG or Avira boot CDs. Another good choice would just be to pull the drive and scan it with a bench machine.
 
Just finished one up yesterday. Kaspersky rescue CD worked well enough for me to able to start windows and clean it up and repair the damage with D7 afterwards.
 
pc-rebuilders said:
Have a Vista machine with Dept. of Justice (FBI) virus/malware that starts immediately. Can't start machine in safe mode with or without networking, it goes into a bootloop. Have tried Ultimate boot to try to find it to delete, but name seems to change and hidden somewhere that's hard to find. Tried bitdefender offline, but no luck, any suggestions or tools?
Click to expand...

You could also try booting into safe mode with command prompt.

From there run system restore to a pre-infected date.

That may allow you to get in to run your tools, cleanup and do damage control.

When completed make sure you delete all old (infected) restore points.
 
Many of the variants are profile specific. If you try another profile, such as Administrator...you can get to a desktop and kick into cleaning it up.

Another option..slave to another computer, browse the drive..and pluck out the offending file that loads it up.
 
I was able to boot into safe mode, restore to a previous date and then run MalwareBytes AntiMalware to remove the infection.
 
use hitman pro kickstart to remove the virus in like 5 minutes. works everytime i have used it
 
Congrats on getting it fixed.

I've always found that the MSDaRT boot CD with Standalone Scanner works well. Used it today to get rid of a UK variant.
 
This discussion keeps coming up and everyone offers a bunch of random tools that don't work consistently.

Slave drive, scan with MSE

Fixed. I'm honestly curious why people subject themselves to using in-OS tools to fix common / messy bugs like this.

You can't trust your OS because it might have a rootkit, thus making all results worthless

Things aren't running in the background of a clean computer, making the entire process faster
 
Last edited:
adrian said:
Just to add, windows defender offline boot disk worked for me the other day to get me in and clean up a little bit more. Was a house call so wasn't able to slave drive. Nice little tool.
Click to expand...

I've got a sata>usb3 adapter for my laptop, best investment, ever.
 
Disposable_Me said:
This discussion keeps coming up and everyone offers a bunch of random tools that don't work consistently.

Slave drive, scan with MSE

Fixed. I'm honestly curious why people subject themselves to using in-OS tools to fix common / messy bugs like this.

You can't trust your OS because it might have a rootkit, thus making all results worthless

Things aren't running in the background of a clean computer, making the entire process faster
Click to expand...

I agree with not starting out cleaning from within the OS most of the time. We usually boot to Windows Defender Offline for scanning first. It's essentially an MSE scan from an offline OS and doesn't require pulling a drive. We only have a couple of bench machines and can only have a small number of drives slaved at a time. We have tons of WDO discs and can have as many computers scanning at one time as we need.
 
Disposable_Me said:
This discussion keeps coming up and everyone offers a bunch of random tools that don't work consistently.

Slave drive, scan with MSE

Fixed. I'm honestly curious why people subject themselves to using in-OS tools to fix common / messy bugs like this.

You can't trust your OS because it might have a rootkit, thus making all results worthless

Things aren't running in the background of a clean computer, making the entire process faster
Click to expand...

I agree with not starting out cleaning from within the OS most of the time. We usually boot to Windows Defender Offline for scanning first. It's essentially an MSE scan from an offline OS and doesn't require pulling a drive. We only have a couple of bench machines and can only have a small number of drives slaved at a time. We have tons of WDO discs and can have as many computers scanning at one time as we need.
 
HFultzjr said:
You could also try booting into safe mode with command prompt.

From there run system restore to a pre-infected date.

That may allow you to get in to run your tools, cleanup and do damage control.

When completed make sure you delete all old (infected) restore points.
Click to expand...



Best way to remove it actually from my experience
safe mode with command prompt
rstrui.exe
 
Last edited:
Thanks for all the useful info here. I've got a Dell waiting on my bench with the FBI virus... first one I've had the pleasure of dealing with. :)
 
I just got one of these yesterday. Booted into safe mode with networking, Installed MBAM and ran superantispyware off the flash drive and it cleaned right up. I then updated MSE and let it run a full scan, it picked up one more thing.
 
You must log in or register to reply here.

Similar threads

britechguy
The difference between SHIFT+F10 and the Context Menu/Applications Key
Replies
2
Views
2K
mikeroq
mikeroq
phaZed
[SOLVED] How to uninstall Forticlient AV that was installed from EMS management dashboard?
Replies
2
Views
17K
Your PCMD
Your PCMD
pcpete
troubleshooting unbootable system dism?
Replies
15
Views
2K
fencepost
fencepost
C
Persistent Firefox Malware eFix Pro
Replies
10
Views
1K
B Trevathan
B
S
  • Locked
[REQUEST] Graphic and Audio Stuttering (Win10 Anniversary the culprit?)
Replies
2
Views
878
Selendile
S
Back
Top