I have found several help topics to help remove the virus but the first step is to log into safe mode and run a program that ends the process the runs the virus program. The problem is that even in safe mode the computer wants to restart as soon as windows loads. I do not know how to stop the computer from restarting so I can continue on to the next step. I can not post logs or do any work from the computer that has the virus. I am working from another computer.
virus says FBI locked computer running vista [Closed]
Started by
hiloh2o
, Feb 26 2013 10:30 AM
-
This topic is locked
#1
Posted 26 February 2013 - 10:30 AM
hiloh2o
-
- Member
-
- 47 posts
Member
I have found several help topics to help remove the virus but the first step is to log into safe mode and run a program that ends the process the runs the virus program. The problem is that even in safe mode the computer wants to restart as soon as windows loads. I do not know how to stop the computer from restarting so I can continue on to the next step. I can not post logs or do any work from the computer that has the virus. I am working from another computer.
#2
Posted 26 February 2013 - 10:39 AM
Buddierdl
-
- Malware Removal
-
- 2,524 posts
Trusted Helper
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.
Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.
Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.
Please download the correct version (32-bit or 64-bit) depending on the type of the infected machine.
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.
Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.
Please download the correct version (32-bit or 64-bit) depending on the type of the infected machine.
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select English as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
#3
Posted 26 February 2013 - 10:56 AM
hiloh2o
- Topic Starter
-
- Member
-
- 47 posts
Member
Thank you for the speedy responce. I am working on your instructions. I will post as soon as I am thru
#4
Posted 26 February 2013 - 11:46 AM
hiloh2o
- Topic Starter
-
- Member
-
- 47 posts
Member
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 2037.36 MB
Available physical RAM: 966.18 MB
Total Pagefile: 4286.5 MB
Available Pagefile: 2942.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.49 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:109.72 GB) (Free:47.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:2 GB) (Free:1.1 GB) NTFS
4 Drive f: () (Removable) (Total:0.25 GB) (Free:0.08 GB) FAT
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 884 KB
Disk 1 Online 256 MB 0 B
Partitions of Disk 0:
===============
ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.
=========================================================
Partitions of Disk 1:
===============
ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.
=========================================================
Last Boot: 2013-02-26 11:19
==================== End Of Log ============================
Percentage of memory in use: 52%
Total physical RAM: 2037.36 MB
Available physical RAM: 966.18 MB
Total Pagefile: 4286.5 MB
Available Pagefile: 2942.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.49 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:109.72 GB) (Free:47.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:2 GB) (Free:1.1 GB) NTFS
4 Drive f: () (Removable) (Total:0.25 GB) (Free:0.08 GB) FAT
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 884 KB
Disk 1 Online 256 MB 0 B
Partitions of Disk 0:
===============
ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.
=========================================================
Partitions of Disk 1:
===============
ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.
=========================================================
Last Boot: 2013-02-26 11:19
==================== End Of Log ============================
#5
Posted 26 February 2013 - 12:18 PM
Buddierdl
-
- Malware Removal
-
- 2,524 posts
Trusted Helper
Are you sure you posted the whole log? It seems to be missing the first part.
#6
Posted 26 February 2013 - 01:06 PM
hiloh2o
- Topic Starter
-
- Member
-
- 47 posts
Member
it is the whole log. I will repost it. but it starts the same.
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 2037.36 MB
Available physical RAM: 966.18 MB
Total Pagefile: 4286.5 MB
Available Pagefile: 2942.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.49 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:109.72 GB) (Free:47.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:2 GB) (Free:1.1 GB) NTFS
4 Drive f: () (Removable) (Total:0.25 GB) (Free:0.08 GB) FAT
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 884 KB
Disk 1 Online 256 MB 0 B
Partitions of Disk 0:
===============
ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.
=========================================================
Partitions of Disk 1:
===============
ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.
=========================================================
Last Boot: 2013-02-26 11:19
==================== End Of Log ============================
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 2037.36 MB
Available physical RAM: 966.18 MB
Total Pagefile: 4286.5 MB
Available Pagefile: 2942.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.49 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:109.72 GB) (Free:47.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:2 GB) (Free:1.1 GB) NTFS
4 Drive f: () (Removable) (Total:0.25 GB) (Free:0.08 GB) FAT
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 884 KB
Disk 1 Online 256 MB 0 B
Partitions of Disk 0:
===============
ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.
=========================================================
Partitions of Disk 1:
===============
ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.
=========================================================
Last Boot: 2013-02-26 11:19
==================== End Of Log ============================
#7
Posted 26 February 2013 - 01:41 PM
Buddierdl
-
- Malware Removal
-
- 2,524 posts
Trusted Helper
That didn't work, so we need to try a different method. Is the computer 64-bit or 32-bit Vista?
#8
Posted 26 February 2013 - 01:43 PM
hiloh2o
- Topic Starter
-
- Member
-
- 47 posts
Member
Ok. I think I messed up. I was just going to retry the whole things to see if I came up with the same results and it will not let me in to safe mode without a password. it says administrator is not active and the one with the ID that was using when he got the virus the password he uses does not work. BUt the strange thing is that the computer is actually running now. Im sure its still infected. Should I try to clear out all the passwords and log into safe mode and do what you told me to do in the first step?
#10
Posted 26 February 2013 - 04:00 PM
hiloh2o
- Topic Starter
-
- Member
-
- 47 posts
Member
In about an hour I will be unavailable for about 12 hours. Just letting you know so that you know there will be a delay in my response after about an hour
#11
Posted 26 February 2013 - 04:40 PM
Buddierdl
-
- Malware Removal
-
- 2,524 posts
Trusted Helper
Thanks for letting me know.
Just to clarify: Can you access the computer desktop to run programs? If not, we can still fix it, we just need to use a different method.
Just to clarify: Can you access the computer desktop to run programs? If not, we can still fix it, we just need to use a different method.
#12
Posted 26 February 2013 - 04:58 PM
hiloh2o
- Topic Starter
-
- Member
-
- 47 posts
Member
Yes, I can now log in regular (without safe mode) and I can run programs
#13
Posted 26 February 2013 - 06:04 PM
Buddierdl
-
- Malware Removal
-
- 2,524 posts
Trusted Helper
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Please check the box next to Scan All Users.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
#14
Posted 27 February 2013 - 04:23 PM
hiloh2o
- Topic Starter
-
- Member
-
- 47 posts
Member
Hello again.
I have tried several times over the last couple hours to run the scan that you requested. At the bottom when the program gets to scanning firefox settings the program stops responding. It will not complete the scan.
I have tried several times over the last couple hours to run the scan that you requested. At the bottom when the program gets to scanning firefox settings the program stops responding. It will not complete the scan.
#15
Posted 28 February 2013 - 08:47 AM
Buddierdl
-
- Malware Removal
-
- 2,524 posts
Trusted Helper
Hi hiloh2o,
It seems that you may have a corrupt Firefox profile. The best thing to do for now would be to uninstall Firefox until we are done cleaning the computer. If that is okay with you, please uninstall it and then try to run the OTL scan again. Please not that when you uninstall it you must put a check mark in the box that says Remove my Firefox personal data and customizations. (Firefox will not preserve your bookmarks, saved passwords, and other data if it is installed again.)
If you really don't want to lose your bookmarks, saved passwords, and such, then let me know and we can go a different route.
It seems that you may have a corrupt Firefox profile. The best thing to do for now would be to uninstall Firefox until we are done cleaning the computer. If that is okay with you, please uninstall it and then try to run the OTL scan again. Please not that when you uninstall it you must put a check mark in the box that says Remove my Firefox personal data and customizations. (Firefox will not preserve your bookmarks, saved passwords, and other data if it is installed again.)
If you really don't want to lose your bookmarks, saved passwords, and such, then let me know and we can go a different route.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
