Jump to content



Photo

Need help removing virus/malware

fbi moneypak

  • Please log in to reply
37 replies to this topic

#31 Eddie7

Eddie7

    Hallo... www.connectw.me

  • Joined: 01-December 11
  • Location: Sydney, Australia
  • OS: Windows 7 Ultimate
  • Phone: 1-800-CALL-ME-MAYBE

Posted 19 November 2012 - 09:03

It may be this virus? http://www.techrumor...reveton-trojan/


#32 Haggis

Haggis

    Neowinian Senior

  • Tech Issues Solved: 10
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 19 November 2012 - 09:03

OP: did you manage to run Avast and get a hijack this log?

#33 68k

68k

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 20-January 10
  • Location: Australia

Posted 19 November 2012 - 09:04

I would personally recommend Avira Free Antivirus: http://www.avira.com...-free-antivirus

#34 The Dingus Diddler

The Dingus Diddler

    Sir Derpy McHerperton III

  • Joined: 04-October 10
  • Location: Scotland
  • OS: Windows 8.1 Pro
  • Phone: Nokia Lumia 1020

Posted 19 November 2012 - 09:32

Try running TDSSKiller, whenever I've run into a bad infection that Malwarebytes won't remove this always does the trick

http://support.kaspe.../?qid=208283363

#35 Eddie7

Eddie7

    Hallo... www.connectw.me

  • Joined: 01-December 11
  • Location: Sydney, Australia
  • OS: Windows 7 Ultimate
  • Phone: 1-800-CALL-ME-MAYBE

Posted 19 November 2012 - 16:12

Or you can try and watch my video :)



#36 OP jerzdawg

jerzdawg

    Neowinian

  • Tech Issues Solved: 1
  • Joined: 09-October 02
  • Location: new jersey

Posted 19 November 2012 - 16:19

AVast scan completed both in windows and boot time, removed some items. The FBI scam thing appears to be gone but this happened last time too. Also ran malwarebytes and that also found a few entries. I told my friend they are on their own if it shows up again. I did everything I could - I ran out of time on the hijack this report as I had to have it packed up last night.

#37 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 23
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 19 November 2012 - 16:20

Could of brought it up to me.

#38 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 19 November 2012 - 20:01

This malware is pretty easy to remove

Just boot to safe mode and tell it to show all hidden files and folders and system files.

There are 3 main folders the ransom malware always hides.

c:\programdata
c:\users\(username)\Appdata\local
c:\users\(useranme)\appdata\roaming

You'll find a weird exe in the root of those folders.

Check to make sure the malware didn't remove any of your program shortcuts (Start / all programs). if your program folders appear to be empty go to c:\users\(username)\local\temp and look for a folder called smtp. Inside that folder (if you have it) you will find folders numbered 1 through 4. One folder contains desktop icons, another folder contains your program shortcuts it deleted. Remember to restore those before you run ccleaner, other wise it will delete them.

if all of your files appear to be hidden then download and run this application. http://www.bleepingc...ownload/unhide/ This will go through and remove the hidden file attribute from all of your files. if your files are not hidden then skip to the next step.

Now run the following apps

ccleaner
tdsskiller
hitman pro
malwarebytes
and then make yourself a Kaspersky Rescue disc, and boot from it, update it and and do a full scan

http://support.kaspe...uses/rescuedisk

Then download and run patchmypc from www.patchmypc.net which will check to make sure all of your 3rd party software is up top date, such as Adobe reader, flash, java and a bunch of others. it will then update all of the software with 1 click.



Click here to login or here to register to remove this ad, it's free!