|
Best Porn Sites | Live Sex | Register | FAQ | Search | Today's Posts | Mark Forums Read |
Computer and Tech Help Discuss hardware, software, applications, malware removal, etc. |
|
Thread Tools |
2nd August 2012, 18:10 | #1 |
Junior Member
Virgin Join Date: Mar 2012
Posts: 13
Thanks: 147
Thanked 42 Times in 10 Posts
|
fake FBI messages loocking computer
Ive had this like 3 time the last couple of weeks. Every time its because of an exe in the appdata/local/temp folder (different file name each time), I don't know if there is a deeper or harder to find program causing havoc or if I just keep getting reinfected. I noticed this last time it happened right after I followed a link to rapidgator, I don't know if that's a coincidence or not. Anyone have any ideas what might be causing it, or how to remove it?
If your interested, basically what it seems to be doing is minimizing everything and disabling the GUI so the toolbar and everything else on the screen goes away, then puts up a fake fbi message saying I have to pay a 'fine' to unlock my computer, and starts up the webcam program to make you think the fbi is recording your face or something. I know everything is still running because I can hear tv shows I was watching still playing in the background. Only way I have figured to get out of it is ctrl+alt +delete and tell it to start shutting down, and then cancel when it you see the 'these programs are stopping the computer from shutting down' message. Or to actually shut down and go into safe mode. Anyway, any ideas would be appreciated |
|
2nd August 2012, 18:25 | #2 |
Fan of Cairy Hunt
Postaholic Join Date: Mar 2007
Location: Alice's Restaurant
Posts: 5,154
Thanks: 19,784
Thanked 22,959 Times in 4,188 Posts
|
Sounds like you might have the FBI Moneypak Virus. Have a look at removal instructions here.
If you Google "FBI virus", "FBI malware" and similar key phrases, you will probably find the exact virus/malware that you have along with numerous sites giving removal instructions. Good luck. |
The Following 4 Users Say Thank You to Pad For This Useful Post: |
2nd August 2012, 23:12 | #3 |
Addicted Join Date: Jul 2012
Location: UK
Posts: 109
Thanks: 85
Thanked 406 Times in 101 Posts
|
Something I do if I ever expect something untoward is happening on my PC is open a command prompt window (start - programs - accessories - command prompt).
Last edited by Kytestar; 2nd August 2012 at 23:19.
Once you have the window open enter the following:- netstat -a Check for anything that looks odd. Obviously, if you have a torrent running or something this screen is gonna max out so do this when you have no connections to the internet. What it does is show a list of programs on your PC that are currently connected to the internet. A trojan will communicate with its "handler" via the internet usually via miirc. A trojan will let its handler install whatever they want on your PC like for example the FBI one you currently have. Usually though they will not want you to know they have you and that your PC is part of their botnet. They then use your bandwidth for spamming and DOS attacks on others. Second check to do is the typical ctrl, alt, delete and open task manager. Check the list of current processes. Become familiar with what your PC runs and if need be google each one to find out what it is. If anything strange is there then you can stop it dead (unless its a beyatch one that simply wont let you access task manager). Obviously, always run a decent firewall and virus killer at all times (and by decent I dont mean Nortons). I personally use Kapersky and have never been hit since moving over to this. With Norton I got nailed. Note: The netstat -a will return a lot of info. Dont panic. Most of it will be internal on IP's like 127.0.0.1 etc and a lot might be network based with IP's like 192.168.x.x. These are fine and are not problematic. What your really looking for is a TCP connection around port 6660-6669 that has a foreign IP or domain. Thats something connected to IRC and that you do not want (unless its you chatting on IRC of course). |
3rd August 2012, 06:40 | #4 |
Newbie Join Date: Feb 2008
Posts: 30
Thanks: 7
Thanked 60 Times in 13 Posts
|
I got one one these today, it happened when i was dl'ing a clip from rapidgator.
The clip wasn't even finished downloading when the message popped up. Ctrl alt delete would bring up the task manager for a second and then disappear, so that was no good.I don't use system restore, so i found out that using MalwareBytes will get rid of it. |
3rd August 2012, 09:39 | #5 |
"The Big Ass Connoisseur"
Clinically Insane Join Date: Dec 2010
Location: Home Alone
Posts: 3,969
Thanks: 17,686
Thanked 19,608 Times in 3,635 Posts
|
Firefox + NoScript = No drive-by malware downloaded onto your PC.
|
The Following 3 Users Say Thank You to iLikeBigButtz For This Useful Post: |
3rd August 2012, 10:50 | #6 |
Addicted Join Date: May 2008
Posts: 110
Thanks: 1,935
Thanked 250 Times in 86 Posts
|
|
3rd August 2012, 12:33 | #7 |
Forum Must Go on
Clinically Insane Join Date: Nov 2008
Location: Europe
Posts: 2,599
Thanks: 9,909
Thanked 20,130 Times in 1,427 Posts
|
a friend had a similar problem with the Greek version of "FBI warning-pay to get free"
He had a system restore and the malware gone |
The Following User Says Thank You to mikegr For This Useful Post: |
4th August 2012, 09:49 | #8 |
Novice
Join Date: Oct 2008
Posts: 86
Thanks: 629
Thanked 477 Times in 61 Posts
|
|
The Following User Says Thank You to what'sthatnoise? For This Useful Post: |
4th August 2012, 10:02 | #9 | |
Addicted Join Date: May 2008
Posts: 110
Thanks: 1,935
Thanked 250 Times in 86 Posts
|
Quote:
|
|
The Following User Says Thank You to loftytom For This Useful Post: |
Thread Tools | |
|
|