|
Not Responding
Busted Liar...


Registered: 09/17/13
Posts: 6,755
|
ransomware aka FBI virus
#20326053 - 07/25/14 09:38 AM (9 years, 9 months ago) |
|
|
So a buddy calls me up saying his pc is locked and cannot access the net other than a redirection to a page that says the FBI has locked his PC for an infraction. He then goes on to say that he must pay a 600.00 fine via green money pak or he will be prosecuted to the fullest extent.
I told him to pull the battery asap and bring it over.
I ran the pc in safe mode and then did a system restore. Once restored I ran windows defender and malwarebytes. Nothing came up on WD, but a handful of shit came up on MWB. I went ahead quarantined everything then deleted it all.
What do you guys think? Is the pc in good health? Is there a better prgm I could run or is there a sure fire way of getting rid of this FBI shit?
He said he got the letter after going to putlocker and watching a movie.
-------------------- Dear Kratom, I've been numb for so long that I forgot how to feel So I don't care if it will break my heart, Just fuck me till I disappear
|
koraks
Registered: 06/02/03
Posts: 26,729
|
|
Obviously, the FBI have nothing to do with this, but I trust you figured that out already 
Just remove all malware; MWB with an up-to-date database or something similar such as Hitman Pro should do the trick.
Odds are your friend will be back in a few weeks with fresh malware for you to remove.
|
lessismore
Registered: 02/10/13
Posts: 6,268
|
|
Try ubuntu
I never liked windows7, I like the design of windows xp, 98,95,3.11,2000 much better
Win7 is too much eyecandy and too slow for me
Ubuntu is much better, never gets slow, never gets virus(so you dont need antivirus which slows your computer down 80% or so!!)
Ubuntu works for most things
Use the operating system that supports your needs, that is as stable as you need it
Windows xp is not an option anymore
tehre is only ubuntu or win7 as options it seems winxp doesnt support netbanking/java anymore it seems, even though I liked winxp 100x better than win7
|
koraks
Registered: 06/02/03
Posts: 26,729
|
Re: ransomware aka FBI virus [Re: lessismore]
#20326086 - 07/25/14 09:46 AM (9 years, 9 months ago) |
|
|
Am I missing something? I thought OP was asking how to clean his friend's PC, not which operating system to convert him to for technoreligious purposes.
|
Not Responding
Busted Liar...


Registered: 09/17/13
Posts: 6,755
|
Re: ransomware aka FBI virus [Re: koraks] 1
#20326150 - 07/25/14 10:01 AM (9 years, 9 months ago) |
|
|
I was reading a bit on hit man last night. Ill run this tonight as a precautionary step.
The second he said "pay fine using a green money pak" I started he was mad at first because he was freaked the fuck out, but eventually saw the humor in it. 
Its an interesting virus though. I guess it blocks portals and allows for a "hacker" to access your shit and use your webcam and other fun little pc stuff. I feel bad for the people that fall for this shit though.
Reminds me of those zimbabway emails asking for money in exchange for some rubys or some shit.
-------------------- Dear Kratom, I've been numb for so long that I forgot how to feel So I don't care if it will break my heart, Just fuck me till I disappear
|
Shroomism
Space Travellin



Registered: 02/13/00
Posts: 66,015
Loc: 9th Dimension
|
|
Run HiJackThis! , post the logfile in here - http://www.hijackthis.de/
--------------------
|
Not Responding
Busted Liar...


Registered: 09/17/13
Posts: 6,755
|
Re: ransomware aka FBI virus [Re: Shroomism]
#20327657 - 07/25/14 04:25 PM (9 years, 9 months ago) |
|
|
Ill check it out. Thanks.
-------------------- Dear Kratom, I've been numb for so long that I forgot how to feel So I don't care if it will break my heart, Just fuck me till I disappear
|
Black_Sunset
Amateur Anesthesiologist


Registered: 11/16/08
Posts: 2,451
Loc: Somewhere California
Last seen: 5 years, 11 months
|
|
Oldest scam. FBI: "go to walmart, buy a green dot card and mail it to this home address" only old ladies fall for that
--------------------

|
deadwk
00101011


Registered: 06/17/09
Posts: 8,890
Loc: Canada, eh?
|
|
Your friends PC "should" be good.
I would also run RogueKillerx64, and HitMan Pro 3, just to be 1000% sure.
But damn man how the hell did he get a ransomware on his desktop? That's so sad it's almost funny.
|
Oeric McKenna
LIFE CAPS


Registered: 06/15/12
Posts: 5,318
Loc: Babylon
|
Re: ransomware aka FBI virus [Re: deadwk]
#20329636 - 07/25/14 10:46 PM (9 years, 9 months ago) |
|
|
" I am african princess." " I very beatuful & I young. hot " " I love you and want honest fuck" " I just need bank routing numbers and I come see you on plane baby" "Baby...you there??"
|
Not Responding
Busted Liar...


Registered: 09/17/13
Posts: 6,755
|
Re: ransomware aka FBI virus [Re: deadwk]
#20331016 - 07/26/14 08:07 AM (9 years, 9 months ago) |
|
|
He said his son caught the V while trying to watch How To Train A Dragon 2. 
I'm sure he will be back with another issue, but I'm cool with it because he pays in pills.
-------------------- Dear Kratom, I've been numb for so long that I forgot how to feel So I don't care if it will break my heart, Just fuck me till I disappear
|
Not Responding
Busted Liar...


Registered: 09/17/13
Posts: 6,755
|
|
Quote:
Oeric McKenna said: " I am african princess." " I very beatuful & I young. hot " " I love you and want honest fuck" " I just need bank routing numbers and I come see you on plane baby" "Baby...you there??"
yeah...
-------------------- Dear Kratom, I've been numb for so long that I forgot how to feel So I don't care if it will break my heart, Just fuck me till I disappear
|
lessismore
Registered: 02/10/13
Posts: 6,268
|
|
notatrojan.exe
please click on this program and mail $1500 once to western union then we will ship you this beautiful parrot, the owner is an african man who just died and we promised to sell it to a new interested owner
|
Not Responding
Busted Liar...


Registered: 09/17/13
Posts: 6,755
|
Re: ransomware aka FBI virus [Re: lessismore]
#20331067 - 07/26/14 08:32 AM (9 years, 9 months ago) |
|
|
-------------------- Dear Kratom, I've been numb for so long that I forgot how to feel So I don't care if it will break my heart, Just fuck me till I disappear
|
deadwk
00101011


Registered: 06/17/09
Posts: 8,890
Loc: Canada, eh?
|
|
Quote:
Not Responding said: He said his son caught the V while trying to watch How To Train A Dragon 2. 
I'm sure he will be back with another issue, but I'm cool with it because he pays in pills. 
That's great haha.
|
Not Responding
Busted Liar...


Registered: 09/17/13
Posts: 6,755
|
Re: ransomware aka FBI virus [Re: deadwk]
#20334412 - 07/26/14 08:03 PM (9 years, 9 months ago) |
|
|
i know!
-------------------- Dear Kratom, I've been numb for so long that I forgot how to feel So I don't care if it will break my heart, Just fuck me till I disappear
|
deadwk
00101011


Registered: 06/17/09
Posts: 8,890
Loc: Canada, eh?
|
|
Man I'm going to college to become a Sys Admin, I'd be so down if I got paid in pills and drugs
|
Not Responding
Busted Liar...


Registered: 09/17/13
Posts: 6,755
|
Re: ransomware aka FBI virus [Re: deadwk]
#20334436 - 07/26/14 08:06 PM (9 years, 9 months ago) |
|
|

around here you can pay mechanics in beer...
-------------------- Dear Kratom, I've been numb for so long that I forgot how to feel So I don't care if it will break my heart, Just fuck me till I disappear
|
deadwk
00101011


Registered: 06/17/09
Posts: 8,890
Loc: Canada, eh?
|
|

Man I'm so living in the wrong city
|
Not Responding
Busted Liar...


Registered: 09/17/13
Posts: 6,755
|
Re: ransomware aka FBI virus [Re: deadwk]
#20334464 - 07/26/14 08:09 PM (9 years, 9 months ago) |
|
|

we are in opposite sides of the world...
South Texas!
-------------------- Dear Kratom, I've been numb for so long that I forgot how to feel So I don't care if it will break my heart, Just fuck me till I disappear
|
my3rdeye



Registered: 08/10/12
Posts: 4,354
Loc: Canada
Last seen: 3 years, 16 days
|
|
Quote:
Not Responding said:
He said he got the letter after going to putlocker and watching a movie.
It must be a real messed up porn site for a cover story like that.
|
Not Responding
Busted Liar...


Registered: 09/17/13
Posts: 6,755
|
Re: ransomware aka FBI virus [Re: my3rdeye]
#20336413 - 07/27/14 06:55 AM (9 years, 9 months ago) |
|
|

thats what i said...
-------------------- Dear Kratom, I've been numb for so long that I forgot how to feel So I don't care if it will break my heart, Just fuck me till I disappear
|
lessismore
Registered: 02/10/13
Posts: 6,268
|
Re: ransomware aka FBI virus [Re: deadwk]
#20341506 - 07/28/14 06:01 AM (9 years, 9 months ago) |
|
|
Quote:
thedeadwalkk said: Man I'm going to college to become a Sys Admin, I'd be so down if I got paid in pills and drugs 
Sysadms nullroute each week, usually friday
Rewind the tape, redirect stdin to /dev/urandom
funny things can happen
although null routing is rarely pleasant for me :-) , no matter how many times I do it
fork a new instance of yourself
|
Nemodeus
Introvert

Registered: 04/01/14
Posts: 427
|
|
Safest route would be to backup all your buddies personal files to a usb drive then reformat the hard drive and reinstall the operating system.
Antivirus software and/or malware removal tools can usually do a pretty good job, but you can never be 100% sure that they wont miss something. A freshly installed operating system on the other hand is guaranteed to be clean (at least so far as you trust the proprietor anyway), and in many cases is actually much faster than scanning the entire system for known malware.
-------------------- In an entheogen influenced moment of clarity I came to understand that reality manifests as a dream from the collective subconscious minds of all conscious entities. Nothingness made something because we collectively believe it into being, and physical laws given power by the reinforcement of conscious observation. Creation, destruction, and even time itself are but an aspect of ourselves and we of them. Life and death, simply illusions we face from a limited grasp of our own existence. We are one, all is eternal.
|
deadwk
00101011


Registered: 06/17/09
Posts: 8,890
Loc: Canada, eh?
|
Re: ransomware aka FBI virus [Re: Nemodeus]
#20344353 - 07/28/14 08:16 PM (9 years, 9 months ago) |
|
|
@lessismore:

I already had to do some of that for an end of year school project, I was running 2 linux servers as email, firewall, ftp, http, and nfs servers.
It was so tedius and dumb 
Quote:
Nemodeus said: Safest route would be to backup all your buddies personal files to a usb drive then reformat the hard drive and reinstall the operating system.
If those files are infected, then your newly installed OS would be infected too upon execution of said files, or transfer of the files.
|
Nemodeus
Introvert

Registered: 04/01/14
Posts: 427
|
Re: ransomware aka FBI virus [Re: deadwk]
#20344385 - 07/28/14 08:24 PM (9 years, 9 months ago) |
|
|
By personal files I was thinking more along the lines of photos, or music, or text documents, or whatever, not executables.
But should probably scan them first just to be sure. Its still faster than scanning the entire system.
-------------------- In an entheogen influenced moment of clarity I came to understand that reality manifests as a dream from the collective subconscious minds of all conscious entities. Nothingness made something because we collectively believe it into being, and physical laws given power by the reinforcement of conscious observation. Creation, destruction, and even time itself are but an aspect of ourselves and we of them. Life and death, simply illusions we face from a limited grasp of our own existence. We are one, all is eternal.
|
deadwk
00101011


Registered: 06/17/09
Posts: 8,890
Loc: Canada, eh?
|
Re: ransomware aka FBI virus [Re: Nemodeus]
#20344449 - 07/28/14 08:41 PM (9 years, 9 months ago) |
|
|
Viruses can infect files that aren't specifically executables. The executable as far as my knowledge of viruses/malware goes, is generally what starts getting your system infected. But after that viruses/malware can replicate and infect your registry, and other types of files.
|
Nemodeus
Introvert

Registered: 04/01/14
Posts: 427
|
Re: ransomware aka FBI virus [Re: deadwk]
#20344626 - 07/28/14 09:26 PM (9 years, 9 months ago) |
|
|
Malware can make changes to non-executable files sure, but the resulting code would need to be executed somehow to have any effect.
Malware doesn't run itself just by having the file on your drive, its not some sentient being that lives in your system, its just code that needs to be executed just like any other code. Usually this happens the first time through browser exploits (almost always javascript or plugin related), or by disguising itself as some non threatening software that the user unwittingly executes himself (known as a trojan). When the code is executed the fist time it would install itself somewhere in the system and configure the registry to auto-execute it from then on.
I suppose in theory it would possible to exploit a vulnerability in some photo viewer or media player software or whatever to execute code hidden within an ordinarily non-executable file like an mp3, but its pretty unlikely and would be entirely reliant upon a specific piece of software being utilized.
For example, maybe it takes advantage of a flaw in the way itunes plays a music file to execute code hidden within an mp3. Its pretty unlikely that a security flaw this huge in itunes would not be discovered and patched, and even less likely that the compromised mp3 with the hidden code would be listed in an antivirus database.
Either way its still safer and likely faster to reformat the drive and reinstall the operating system, and just use the antivirus or whatever for the personal files that you transfer rather than entirely rely on it to clean the entire system.
-------------------- In an entheogen influenced moment of clarity I came to understand that reality manifests as a dream from the collective subconscious minds of all conscious entities. Nothingness made something because we collectively believe it into being, and physical laws given power by the reinforcement of conscious observation. Creation, destruction, and even time itself are but an aspect of ourselves and we of them. Life and death, simply illusions we face from a limited grasp of our own existence. We are one, all is eternal.
|
Not Responding
Busted Liar...


Registered: 09/17/13
Posts: 6,755
|
Re: ransomware aka FBI virus [Re: Nemodeus]
#20346189 - 07/29/14 10:38 AM (9 years, 9 months ago) |
|
|
Ill be giving his machine back today. If the problem persists my next step will be to reformat.
-------------------- Dear Kratom, I've been numb for so long that I forgot how to feel So I don't care if it will break my heart, Just fuck me till I disappear
|
mandrin13
Stranger


Registered: 07/08/14
Posts: 1,111
Loc: Socal
Last seen: 5 months, 24 days
|
|
Windows IS the FBI malware
-------------------- Even Jesus got stoned.
|
Not Responding
Busted Liar...


Registered: 09/17/13
Posts: 6,755
|
Re: ransomware aka FBI virus [Re: mandrin13]
#20350119 - 07/30/14 07:12 AM (9 years, 9 months ago) |
|
|
-------------------- Dear Kratom, I've been numb for so long that I forgot how to feel So I don't care if it will break my heart, Just fuck me till I disappear
|
iateshaggy
i haxor 360s



Registered: 05/20/05
Posts: 4,709
Loc: 612 Warf Avenue, next to....
Last seen: 2 months, 7 days
|
|
Quote:
Not Responding said: Ill be giving his machine back today. If the problem persists my next step will be to reformat.
first step is reformat. i like to back up the files and save them for a week and then scan the drive before transferring back to the once infected pc.
-------------------- You are a filipina sex goddess who wants to fuck me until I fall asleep, so then you can tickle my balls and see if the legend of my diamond filled nutsuck is true. I am a white man from costa rica, who smells like lime jello.
I can flash/jtag/repair 360's, pm for details.
|
Not Responding
Busted Liar...


Registered: 09/17/13
Posts: 6,755
|
Re: ransomware aka FBI virus [Re: iateshaggy]
#20354535 - 07/31/14 07:24 AM (9 years, 9 months ago) |
|
|
Why a week?
-------------------- Dear Kratom, I've been numb for so long that I forgot how to feel So I don't care if it will break my heart, Just fuck me till I disappear
|
iateshaggy
i haxor 360s



Registered: 05/20/05
Posts: 4,709
Loc: 612 Warf Avenue, next to....
Last seen: 2 months, 7 days
|
|
to give my av program time to update for any possible virus from the time i wipe the system.
-------------------- You are a filipina sex goddess who wants to fuck me until I fall asleep, so then you can tickle my balls and see if the legend of my diamond filled nutsuck is true. I am a white man from costa rica, who smells like lime jello.
I can flash/jtag/repair 360's, pm for details.
|
Not Responding
Busted Liar...


Registered: 09/17/13
Posts: 6,755
|
Re: ransomware aka FBI virus [Re: iateshaggy]
#20359236 - 08/01/14 07:18 AM (9 years, 9 months ago) |
|
|
gotcha
-------------------- Dear Kratom, I've been numb for so long that I forgot how to feel So I don't care if it will break my heart, Just fuck me till I disappear
|
|