Sign in with
Sign up | Sign in
Your question

FBI ransomeware attack

Tags:
  • Windows XP
Last response: in Windows XP
Share
April 14, 2013 2:31:13 PM

One of my XP machines was hit by a ransomeware attack claiming to be the FBI and wanting $300 to unlock my machine. A couple of other posters claim success in using system restore from a command prompt but this didn't work for me. I have also scanned the SSD with Malwarebytes from a second boot drive resident in the same machine. It found nothing. Does anybody know how to get rid of this?

More about : fbi ransomeware attack

April 14, 2013 2:35:10 PM

I had this happen before to an XP machine I supported.

Go into safe mode - it will try to restart your machine but open up notepad really fast!!! Like immediately! (i.e. right click over your desktop-> new->text document.

Type some jibberish in there so it needs to save - the virus will keep trying to reset but just hit "Cancel" and not save the file until you start System Restore.

I restored the machine to a few weeks back. Your personal files will NOT be affected. You will be back to normal

Let me know! Good luck
m
0
l
April 14, 2013 3:05:13 PM

jackson1420 said:
I had this happen before to an XP machine I supported.

Go into safe mode - it will try to restart your machine but open up notepad really fast!!! Like immediately! (i.e. right click over your desktop-> new->text document.

Type some jibberish in there so it needs to save - the virus will keep trying to reset but just hit "Cancel" and not save the file until you start System Restore.

I restored the machine to a few weeks back. Your personal files will NOT be affected. You will be back to normal

Let me know! Good luck


Just to be clear, did you read that I already tried to use System Restore from a command prompt and it failed twice? If I'm reading your post correctly you are saying that if I can get a text document to open on my desktop in SAFE MODE that the text document will prevent the virus from starting??? And that then System Restore will work normally?
m
0
l
April 14, 2013 3:08:41 PM

Try booting from a hirem boot cd..it has a mini xp boot or use bootable anti virus cd like combo fix or one from avg or avast there free to download and use.
m
0
l
April 14, 2013 3:13:29 PM

Don't bother trying to learn new software unless you already know it - a system restore will take you 5 minutes of work - another 5-20 to restore depending on your system

How far back did you go? Try a further restore date.
m
0
l
April 14, 2013 3:15:21 PM

ram1009 said:
jackson1420 said:
I had this happen before to an XP machine I supported.

Go into safe mode - it will try to restart your machine but open up notepad really fast!!! Like immediately! (i.e. right click over your desktop-> new->text document.

Type some jibberish in there so it needs to save - the virus will keep trying to reset but just hit "Cancel" and not save the file until you start System Restore.

I restored the machine to a few weeks back. Your personal files will NOT be affected. You will be back to normal

Let me know! Good luck


Just to be clear, did you read that I already tried to use System Restore from a command prompt and it failed twice? If I'm reading your post correctly you are saying that if I can get a text document to open on my desktop in SAFE MODE that the text document will prevent the virus from starting??? And that then System Restore will work normally?


Opening notepad will prevent the system from restarting. When in safemode a System Restore resolved my issue. I went back about 3 weeks.
m
0
l
April 14, 2013 3:22:26 PM

There appear to be a number of variants of this FBI virus, so no one solution will work on all. What worked for jackson1420 may not work for the OP. A scan with antivirus boot disks is a good next step. Kaspersky, AVG, and others have free bootable virus scanners available for download (burn to a disk and boot). IIRC AVG is said to have a good track record in removing it.

IF you can boot to safe mode with networking and get to a desktop without being blocked, MalwareBytes is a great tool.

If all else fails, the fool-proof was is the nuclear option: reformat and re-install Windows.
m
0
l
April 14, 2013 3:23:14 PM

jackson1420 said:
ram1009 said:
jackson1420 said:
I had this happen before to an XP machine I supported.

Go into safe mode - it will try to restart your machine but open up notepad really fast!!! Like immediately! (i.e. right click over your desktop-> new->text document.

Type some jibberish in there so it needs to save - the virus will keep trying to reset but just hit "Cancel" and not save the file until you start System Restore.

I restored the machine to a few weeks back. Your personal files will NOT be affected. You will be back to normal

Let me know! Good luck


Just to be clear, did you read that I already tried to use System Restore from a command prompt and it failed twice? If I'm reading your post correctly you are saying that if I can get a text document to open on my desktop in SAFE MODE that the text document will prevent the virus from starting??? And that then System Restore will work normally?


Opening notepad will prevent the system from restarting. When in safemode a System Restore resolved my issue. I went back about 3 weeks.


I can't help thinking that the virus code had been modded to prevent using System Restore. I tried it from "safe mode with command prompt" and it failed. I only went back a couple of days though. I will try going back further.
m
0
l
April 14, 2013 3:32:10 PM

Does it give you an error code when system restore fails?
m
0
l
April 14, 2013 3:50:05 PM

jackson1420 said:
Does it give you an error code when system restore fails?


No error codes. I just tried going back 2 weeks using the command prompt method with NO JOY!! I tried your method but he amount of time my desktop is visible is only about 1 second. That isn't nearly long enough time for me to get a document open. I guess I'll try the boot scan method described above. BTW, Microsoft has a suggested solution also.
m
0
l
April 14, 2013 3:58:39 PM

SchizTech said:
There appear to be a number of variants of this FBI virus, so no one solution will work on all. What worked for jackson1420 may not work for the OP. A scan with antivirus boot disks is a good next step. Kaspersky, AVG, and others have free bootable virus scanners available for download (burn to a disk and boot). IIRC AVG is said to have a good track record in removing it.

IF you can boot to safe mode with networking and get to a desktop without being blocked, MalwareBytes is a great tool.

If all else fails, the fool-proof was is the nuclear option: reformat and re-install Windows.


I've already scanned the XP drive using a second W7 drive in the same machine. It found nothing. The only thing I found looking bootable on the AVG website is called a "Rescue Disk". Is that what you mean?
m
0
l
April 14, 2013 4:00:43 PM

yes, rescue disk is right.
m
0
l
April 14, 2013 4:50:16 PM

SchizTech said:
yes, rescue disk is right.


Well, the rescue disk found a "generic Trojan horse" but it did NOT fix the problem. I guess I'll have to try Microsoft's solution unless someone else has any ideas.
m
0
l
April 14, 2013 8:50:02 PM

Well, I finally beat it. The Microsoft solution is the only thing that worked for me. They recommend a program called "Hitman Pro". It's actually a lot easier to use than the other fixes I tried. I hope somebody learns from this besides me.
m
0
l
!