Tech Support Forum banner
Status
Not open for further replies.

FBI Virus Strategy

1K views 0 replies 1 participant last post by  Opcode 
#1 ·
I'm a college student moonlighting as a part-time computer tech. Recently, I was sent to remove the FBI Virus from a home user's computer, something I have successfully accomplished for several other people. This time, though, I was unsuccessful.

The client owns a 3rd party computer, built by an individual and running Windows XP on Asus BIOS. The virus would not allow me any control over the desktop, but I was able to boot from the optical drive. Boot options only listed boot drive order, not Windows boot options. I found the BIOS time was set 7 hours ahead. I was unable to get Windows to go into Safe Mode, even after performing hard shut downs.

I'm a firm believer in booting infected computers from an uninfected drive. So, I have Malwarebytes on a DVD running Windows PE, so I can boot from it at client's homes. I also have BitDefender 2012, which boots from a Linux disk. Finally, I have Microsoft Security Essentials loaded on a laptop.

Usually, Malwarebytes takes 1.5 to 2 hours to scan a computer, but it only needed 19 minutes to scan this client's computer. I think it scanned only 250k files, too. It failed to find any infected files, though. I then ran BitDefender. It also needed an unusually short time (17 minutes) to scan, and it also failed to find any infected files. So, I removed the hard drive from the client's system and hooked it up to my laptop via my USB port and ran Security Essentials on its partitions. I had to stop the scan after 515,000 files scanned in 2 hours.

The client had an old Dell OS disk, but it was unable to find the version of Windows on the machine (it said it could not work on systems prior to Vista, and the client was using Windows XP). I was able to gain command line access using this disk, but not much else. I also could use a DOS utility on one of my own disks to give me some command line access, but accessing NTFS partitions required me to load a utility that couldn't run with anything else.

I went to the command line and searched for files known to be associated with FBI Virus. I could not find any. I also checked file attributes, to ensure I saw all hidden files. I attempted to run explorer from the command prompt, but the system returned to the command line without any indication after I launched the command. I also attempted to run system recovery from the CLI, but it also returned to the prompt without comment.

I attempted to get into Task Manager from the desktop, but FBI Virus blocked my keystrokes.

I've never had this happen, that I could not find any trace of an infection that I could see was there. What do you make of it? What else could I have tried?

Sorry, I don't have any log files. Speaking of which, how is one supposed to load and run the logging software mentioned in the sticky if the virus won't allow any access?

Thank you.
 
See less See more
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top