fbi virus/malware help

gunslinger said:
I just got one of these yesterday. Booted into safe mode with networking, Installed MBAM and ran superantispyware off the flash drive and it cleaned right up. I then updated MSE and let it run a full scan, it picked up one more thing.
Click to expand...

I've had a couple of those simple FBI infections where safe mode worked. But the last 4 I've had were of the variety where safe mode (with or without networking) failed. For these, safe mode with command prompt and then running combofix from an ext flash drive has fixed things enough for me to get in and finish the cleanup.
 
glricht said:
I've had a couple of those simple FBI infections where safe mode worked. But the last 4 I've had were of the variety where safe mode (with or without networking) failed. For these, safe mode with command prompt and then running combofix from an ext flash drive has fixed things enough for me to get in and finish the cleanup.
Click to expand...

I have to wonder if it was that bad how messed up the OS was after removing?
 
This may sound like bologna to most of you guys but in most cases I don't even bother trying to remove a virus, especially if the client has the recovery media and doesn't have files they wanted backed up.


I prefer a wipe and reload that way I know the problem is gone, I know the system has the proper windows updates and that the proper antivirus/malware security is installed.

Most times they end up taking roughly the same amount of time, especially if the system is really screwed up.
 
brandonkick said:
This may sound like bologna to most of you guys but in most cases I don't even bother trying to remove a virus, especially if the client has the recovery media and doesn't have files they wanted backed up.


I prefer a wipe and reload that way I know the problem is gone, I know the system has the proper windows updates and that the proper antivirus/malware security is installed.

Most times they end up taking roughly the same amount of time, especially if the system is really screwed up.
Click to expand...



That seems like pretty sound advice.

However, for me anyways, it's almost a "passion" to find and fix these infections. I'm fascinated by hunting them down and killing them. Just a personal obsession I suppose.

By the way, I too have gone the nuke and pave route when necessary and data recovery not needed.

Sometimes, a nice fresh install with a ram upgrade makes the customer think they have a new computer.

I usually run about 75% remove and fix vs. 25% nuke and pave.

I can see your point though. Just my obsession with them allows me to learn something new with almost every variety.
 
gunslinger said:
I have to wonder if it was that bad how messed up the OS was after removing?
Click to expand...

Actually, the OSes were in fairly good shape; not that much worse than the normal malware you'd see. Doing the standard malware-removal steps (e.g. autoruns, D7, hitmanpro, mbam) found some things lingering, but haven't yet found anything that another 30 minutes of work couldn't resolve.

p.s. A personal observation: if the FBI variety shows a static screen, then it's usually a quick removal. However, if the PC has a webcam and the FBI screen shows a picture of the user (one variant showed a real-time video!), then I expect the infection to be one of the tougher-than-normal to remove.
 
Same here

brandonkick said:
I was able to boot into safe mode, restore to a previous date and then run MalwareBytes AntiMalware to remove the infection.
Click to expand...

I did this, logged in as local admin, ran malwarebytes but it didnt seem to help. I logged back into the users profile and the FBI screen had turned to a blank white screen. Also can anyone confirm "hitman pro kickstart" working?:D
 
brandonkick said:
This may sound like bologna to most of you guys but in most cases I don't even bother trying to remove a virus, especially if the client has the recovery media and doesn't have files they wanted backed up.


I prefer a wipe and reload that way I know the problem is gone, I know the system has the proper windows updates and that the proper antivirus/malware security is installed.

Most times they end up taking roughly the same amount of time, especially if the system is really screwed up.
Click to expand...

What if its an accountant that has 6 versions of quickbooks installed, multiple company files for each, outlook, tax software, etc. Or an old lady that will literally call you ten times a day for a week asking you questions or just to tell you something is different after the reinstall?

In my experience most people have data, and dont have recovery media(not that I use it anyway). When customers leave after virus removal I know the problem is gone, updates are working, and antivirus is installed.

Nuke and pave is last resort and we always try to get a computer back to the customer like nothing ever happened.

So in short, ya it sounds like balogna.. on a pizza.
 
brandonkick said:
This may sound like bologna to most of you guys but in most cases I don't even bother trying to remove a virus.....
Click to expand...

Once you start thinking this way then you just give up on cleaning all together, your skills start to go and everything that looks like too much trouble becomes a N & P.

I have a machine here right now that came in infected last night, I killed the viruses in 20 minutes and now just doing the clean ups. The customer will get it back with no data loss. I think most techs here do that as well. N&P should be the last thing you think of, not the first thing.
 
NYJimbo said:
Once you start thinking this way then you just give up on cleaning all together, your skills start to go and everything that looks like too much trouble becomes a N & P.

I have a machine here right now that came in infected last night, I killed the viruses in 20 minutes and now just doing the clean ups. The customer will get it back with no data loss. I think most techs here do that as well. N&P should be the last thing you think of, not the first thing.
Click to expand...


I agree with this. Its easy to fall into that mindset but once you do your skills drop off and everything looks like N&P.
 
What's the phrase? "If the only tool you have is a hammer, then all your problems start to look like nails".
 
NYJimbo said:
Once you start thinking this way then you just give up on cleaning all together, your skills start to go and everything that looks like too much trouble becomes a N & P.

I have a machine here right now that came in infected last night, I killed the viruses in 20 minutes and now just doing the clean ups. The customer will get it back with no data loss. I think most techs here do that as well. N&P should be the last thing you think of, not the first thing.
Click to expand...

I totally agree. I almost never nuke and pave and i am sure the virus is gone. Most nuke and paves are on vista machine virus comes off fine but then windows is totally messed up.

There is no reason to go to nuke and pave first. This is what the pizza techs advertise. I try everything i can think over before i nuke and pave. I dont want to deal with reloading drivers and finding every file just for a virus removal.
 
NYJimbo said:
Once you start thinking this way then you just give up on cleaning all together, your skills start to go and everything that looks like too much trouble becomes a N & P.

I have a machine here right now that came in infected last night, I killed the viruses in 20 minutes and now just doing the clean ups. The customer will get it back with no data loss. I think most techs here do that as well. N&P should be the last thing you think of, not the first thing.
Click to expand...

I do understand and I do agree, however allow me to offer the following:


A customer brings me an older machine that is running like crap. It takes 15 min just to post and opening a folder or launching my computer takes several min to work.

I always take into consideration what type of files they have that they need. I do ask the customer if they need data backup / transfer.

If they do not then I usually N&P. It ends up being much faster and I know the infections are 100% gone and everything is new and fresh.

If the customer has tons of data that will be a pain to back up, programs that need special configuration, and so on then yes I will try to clean the infection.

Most non technical people in general do not want anything to change, not the layout of their icons, not the folder structures, not the screen saver, not one single thing and I know that.

I guess my point was that sometimes with a particularly pesky virus, or a virus that is fighting tooth and nail it may be easier to just wipe the drive.

Point noted though. I guess it is important to not become a one trick pony
 
brandonkick said:
I do understand and I do agree, however allow me to offer the following:


A customer brings me an older machine that is running like crap. It takes 15 min just to post and opening a folder or launching my computer takes several min to work.

I always take into consideration what type of files they have that they need. I do ask the customer if they need data backup / transfer.

If they do not then I usually N&P. It ends up being much faster and I know the infections are 100% gone and everything is new and fresh.

If the customer has tons of data that will be a pain to back up, programs that need special configuration, and so on then yes I will try to clean the infection.

Most non technical people in general do not want anything to change, not the layout of their icons, not the folder structures, not the screen saver, not one single thing and I know that.

I guess my point was that sometimes with a particularly pesky virus, or a virus that is fighting tooth and nail it may be easier to just wipe the drive.

Point noted though. I guess it is important to not become a one trick pony
Click to expand...

Usually if it is a n&p it is either a computer that is so horridly infected that even a pe or boot disc doesn't clear it up after a few go arounds that or it has tons of viruses plus years of abuse with registry fixers and tuneup utilities that if there is no data sometime a nuke and pave will be quicker for the customer and make them happier to have the machine back quicker

But n&p should always be a last resort or if you know that if fixing it will cost you any profit being made due to labor being put into it
 
You must log in or register to reply here.

Similar threads

britechguy
The difference between SHIFT+F10 and the Context Menu/Applications Key
Replies
2
Views
2K
mikeroq
mikeroq
phaZed
[SOLVED] How to uninstall Forticlient AV that was installed from EMS management dashboard?
Replies
2
Views
17K
Your PCMD
Your PCMD
pcpete
troubleshooting unbootable system dism?
Replies
15
Views
2K
fencepost
fencepost
C
Persistent Firefox Malware eFix Pro
Replies
10
Views
1K
B Trevathan
B
S
  • Locked
[REQUEST] Graphic and Audio Stuttering (Win10 Anniversary the culprit?)
Replies
2
Views
878
Selendile
S
Back
Top