Sign in to follow this  
Followers 0
cjay92

I've got the worst virus of my life, please help

31 posts in this topic

Ok, hi guys, im completely new here, found this board as i was googling to find any solution for my problem, so here i am. I further thank to anyone who will try to help me.

So i was browsing through "adult sites", like everyone does once in a while when u r home alone or however, doesnt really matter lol, when all of a sudden the movie stops and the screen goes white (blank page opens), everything stops for a while and then i see as my laptop cam turns on (the blue light turns on when i use it) so i immediately turn away my computer but i wasnt fast enough as the blank page turns into this message with my picture on the top of it! Under my picture, the one taken a few seconds ago, there is my IP written, name of my country, wrong city and name of my administrator account. And the message says that my computer was blocked for one of this reasons: i was breaking the copyrights part of the law and i will face jail or pay big money or that i may even broke the law of prohibited pornographic material, animals and children (?!), the different sentence is written and the last one was that there maybe is a chance i got affected by illegal program or whatever. But on the right side of the page, there are commercials for pay pale and some other internet pay sytems. The other thing is, everything is written in my language, but it's like "the worst google-translate" version of it.

And that was it. I cant do anything with my administrator account, its frozen. So i waited till my computer stopped and went stand by, so i could use this second account. That happened last night, i was literally scared to death. Now i calmed down a bit, but still have no clues as what to do. If you maybe know what should i do, please help me

I thank everyone who read it and thanks in advance!

Kind regards

Share this post


Link to post
Share on other sites

Format your PC will be the best course.

Share this post


Link to post
Share on other sites

Ah, this one again...

First, get hold of MalwareBytes and Spybot. Reboot your computer in to safe mode (this should hopefully prevent the "FBI warning" from appearing). From there you will need to run the programs I just mentioned, and hopefully that will clean up whatever has infected you.

Another option would be to run msconfig and disable everything from starting when you first log on with the exception of the essential stuff. Then you can go looking to clean out the various bad files.

A final option would involve going in to the registry. I wouldn't recommend it for anything other than a last resort though.

EDIT: Sure, formatting would be a 100% effective way of cleaning the virus, but at the same time it isn't always an option for some people.

2 people like this

Share this post


Link to post
Share on other sites

If you still have the install disk, then I would recommend a reformat, this will destroy all evidence of the virus, but I will only recommend it as a last resort, while you are able to get online, I would first try kaspersky's tssd rootkit remover, spybot and malwarebytes to see if it can remove the infection...

http://support.kaspe...m/5350?el=88446

http://www.malwareby...CFWLHtAod2lkAdw

http://www.safer-networking.org/

And I'd recommend a premium internet security suite, I personally use Zonealarm, but it has it's haters (even though I've never had any problems) or norton, comodo, malwarebytes, eset, kaspersky just to mention a few,

Share this post


Link to post
Share on other sites

What version of Windows are you running?

Share this post


Link to post
Share on other sites

thanks everyone so much for your quick responces! i shall try your first advice, Intrinsica!

so as i see, this is a common virus?

What version of Windows are you running?

i use windows 7

Share this post


Link to post
Share on other sites

thanks everyone so much for your quick responces! i shall try your first advice, Intrinsica!

so as i see, this is a common virus?

i use windows 7

very common, and a lot of people fall for it. So, props to you for at least recognizing it as a virus ;). In the future, don't download anything from adult sites and only visit the "trusted" ones

Share this post


Link to post
Share on other sites

ok guys, i cannot download neither malwarebytes or spybot, since i'm logged in as user, but as you know, i cannot use the administrator account.

i guess i will delve into formatting, just have to learn how

very common, and a lot of people fall for it. So, props to you for at least recognizing it as a virus ;). In the future, don't download anything from adult sites and only visit the "trusted" ones

thanks =) lol i feel silly as i write this, but that's the thing, - i didn't download anything, just a regular "tube run" lol

Share this post


Link to post
Share on other sites

I've used these instructions with some success on multiple computers, but the safest would be to format (and really, make an image of a clean install which can be easily reverted to in such cases) since there are many different variations of the same thing

1) http://malwaretips.com/blogs/remove-police-trojan/

2) http://www.wikihow.com/Remove-Bundespolizei-Ukash-Virus-Manually

good luck!

1 person likes this

Share this post


Link to post
Share on other sites

before you do, do you have access to another computer, or can a buddy download it for you then burn to disk or flashdrive, or can you at least download under the 'run as administrator' option?

And on a side note, once you have fixed your computer, you should mostly use your user account that way (in theory at least) it's safer.

Share this post


Link to post
Share on other sites

Hi

You can do a restore point (if you don't tourn it off).

  1. Insert your installation disk
  2. First panel chose your language and keyboard layout
  3. Next screen (i think) you can chose install or repair, press repair.
  4. The repair program will find (i hope) the SO in your system.
  5. (don't remember everything but...) This point you can chose in a list what to do. Press system restore and select one restore before the attack.
  6. Restart (count down appear...? )

Repair Windows 7 without the disk

Share this post


Link to post
Share on other sites

<Comment removed>

ok guys, i cannot download neither malwarebytes or spybot, since i'm logged in as user, but as you know, i cannot use the administrator account.

There is another option: delete the infected profile. I'm not sure how effective it would be though as I've not attempted it myself.

1 person likes this

Share this post


Link to post
Share on other sites

I've used these instructions with some success on multiple computers, but the safest would be to format (and really, make an image of a clean install which can be easily reverted to in such cases) since there are many different variations of the same thing

1) http://malwaretips.c...-police-trojan/

2) http://www.wikihow.c...-Virus-Manually

good luck!

wow that's exactly it - reading the first option right know, will follow the steps! Thanks!!

before you do, do you have access to another computer, or can a buddy download it for you then burn to disk or flashdrive, or can you at least download under the 'run as administrator' option?

And on a side note, once you have fixed your computer, you should mostly use your user account that way (in theory at least) it's safer.

no, at the moment i don't have. thanks for the warning! run as administration? isn't that an option only when the program is already downloaded or am i wrong? im really newbie in this waters.

There is another option: delete the infected profile. I'm not sure how effective it would be though as I've not attempted it myself.

thanks for the advice, the more i get them, the better. actually that's really interesting that user profile isnt inffected. i mean, thank god, but i use this user account w/o any problem

Share this post


Link to post
Share on other sites

download the USB bootable unix distro (ubuntu for example). Web browers works great in them. shut off, boot up from USB, browse your adult sites and then power off. Its a live environment so who cares if you have to blow it away. You can also use this to pull data from the infected drive(s) before formatting.

There is also a unix disc that will boot and reset all your passwords to any/every windows account. You can also boot windows in safe mode (hammer F8) and manage files that way.

As for the infection, adult sites in particular was known to overlay a video window with a click-to-install malware ad virus, and when you click what you think is play - you just basically gave the OK for that virus/malware to install - because that click for play was really to allow the ad to run on your system. xhampster and pornhub I think were the worst for this. most of these are webbrowser malware to log infos on what you do and enter.

Share this post


Link to post
Share on other sites

That FBI alert is totally simple to remove. Just get some one else to download Malwarebytes or SuperAntiSpyware, or you can on another machine if you have one, and get the latest definition files while you're at it and install them manually, in safe mode. Then simply run a full scan of either and, poof, all gone!!

Anyone that suggests reformatting or installing Linux is nuts to do so over this simple bug!

2 people like this

Share this post


Link to post
Share on other sites
Anyone that suggests reformatting or installing Linux is nuts to do so over this simple bug!

Nah, an alternative OS is a viable option for some people, depending on what their needs... just wish some people would stop trying to pass it off as the holy grail then neglect to mention the negative points.

1 person likes this

Share this post


Link to post
Share on other sites

no, at the moment i don't have. thanks for the warning! run as administration? isn't that an option only when the program is already downloaded or am i wrong? im really newbie in this waters.

If memory serves me correctly, some downloaded software and installs from a non admin account will allow installation but you'll get the UAC pop up asking for the admin password...

Been a while since I've had to do this so I could be a little rusty on the subject...

Share this post


Link to post
Share on other sites

Ok, hi guys, im completely new here, found this board as i was googling to find any solution for my problem, so here i am. I further thank to anyone who will try to help me.

So i was browsing through "adult sites", like everyone does once in a while when u r home alone or however, doesnt really matter lol, when all of a sudden the movie stops and the screen goes white (blank page opens), everything stops for a while and then i see as my laptop cam turns on (the blue light turns on when i use it) so i immediately turn away my computer but i wasnt fast enough as the blank page turns into this message with my picture on the top of it! Under my picture, the one taken a few seconds ago, there is my IP written, name of my country, wrong city and name of my administrator account. And the message says that my computer was blocked for one of this reasons: i was breaking the copyrights part of the law and i will face jail or pay big money or that i may even broke the law of prohibited pornographic material, animals and children (?!), the different sentence is written and the last one was that there maybe is a chance i got affected by illegal program or whatever. But on the right side of the page, there are commercials for pay pale and some other internet pay sytems. The other thing is, everything is written in my language, but it's like "the worst google-translate" version of it.

And that was it. I cant do anything with my administrator account, its frozen. So i waited till my computer stopped and went stand by, so i could use this second account. That happened last night, i was literally scared to death. Now i calmed down a bit, but still have no clues as what to do. If you maybe know what should i do, please help me

I thank everyone who read it and thanks in advance!

Kind regards

This is actually incredibly common and I remove it from computers daily. You'd be surprised how many people pay the fine.

Anywho it's also really (almost embarrassingly) easy to remove. (Be careful in the registry)

1. Boot into safe mode with command prompt (tap f8 when turning on the computer)

2. Use command prompt to browse to C:\Users\<username>\Appdata\Local\Temp\

3. Use the command del *.* to remove everything there ... (the virus usually looks something like asldhakjsdhaskjaa.exe, or something random like that)

4. Also check C:\Users\<username>\Appdata\Local\ & C:\Users\<username>\Appdata\Roaming for any .exe files there and remove them (no harm to look for folders there that look odd too)

5. Also check C:\ProgramData and do the same

6. If you want, although it's not entirely necessary open regedit and browse to the following locations and remove anything you don't need or looks suspicious:

HKEY_Current_User\Software\Microsoft\Windows\Run

HKEY_Local_Machine\Software\Microsoft\Windows\Run

HKEY_Local_Machine\Software\WOW6432Node\Microsoft\Windows\Run

7. Restart & Download & Run Malwarebytes just to remove anything else dodgy lying around

4 people like this

Share this post


Link to post
Share on other sites

Ok, I realised that I made a mistake by not removing a particular off-topic post earlier. The post has now been removed as well as any references to it.

If you don't have something helpful to offer, don't bother writing the post.

3 people like this

Share this post


Link to post
Share on other sites

This is actually incredibly common and I remove it from computers daily. You'd be surprised how many people pay the fine.

Anywho it's also really (almost embarrassingly) easy to remove. (Be careful in the registry)

1. Boot into safe mode with command prompt (tap f8 when turning on the computer)

2. Use command prompt to browse to C:\Users\<username>\Appdata\Local\Temp\

3. Use the command del *.* to remove everything there ... (the virus usually looks something like asldhakjsdhaskjaa.exe, or something random like that)

4. Also check C:\Users\<username>\Appdata\Local\ & C:\Users\<username>\Appdata\Roaming for any .exe files there and remove them (no harm to look for folders there that look odd too)

5. Also check C:\ProgramData and do the same

6. If you want, although it's not entirely necessary open regedit and browse to the following locations and remove anything you don't need or looks suspicious:

HKEY_Current_User\Software\Microsoft\Windows\Run

HKEY_Local_Machine\Software\Microsoft\Windows\Run

HKEY_Local_Machine\Software\WOW6432Node\Microsoft\Windows\Run

7. Restart & Download & Run Malwarebytes just to remove anything else dodgy lying around

ok thanks so much for this, i tried to follow, but command prompt just kept screwing around with me. i guess i am really too dumb to use it. i've been typing this "C:\Users\<christian>\Appdata\Local\Temp\" in this form and w/o "</>", but it kept denying me. did i do anything wrong?

1 person likes this

Share this post


Link to post
Share on other sites

If you're directly writing the path into the command prompt, then it won't work, because the command prompt doesn't know what to do with it.

You have to type "cd [path]" (replace [path] with the file path you need).

Normally, the command prompt starts off in the directory of the current user, so you'd probably only need to type "cd appdata\local\temp", and that will get you to "C:\Users\[Current User]\Appdata\Local\Temp".

Share this post


Link to post
Share on other sites

ok guys i solve the thing! i thank absolutely everyone contributing to it! Thanks to user Orno for the link!!

Here's what i did:

- I boosted into safe mode with command prompt

- I typed into: cd restore, and then rstrui.exe

- Then it happened the same as i would use "recover" function. I selected the date and that was it.

Now i am gonna download MalwareBytes and watch out..

Thanks again and i hope this thread helps to someone else too!

1 person likes this

Share this post


Link to post
Share on other sites

glad you got it sorted - I have not had to deal with this one yet.. But it took a picture off your webcam?? That is a freaking awesome.. You have to give creds to some of these guys.

Kind of hoping one of friends or family run into this one - just so I can lmao :)

So how much was the fine they wanted you to pay?

1 person likes this

Share this post


Link to post
Share on other sites

very common, and a lot of people fall for it. So, props to you for at least recognizing it as a virus ;). In the future, don't download anything from adult sites and only visit the "trusted" ones

Adult sites are actually very safe. TMYK

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.