FBI Locked your Computer scam..

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Baiting Guru Joined: 27 Mar 2011 Posts: 21158

From one of the forums that I read regularly http://theerant.yuku.com/topic/53357/FBI-Locked-your-Computer-scam#.UGGAwK7l2Ck The OP tells of this and apparently a few others there have had it

Quote:

Okay for some reason my anti virus did not pick this up.. I start my computer and I get a screen that says this computer has bee locked by the FBI.. It looks offical but then is asks for a $200 fee to unlock it.... Just FYI if this happens to you just a system restore and it will work again...

I'll edit the screenshot in after I mark it.

Posted: Wed Nov 14, 2012 8:51 pm

Does a system restore wipe out all the data on your HDD?

I'm gonna write my own OS now to prevent this sort of thing...

Hello I'm New here! Joined: 13 Oct 2010 Posts: 2

I received one of these about 2 weeks ago.

First I restarted in " safe " mode ,

Then I ran a system restore , to an earlier time

Then I restarted in regular mode and ran an antivirus

Everything was fine and back to normal after that

Posted: Tue Jan 08, 2013 9:49 am

I also had this. I read your post and tried the same to fix it.

security essentials scan afterwords revealed a variant of TobfY trojan

googled "name of trojan" typed exactly as reported by security essentials

for your computer's safety you may need further action. microsoft support came up from my search. they reported near bottom of article that further action may be required as it is a nasty malware that can repair itself. They advise use an uninfected computer to get "windows defender offline" (from microsofts website. It's free) you burn it to a cd/dvd or usb that you then boot on the infected computer and then it is supposed to fix it properly. I did this and am still not sure this sucker is dead.

419Eater is my life Joined: 18 Jan 2010 Posts: 357

You can download the free Avira rescue cd, which runs on linux. Use that to do a full scan and it will be able to wipe out the problem for you, even if it resides in places windows (and windows based scanners) can't reach. I've had very good luck with it in the past, and it's a great way to ensure you've gotten all the pieces of the nasty little virus removed.

Posted: Tue Jan 15, 2013 4:04 am

You can download the free Avira rescue cd, which runs on linux.

Thanks,

3infections found

I sure hope that's the last of my infection problems!!!

Posted: Thu Jan 31, 2013 5:40 pm

I saw that some guys in security run Windows in a virtual machine when testing software and the fake MS computer repair technicians. They let them do their bad stuff to see how the scam works while recording the session for YouTube. Afterwards any bad stuff is fixed by simply deleting the virtual machine or going back to a prior snapshot before the exploit attempt.

If you play with ransomware, you may wish to consider running a virtual machine. Virtualbox is open source and free.

Wikipedia article on it. http://en.wikipedia.org/wiki/VirtualBox

I have it on one of my machines running on Linux Mint. May the hacks and ransom war begin. An ounce of prevention is worth a pound of cure.

A video of one of the virtual machine sessions with Microsoft Support scammers is posted on youtube here to see it in operation.
https://www.youtube.com/watch?v=hSFRtPus3DQ

Master Baiter Joined: 06 Apr 2011 Posts: 131

I don't mean to dig up an old thread but I was reading this and thought I'd comment. I've had this ransomware BS crop up on my PC eight times during the past couple of months. It's beginning to drive me insane - I'm running Windows 8 with adequate anti-virus protection, so either they're aware of my IP address and I'm being individually targeted (which I hope isn't the case, although seems unlikely) or I'm just really unlucky. I've had to stop my dad sending money to them when it appeared on his computer (thank goodness he had the sense to contact me and ask about it before giving them any cash). What winds me up the most is that we can't bait them because they don't give an email address. Mad

419Eater is my life Joined: 18 Jan 2010 Posts: 357

It sounds like 1 of 2 things is going on....1)You're not getting all the virus when you clean it. This is probably the most likely thing. understand that it can and will circumvent your real-time virus scanner, and once it's embedded itself good, you're never going to get rid of it from within windows(well, at least not without an abundant amount of time and effort). Assuming this is the case, it will continue to spring back up periodically until you get all of it, and the longer this goes on, the more embedded it can become(depending on which variation of the virus it is). My advice here is a multi-faceted solution....first, get that avira rescue cd and run it twice. After that boot windows back into safe mode and scan with malwarebytes antimalware(they also have a free version-download it to a flash drive from a clean computer, then install it in safe mode from there. you won't be able to download updates but that's ok for now). Once you've done that, reboot into normal mode and run malwarebytes again...this time, update first to get the latest definitions then scan. At this point, you should be clean but let's be sure...download and run combofix from bleepingcomputer. Once it finishes(will take a bit) scan 1 last time with malwarebytes just to be sure. You should be totally clean now. And then some lol.
Scenario 2 would be that the virus is living on another computer on your network that has access and is spreading the infection around that way. In this case you do the same as above, just to every computer instead of just yours.
I admit it's a little tedious process, but I like to be sure and the viruses based upon that one can be particularly sneaky so better safe than sorry.
Hope that helps ya Smile

also you can use network snooping software to see where the connections are going and then you could reverse lookup and probably resolve that to an email address eventually, but it would be a lot of trouble.

Wannabe Baiter Joined: 15 Jul 2013 Posts: 94

Just my 2 cents: LINUX

Ubuntu is a free download...and the live CD is a lifesaver. With the live CD you can boot you computer directly from the CD without making any changes to existing operating system...it'll boot to full desktop environment, can surf the web, can do hard drive utilities to clean viruses, even from windows systems...or boot to a fully functional mode with a sacrificial hard drive that you can simply format later and put the real hard drive back in (for exploring "dangerous" web sites)

Linux isn't invincible, it simply that MOST of the virus and maleware runs off exploits in Windows and MSIE....a windows .exe simply won't run in linux. And even if you you do manage to download a virus, it will just sit there, dead and inactive on the hard drive forever.

Just a suggestion, considering some of the places scambaiting might take you on the web...get the live CD (it's FREE)

FBI Locked your Computer scam..	View next topic View previous topic