My computer has a virus

[jgln]

I am using my laptop now, but the virus has my computer locked. I went online, on this computer, and I found a site that for $100 bucks or so the tech will remotely log into my computer and clean it up. Well, since it has already been attacked I am leary letting someone I don't know log in remotely.

Anyone else use a service like this? Any suggestions? I cannot download software online due to the block. Virus says I was downloading child porn, which I was not, and says it is FBI and unless I pay $200 in 48hrs they will report me to local authorities. But it says it is the FBI...really? When did the FBI take bribes for child porn?? I did a search and it is a scam.

 

[broadbill]

Its a scam, but its a virus. If you can boot from another drive, you should probably wipe the drive and reinstall the operating system. I hope you have backed up your data, because you will lose it all with this plan. good luck.

 

[jgln]

Well, yes I can default my computer to default but I don't want to do that. Do you really think a service would not be able to save my files?

 

[jgln]

I have no problem taking it to a shop and have them do it, or geek squad to the house, I have no child porn on it, but I was wondering if having someone log in remote the easy way. Can I buy a CD software in a store? I have to admit, I only have the virus software that came with it and that has probably expired.

 

[broadbill]

I have no problem taking it to a shop and have them do it, or geek squad to the house, I have no child porn on it, but I was wondering if having someone log in remote the easy way. Can I buy a CD software in a store? I have to admit, I only have the virus software that came with it and that has probably expired.

I dunno about the remote hookup, but I would imagine they would need to have the computer booted up and on the internet to access it. If the virus doesn't let you get that far, you will either have to do it yourself or take it to someone.

 

[NervousDad]

Download malwaybytes from another computer, start your pc with the virus in safe mode install the malwarebytes and you should be good to go 99% of the time. Don't allow the remote login. Many of these viruses are written specifically to hold your pc hostage so they can go in with an easy fix.

 

[bobbrews]

It sounds like a malware scam. If your computer is also slow, sluggish, and acting crazy then I suggest the following advice.

Back up your information on flash drives or CDs. Then restart your computer, and before Windows starts, enter BIOS by pressing the appropriate "F" key. Change your boot priority to CD-ROM first, Hard Drive second. Then using your original Windows CD, perform a full reinstall of Windows, which will erase everything and restore your computer to how it was on day one. The entire process will take a couple hours. But it's easy enough to do yourself and you won't have these problems any longer.

 

[jgln]

What I don't get is if my computer has been compomised, why would I enter my credit card # on it to download a cleanup software?

 

[broadbill]

What I don't get is if my computer has been compomised, why would I enter my credit card # on it to download a cleanup software?

you wouldn't...what are asking exactly?

edit to add: I'm assuming that when you said that remote fix is an option, is that you had a reputable one in mind and that you could access them without using the comprimised computer. If you can't do that, everything is moot. I'd attempt a backup and wipe/reinstall OS.

 

[GilaMinumBeer]

Use your laptop to make a bootable disc/usb for offline scan with Windows Defender. Then run Malware Bytes off a USB while in safe mode. Then run the Resplendence software 'Sanity check' for rootkits.

 

[jgln]

I dunno about the remote hookup, but I would imagine they would need to have the computer booted up and on the internet to access it. If the virus doesn't let you get that far, you will either have to do it yourself or take it to someone.

Yeah, I told him I only have access offline, once online I get blocked. He seemed to know all about it and how to fix it regardless. Said I can watch him do it.

 

[kroach01]

It sounds like a malware scam. If your computer is also slow, sluggish, and acting crazy then I suggest the following advice.

Back up your information on flash drives or CDs. Then restart your computer, and before Windows starts, enter BIOS by pressing the appropriate "F" key. Change your boot priority to CD-ROM first, Hard Drive second. Then using your original Windows CD, perform a full reinstall of Windows, which will erase everything and restore your computer to how it was on day one. The entire process will take a couple hours. But it's easy enough to do yourself and you won't have these problems any longer.

+1

Bios might be a different key though, like f12 or something.

 

[bobbrews]

Oh and when your computer is brand new again, you'll need to enter BIOS once more and change the Boot Priority back to Hard Drive first, CD-ROM second.

 

[porcupine73]

Those malware scams suck. I got hit by one of those a couple years ago. I tried using some of these tools to clean it up, but then Windows wouldn't boot. I wiped the hard drives and started completely over, and it was funny, Windows installed OK, but it would always hang at this one driver when booting even in safe mode. I think the virus or the repair somehow messed up some part of firmware on the computer.

But on the plus side sometimes you can get an Arab Sheik who is looking for help transferring lots of money around, with your cut you could buy as many new computers as you could possibly want!

 

[jgln]

The remote tech service is called The Live Tech if anyone ever used them. I think I would still have to give my CC# up front so I don't understand. Don't want to do that on that computer. When I buy stuff online I always use my work computer on their network, their protection has to be the best for their purposes.

 

[jgln]

+1

Bios might be a different key though, like f12 or something.

Yeah, I did it once before. Cleaned it up but put it back to the out of the box settings and lost anything I added. It was F10.

 

[Homercidal]

The warning is a scam, but you are infected with something.

If you can back up important files to CD or Thumbstick, do it first.

Then you can safely play with Malwarebytes and/or reinstalling Windows. Sometimes these things can be cleaned up with a combination of the right software and the right methods, but if you are not fairly savvy the re-install may end up being faster and give you a better end result.

I do NOT recommend letting any tech you don't know access your computer remotely. And a visit to Geek Squad will be $$ and from what I have heard you have a good likelyhood of having them image your drive to original state because it's just dead simple for them and the problem is gone. I've even had Dell charge a person $100 just to restore their disk to original state AFTER SHE EXPLICITLY TOLD THEM NOT TO DO ANYTHING DESTRUCTIVE BEFORE SHE GAVE THEM PERMISSION.

If I were to have this on my computer I'd get Malwarebytes on a thumbstick or CD and install (after trying to kill the process that causes the pop up.) And after Malwarebytes has had it's turn I'd use a good Antivirus and finally a run through with CCLEANER to clean up the registry. But I might also use Hijackthis to browse some important areas of the registry to confirm certain executables are, or are not, being called at start-up.

Some more recent virus/malware changes file associations on your computer so that it intercepts, or removes executable file calls to the OS. You would then download a registry setting and merge it into your registry to restore the default system executable calls and regain the ability to run programs. Not being able to run executables hinders the cleaning process a bit, as you can imagine.

 

[broadbill]

The remote tech service is called The Live Tech if anyone ever used them. I think I would still have to give my CC# up front so I don't understand. Don't want to do that on that computer. When I buy stuff online I always use my work computer on their network, their protection has to be the best for their purposes.

I'd say give them the CC# and be prepared to close/dispute any charges if it gets stolen because of the compromised machine.

If I were you I'd probably be taking it to someone local (or doing it myself); that way I can hold someone accountable that it gets fixed.

 

[mredge73]

It should have only locked up your internet browser, right?
If so it is a common re-direct virus, like the flu some variations are very easy to get rid of and some are very difficult.
The service that you speak of is part of the scam, they infect your computer and then bring up a window telling you to pay them to remove it.

I would try to fight back before wiping it clean and starting over.
Start with malwarebytes (free), CCleaner (free), and AVG virus scan (select free version); all available at download.com for free.
You may have to save them on your laptop and then transfer them to the infected computer.
Start with AVG, run a full scan to see if it can find the active virus and kill it.
Then run malwarebytes for damage control, the virus may have copied itself elsewhere and this should find it.
The run CCleaner to toughly clean the internet cach and temporary files, then run it on the registry mode to clean the registry.
Do not re-run the internet browser between steps or you may have to start over.
After running all programs check to see if your browser is back to normal.
If it is works; download Google Chrome or Firefox immediately and never use IE again.

 

[jgln]

My wife has lots of pictures on it, she also has them on another computer, but I don't want to wipe out her backups so I don't want to go back to default. I have nothing on it but some links to forums (like this one) I frequent so I don't mind losing those, easy to rebuild. I need some protection anyway and the remote cleanup service comes with that too. 1 year.

 

[Homercidal]

Do a google search for FBI virus scam. There are many links with removal instructions. I don't think this is one of the more difficult viruses to remove. You may get a consensus on how to boot to safe mode, or alternate user so you can run the suggested cleaning software.

 

[Homercidal]

I personally don't spend a penny for protection tools, except maybe virus scan, and that's only because I prefer the one I pay for (ok, work pays for) NOD32 to the free AVG and AVAST, although the free ones do work and Avast is actual a pretty decent software that you can supposedly use at home for a year.

I don't normally use malware software running in the background. Using my experience and always assuming people are trying to infect me, I've been safe for years. If something comes up I can take care of it with experience cleaning computers at work or friends/family computers.

 

[jgln]

It should have only locked up your internet browser, right?
If so it is a common re-direct virus, like the flu some variations are very easy to get rid of and some are very difficult.
The service that you speak of is part of the scam, they infect your computer and then bring up a window telling you to pay them to remove it.
I would try to fight back before wiping it clean and starting over.
Start with malwarebytes (free), CCleaner (free), and AVG virus scan (select free version); all available at download.com for free.
You may have to save them on your laptop and then transfer them to the infected computer.
Start with AVG, run a full scan to see if it can find the active virus and kill it.
Then run malwarebytes for damage control, the virus may have copied itself elsewhere and this should find it.
The run CCleaner to toughly clean the internet cach and temporary files, then run it on the registry mode to clean the registry.
Do not re-run the internet browser between steps or you may have to start over.
After running all programs check to see if your browser is back to normal.
If it is works; download Google Chrome or Firefox immediately and never use IE again.

No, I went online on this computer and there a re lots of remote services to help clean you computer, I am not talking about paying $200 to have the scamers clean it up. Thanks for the rest of the advice though!

 

[jgln]

The warning is a scam, but you are infected with something.

If you can back up important files to CD or Thumbstick, do it first.

Then you can safely play with Malwarebytes and/or reinstalling Windows. Sometimes these things can be cleaned up with a combination of the right software and the right methods, but if you are not fairly savvy the re-install may end up being faster and give you a better end result.

I do NOT recommend letting any tech you don't know access your computer remotely. And a visit to Geek Squad will be $$ and from what I have heard you have a good likelyhood of having them image your drive to original state because it's just dead simple for them and the problem is gone. I've even had Dell charge a person $100 just to restore their disk to original state AFTER SHE EXPLICITLY TOLD THEM NOT TO DO ANYTHING DESTRUCTIVE BEFORE SHE GAVE THEM PERMISSION.

If I were to have this on my computer I'd get Malwarebytes on a thumbstick or CD and install (after trying to kill the process that causes the pop up.) And after Malwarebytes has had it's turn I'd use a good Antivirus and finally a run through with CCLEANER to clean up the registry. But I might also use Hijackthis to browse some important areas of the registry to confirm certain executables are, or are not, being called at start-up.

Some more recent virus/malware changes file associations on your computer so that it intercepts, or removes executable file calls to the OS. You would then download a registry setting and merge it into your registry to restore the default system executable calls and regain the ability to run programs. Not being able to run executables hinders the cleaning process a bit, as you can imagine.

Ah, good idea...use this company laptop to download software to thumbstik then load on infected computer.

 

[jgln]

You know I don't know what the penalty is for hackers and such if caught, but IMO they should get at least 30,40 years in prision no parole, hell make it life. That would put an end to the crap.

 

[zman]

download rkill and boot into safe mode (F8). http://www.bleepingcomputer.com/download/rkill/. Install it and run all three components then do a virus scan. Safe mode installs that minimum drivers needed to run windows. Personally I do not trust Windows Defender. It does not catch everything and it has crashed on me more than a few times. Then get a good and free antivirus like AVG or Avast

 

[GilaMinumBeer]

You know I don't know what the penalty is for hackers and such if caught, but IMO they should get at least 30,40 years in prision no parole, hell make it life. That would put an end to the crap.

Ha. Good luck with that one. Frauding a bank account doesn't even get the perp jail time.

 

[GilaMinumBeer]

download rkill and boot into safe mode (F8). http://www.bleepingcomputer.com/download/rkill/. Install it and run all three components then do a virus scan. Safe mode installs that minimum drivers needed to run windows. Personally I do not trust Windows Defender. It does not catch everything and it has crashed on me more than a few times. Then get a good and free antivirus like AVG or Avast

I am meerly suggesting the offline scanner. It does a minimal boot of windows and then scans the drive for everythoing prior to any load.

 

[jgln]

you wouldn't...what are asking exactly?

edit to add: I'm assuming that when you said that remote fix is an option, is that you had a reputable one in mind and that you could access them without using the comprimised computer. If you can't do that, everything is moot. I'd attempt a backup and wipe/reinstall OS.

Maybe I wasn't clear. I mean why would I enter my personal information and CC# on a computer that is infected with say spyware, to get rid of the spyware? Wouldn't there be a risk that my CC# and personal information be stolen on the infected computer I am trying to clean up?

 

[GilaMinumBeer]

Maybe I wasn't clear. I mean why would I enter my personal information and CC# on a computer that is infected with say spyware, to get rid of the spyware? Wouldn't there be a risk that my CC# and personal information be stolen on the infected computer I am trying to clean up?

You shouldn't, but some folk aren't as keen.

 

[Beer-lord]

Download malwaybytes from another computer, start your pc with the virus in safe mode install the malwarebytes and you should be good to go 99% of the time. Don't allow the remote login. Many of these viruses are written specifically to hold your pc hostage so they can go in with an easy fix.

Yes, this program works wonders. After you use this one, download SuperAntiSpyWare (free version) and run it as well.

 

[zman]

I am meerly suggesting the offline scanner. It does a minimal boot of windows and then scans the drive for everythoing prior to any load.

Understood. I am just not a fan of it after using it. Malware bytes is great. Another great free utility is CCleaner. http://www.piriform.com/CCLEANER. I run this every two weeks or so. It is great for removing files you do not need.

 

[IXVolt]

I've dealt with numerous viruses over the years. Malwarebytes is a good tool. As mentioned earlier, I would download it (it's free) on another PC, install it via thumb drive on the infected one and run it. If it doesn't fix it, it should at least identify the name of the virus/trojan and that will give you an idea on what you are dealing with.

Also, I would take the pc to a local shop before doing anything remotely online.

 

[GilaMinumBeer]

Understood. I am just not a fan of it after using it. Malware bytes is great. Another great free utility is CCleaner. http://www.piriform.com/CCLEANER. I run this every two weeks or so. It is great for removing files you do not need.

Only problem is Malware Bytes won't do an offline scan. Otherwise it is a great utility.

 

[IXVolt]

Only problem is Malware Bytes won't do an offline scan. Otherwise it is a great utility.

Hmm, I thought it would.

 

[jgln]

Thanks guys, I have to go now and there is a lot of good information to digest, I will check in later but please keep the suggestions coming.

 

[Misplaced_Canuck]

I've had better results with Avast than with Malwarebytes.

If you can google the symptoms of the virus, usually you can find the solution for it.

MC

 

[Homercidal]

Only problem is Malware Bytes won't do an offline scan. Otherwise it is a great utility.

And it doesn't install in safe mode IIRC. But yeah, I usually try and kill the process and run it, or add the infected drive to another computer and perform the scan that way.

By the time I've gotten to Malwarebytes I've reached a point where I've manually made the computer functioning with the virus holding it up.

Another option is to load a thumb drive with a full functioning OS with AV and Antispyware software, etc and boot the computer using that system. They are pretty cheap to set up (if your OS is Linux or a "free" version of Windows) and you have the advantage of not having to pull the drive or any of that extra work once it's set up.

If you screw it up you can easily re-image it.

The hard part is putting it all together ahead of time. I've yet to do this, but I really should. That way I can just boot the OS on the thumb drive and run scans on the drive of the infected computer and carry it all around in my pocket.

 

[Sacdan]

You should be able to run a System Restore.. Start, Programs, Accessories, System Tools, System Restore. Roll it back a few days. The last time I saw this Malware, a System Restore fixed it. After the restoer, scan for Malware

 

[sudsmcgee]

You should be able to run a System Restore.. Start, Programs, Accessories, System Tools, System Restore. Roll it back a few days. The last time I saw this Malware, a System Restore fixed it. After the restoer, scan for Malware

This is the easiest and quickest fix and worth trying first. I've had some impossible to remove virus and racked my brain for days thinking of how to remove it without a complete wipe, and just before giving in I gave system restore a try. It worked.