The FBI virus is in my Gateway tablet pc. I run XP on it. I have Endpoint Protection Small Business edition loaded, but it got passed it.
The computer will not start in safe mode. The FBI screen only appears when I'm connected to the internet.
Can you help please?
Thanks, Adi
"one newbie to another"
That got me laughing, as the user has got that right.
Quads
About a week ago my laptop was locked by the FBI virus. I I obviously unable to get by this virus. I let the laptop run it's battery down. The laptop was off (out of power) for 2 days. When I turned the computer on again the virus screen was gone and I had access to my laptop. I am nervous about what is lurking and what may be taking place. Any experience in this situation?
Thanks
Hello there!
Sorry for my late response but I must warn you that you haven't removed the virus from your computer. You must immediately run a full system scan with some alternative anti-virus and anti-malware programs because FBI virus may cause additional damage for you and your computer. Typically to ransomware viruses, it may start recording your keystrokes and steal your personal data, such as loggin details or banking information.
Tablet PC, to make sure 2 things
You cannot load Safe Mode with Networking
Does the system have a CD / DVD drive
Quads
The FBI virus is in my Gateway tablet pc. I run XP on it. I have Endpoint Protection Small Business edition loaded, but it got passed it.
The computer will not start in safe mode. The FBI screen only appears when I'm connected to the internet.
Can you help please?
Thanks, Adi
Couldn’t start any of the safe modes. Half way through, a blue error screen flashes too quickly to read.
Yes, it has a CD/DVD drive
You will have to get a CD burnt with a WinPE, so loads from CD instead of Hard Drive as you have XP and no Safe Mode
I will split this step
a) Please download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ You need to download the 32bit version.
Transfer it on to the Flash Drive ready.
b) Download hxxp://oldtimer.geekstogo.com/OTLPENet.exe to your desktop (change the xx to tt)
Ensure that you have a blank CD in the drive
Double click OTLPENet.exe and this will then open imgburn to burn the file to CD for you ready.
Quads
Although the LiveCD has been updated since here are screenshots of OTLPE CD loaded and then showing the starting of OTLPE to create a log
http://forum.malekal.com/otlpe-live-t23453.html
Quads
Thanks, I’ll see if I can do this
Depending on your system speed and hardware etc. It can take some time to load as everything loads from CD not the installed OS on the Hard Drive.
Quads
Hello,
You could try running the SERT Utility, if you have access to Fileconnect, the SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively. The Consumer version of this tool is the Norton Bootable Recovery Tool. The tool is free, so there is no need for a Fileconnect account to download the software.
You could also try working on the steps provided below on collecting the suspicious files and submitting the same to the Symantec Security Response Team.
Here is a good public blog post from Symantec Security Response about why ransomware has become so prevalent recently:
https://www-secure.symantec.com/connect/blogs/ransomware-crimeware-kits
Also see: Ransomware and Silence Locker Control Panel
https://www-secure.symantec.com/connect/blogs/ransomware-and-silence-locker-control-panel
and: https://www-secure.symantec.com/connect/node/1618951
and https://www-secure.symantec.com/connect/blogs/ransomware-and-silence-locker-control-panel
I would also recommend you to make sure you create a case with Symantec Technical Support.
You could either Create a Case OR contact Symantec Technical Support.
http://www.symantec.com/docs/TECH58873
How to update a support case and upload diagnostic files with MySupport
http://www.symantec.com/docs/TECH71023
OR
Regional Support Telephone Numbers:
United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp
Hope that helps!!
Hi,
sorry but there is no active certified malware remover in this forum.
You can go to one of the malware forums like
mp3jo,
What about Mr. Stevens?
Hello again,
I have NOT grappled with ransomware - - NOR do I desire to. From what I have come to understand, it is plaguing pornographic domains i.e. the scourge of the Internet. First, what I’m advising people (in general) is to just STOP going to these lewd Websites. Next, if you follow this link: http://www.bleepingcomputer.com/virus-removal/remove-fbi-anti-piracy-warning-ransomware there are instructions you can follow (apparently utilising Emsisoft) to remedy this quandary. Furthermore, any suggestions I have presented to you like employing Emsisoft - -YOU TAKE AT YOUR SOLE RISK. I will NOT be held liable for any damages pecuniary or otherwise for your ability/inability to use aforementioned software. Please, please, forgive me if I am coming off as over-bearing and rude. It is just that I know certain people will sue you at the drop of a hat (so to speak) coupled with the fact that this ransomware nonsense is just tired.
Surf prudently,
H.B.
I am not doing Malware Removal on these open boards, too much polling hair out.
Quads
Hi Quads,
Thanks for the response. What about my idea if you could have exclusivity with the person or a dedicated section of this forum?