Some Persistant Trojan (possibly Fbi Virus)

Hello,

I have had an issue for the last several weeks with a ransomware virus.

Twice now my machine has been hijacked by a screen telling me I needed to pay $200 or so to restore my computer. The first warning was an "FBI Warning" and the second was as well I believe but the image was a bit different. The second time was just yesterday afternoon.

I was able to resolve the issue twice before by performing a System Restore after restarting windows on the command line (this was after trying several recommended ways to fix it by editing the registry). After the second time this occurred I resolved to purchase a real anti-virus package, Bitdefender Antivirus Plus 2013, to try and make sure this did not happen again. Up until this point I had some sort of free software from Symmantec received through my college.

Yesterday afternoon after rolling back to a previous system state to "fix" the computer I purchased and installed Bitdefender Antivirus Plus 2013.

Despite this the virus has now decided to come back. Thanks to bitdefender, I suspect, when the virus came back it did not lock up my machine however the virus is now constantly creating new files in a Windows temp folder in an attempt to hijack the machine. I do not know if this is the same fbi virus (since it has not taken over to tell me) but I suspect this is the case. I tried rolling back (for a second time in one day) to eliminate the problem but somehow or other it did not work and windows automatically deleted my previous and only restore point because it believed it was corrupted. I suspect this is because the trojan files were being generated even when I was in the command line mode (symmantec was listing them out while I worked to roll back the machine in Windows command line mode).

So now I cannot roll back to eliminate the constant spamming of new files and all bitdefender it doing (also the symmantec software which is still on there) is telling me that I have 600+ infected files and counting at this point but not doing anything about it. I have completely run out of ideas of what to try now. This is my only computer and it is now off and effectively unusable, I am typing this from a college computer.

I could use any help I can get. Having looked at similar posts on this forum I know I will have to post a log file somehow and we go from there.

Please let me know how to proceed.

Thank you.

Find more posts tagged with

Comments

Forager

Oops. I forgot to add that this computer is a Windows 7 64-bit laptop.

rootkit

Hello

In order to be able to further investigate the reported situation we need a bit more information from your computer as follows:

. A BDSYS log;

[how to GENERATE A BDSYS LOG]

. Save and extract the BDSYS tool to a location of your choice:

http://www.bitdefender.com/files/Knowledge.../BDSysLog_i.exe

. Make sure you close all active applications and then run "BDSysLog_i.exe"; If you receive a firewall

alert,select to Allow the application to connect;

. Click the "Create log" button to start generating the

log; A progress bar is indicating that the tool is creating the report;

. When the small window appears with the message "Log

saved" then the report is complete and a new file named "bdsyslog.zip" has appeared on your Desktop;

. Upload that file on

http://www.sendspace.com

http://www.mediafire.com

and send me a PM with the download link.

If you were already asked to generate the log file, disregard the message above and just post the ticket ID.

IMPORTANT:

.During this process the Real Time Protection in Bitdefender must be temporarily disabled;

.If you receive a Bitdefender Firewall alert to inform you that BDSysLog_i.exe tries to connect to the internet,then you need to select Allow;

[how to DISABLE THE ANTIVIRUS PROTECTION in Bitdefender 2013]

In order to disable the antivirus protection, please open Bitdefender and click the "Settings" button in the upper side part of the interface"; In the new window go to "Antivirus" > "Shield" tab and click on "ON" under On-access scanning. Select the time interval that suites your troubleshooting needs and click "OK". The On-access scanning should be enabled back after finishing the troubleshooting procedure.

We will get back to you as soon as the analysis is complete.

Have a nice day.

rootkit

Thank you for reporting this.

I've sent your request to our lab. I'll keep you up to date.

Have a nice day.

Forager

Hello Christian,

I'm not sure how long it normally takes for the lab to process logs so I just wanted to check in. My laptop is essentially nonfunctional until this virus can be removed and that, unfortunately, is making it harder for me work.

Thank you.

rootkit

Hello

My colleagues from the labs didn't find any traces of malware in your PC.

I believe the issue is caused by the 2 security software installed on that machine.

unning multiple security solutions on the same PC may affect their proper functionality as they compete for access to the same system resources. Even if they are turned off, there are some active processes running in the background.

We recommend you to uninstall other security solutions in order for Bitdefender to work properly.

Let me know if everything is OK after the first reboot.

Thank you!