30 replies to this topic

[Johnnie]

Here's what happened. Out of nowhere unexpectedly, my computer was frozen and locked down by a virus. Fortunately I found free virus-killer-programs through Youtube, and the programs got my computer unfrozen and got me back online to write this warning post. Read all about the virus on Youtube:

[addy1]

I have malwares running all of the time, it has caught a few viruses trying to hit my lappy.

[Johnnie]

I have malwares running all of the time, it has caught a few viruses trying to hit my lappy.

Me too. I have the McAfee security program running all of the time, but the ramson-virus sneaked through :-).

The virus attack may be a blessing in disguise for me. For decades I have relied on McAfee to catch and stop viruses from entering my computers.
However, after the ransom-virus-attack, now in addition to McAfee, I'm using these 2 free anti-virus programs:

This program will catch the ransom-virus and remove it from you computer. (Sadly McAfee failed to do its job even after I had McAfee to scan for the virus.)
http://www.techspot....ti-malware.html


This program will clean up the left-over "skeletons" after the virus is removed
http://www.piriform....leaner/download

To learn how to use the programs, watch the Youtube embedded in my first post.

[j.w]

Yep I use both Ccleaner and Malwarebytes along w/ Norton as my security program. Also use spybot search and destroy and sometimes use Superantispyware free edition.

[Johnnie]

Yep I use both Ccleaner and Malwarebytes along w/ Norton as my security program. Also use spybot search and destroy and sometimes use Superantispyware free edition.

It's better late than never. I wish you had told me about Ccleaner and Malwarebytes before the ramson-virus attack :-) I will look into your other anti-virus programs ASAP. Thanks. Oh well, I've learned of the problem the hardway; thus, I posted the warning and info to you ponder guys.

[j.w]

I wish I would have known that you were gonna need them. Darn that's a shame but glad you figured it out!

[Fishylove]

Lol you guy are funny

[passthekoi]

I have already tried to enter SAFE mode (all three types,) and it bluescsreens on me

any other way to get back into my PC?
I tried using my WinXP CD but couldn't remember the admin password for system repair

THis is what I put together for another tecchie website

my primary PC has blocked windows from me, I am using my #2 PC to request assistance.

My primary PC is a Dell T3500, quad processor, 12Gb RAM running WinXP x64, I use AVG2012 for my Antivirus with scheduled automatic scans, and last MS update was 15Nov.
I am the only user on these PCs and as such the only user logon at bootup is mine. [and yes that logon is the admin)
( I use ccleaner occasionally to clear cache and unwanted start-up apps)


Last night after clicking on a link from a google search , I believe my PC was hacked.

a fake webpage appeared demanding $200 to release my computer, showing that it had captured my browser data .


I took the PC offline and attempted some simple troubleshooting steps, but the START menu would only stay available for ~20 seconds.
my desktop icons never appear, (only the desktop background) so had to navigate as quickly as possible form the START menu to launch
was able to get ccleaner to complete a scan and clean, (before the primary monitor went blank {white} and the app and taskbar disappeared)
likewise when launching AVG, the app window would disappear before the scan completed and after few seconds #1 monitor would go white.
I tried launching in two different SAFE modes, but the bootup would result in a bluescreen.
Was likewise able to navigate to the RESTORE point screen and launch that, but in two efforts {1 day back and one week back)
both came back as "unable to perform restore" and when clicking OK to accept that fate, the screen went white again.


After these multiple efforts the START menu and TASKBAR started disappearing more quickly, like ~5seconds making it impossible to navigate quickly enough to perform anymore troubleshooting efforts.

Presuming now, I'll need a bootable option that will allow me to perform fixes outside my windows (profile) environment.

[addy1]

Try password for the winxp cd password. or blank

[j.w]

passthekoi
Sorry you are having computer headache problems

[passthekoi]

really getting frustrated here,
tried using windows 7 native image burner
no joy
tried imgburn
no joy
and finally
iso burner
and still getting nowhere
refuses to burn to etiher CDs or DVDs
from both my new Windows 7 machine and an old win XP (PIII machine)

[addy1]

Here is some net info on how to fix

http://www.prlog.org...r-computer.html

This one tells you how to modify your registry, have it on a screen next to your pc and follow. I have modified my registry in the past, just have to be careful


http://www.zimbio.co...te+FBI+Moneypak

http://www.2-viruses...-fbi-ransomware

http://www.callnerds.com/fbi-virus/

[passthekoi]

Thanks for your input.
I ended up finding a reputable online tech service that was able to walk me through loading an external windows environment from a flash drive and fix the issue remotely VERY early Sunday morning.

for anyone else falling victim to this FBI ransomware virus.
it dumps a file called .directory into your desktop folder and likewise loads it into your startup list... which then of course usurps your desktop control as soon as the startup is launched.
It likewise disables task manager.
if you can get to the startup listing before the screen goes white, just select and delete the file from startup ... (hopefully it isn't savvy enough to reload itself) and then reboot and navigate to your desktop folder and delete the actual file. might also be worthwhile to edit registry [regedit] and do a specific search on that file name and delete the entire string.

My problem was after so many personal attempts at troubleshooting that required HARD COLD boots, my safe modes would come back as bluescreens indicating I needed to run chkdsk, which of course I had no access to perform. so with no safe mode all the usual fixes were moot in my situation

[addy1]

Thanks for the info! I am going to print it out, cause if the computer is gone sure won't be able to read it! I have multiple layers of stuff protecting my puter, so maybe it won't make it here.........maybe

Can you share the online service? It would be nice to know a reputable group to get hold of it we have issues.

[Johnnie]

Thanks for your input.
I ended up finding a reputable online tech service that was able to walk me through loading an external windows environment from a flash drive and fix the issue remotely VERY early Sunday morning.

for anyone else falling victim to this FBI ransomware virus.
it dumps a file called .directory into your desktop folder and likewise loads it into your startup list... which then of course usurps your desktop control as soon as the startup is launched.
It likewise disables task manager.
if you can get to the startup listing before the screen goes white, just select and delete the file from startup ... (hopefully it isn't savvy enough to reload itself) and then reboot and navigate to your desktop folder and delete the actual file. might also be worthwhile to edit registry [regedit] and do a specific search on that file name and delete the entire string.

My problem was after so many personal attempts at troubleshooting that required HARD COLD boots, my safe modes would come back as bluescreens indicating I needed to run chkdsk, which of course I had no access to perform. so with no safe mode all the usual fixes were moot in my situation

I'm sorry for failing to answer your posts because I have not seen your posts until now. Congrats for getting rip of the virus.


Anyway, I do 2nd Addy1's request. Please share with us the contact info of the reputable virus-buster/FIXER. I will need his service because my computer has gone "power off" automatically once awhile while I'm surving the net.