Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

"FBI" virus - says my computer is froze till send CASH


  • Please log in to reply

#1
kirbyjoe

kirbyjoe

    New Member

  • Member
  • Pip
  • 1 posts
I turn my computer on, it starts normally. Soon as the internet boots, my computer is hijacked. A page comes up stating the FBI has determined there is illegal material on my computer and if this is my first offense it will be forgiven if I send $200 cash thru some paypal type program. I have tried to escape, it goes to the Toshiba start screen and freezes. I ran AVAST boot log in, nothing. Ran Advanced Care malware scan, no virus, trojan or malware. I know the FBI isn't going to demand cash, threaten me or freeze my computer if they really thought I had done something wrong. So how do I get rid of this? The only way I can get into my computer is in safe mode, then I can get on internet.
  • 0

Advertisement


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 13,200 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured