HELP! FBI virus

Hello, I  have the FBI virus on my Toshibia laptop and can't get it off. I can't get into any versions of safe mode, or restore the computer to its previous version. I can't run any anti-virus software either. Please help!

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer. 
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.

Thank you for your reply
I created the rescue USB and plugged it in, I hit f12to boot from USB and it started doing its thing but then a window popped up that said "Update error: the server address is not correct" Then there's an option to hit ok. Should I just hit ok, or did I do something wrong?

it looks like Bitdefender was just trying to do an update...?

alilujah wrote:

it looks like Bitdefender was just trying to do an update...?

Were you able to run a scan with it?

I don't think so, because it wasn't that long from when I first started before it said checking for updates, then that window popped up. It never said "scanning" or anything. (It showed what I think was the bitdefender logo for a bit. then It went to the update thing)

If you can see this (if i did it right) this is what my screen looks like

And, you still can't boot to Safe mode or Normal mode?

I haven't tried anything yet. My screen is still what it looks like in the picture because I was afraid to do anything lol

Ok, try to boot in Safe Mode or Normal mode. If that doesn't work, you'll have to try this:It's a bit complicated but I'm sure if you follow the directions you'll get through it. This will allow you to boot your computer and run a scan. It will also give you the opportunity to save your important data to an external harddrive or DVD's just in case something goes south.
We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.
Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
  
• Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  
• Reboot your system using the boot CD you just created.
  
• Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  
• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved  in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
  
• Please post the contents of the OTL.txt file in your reply.
  

ok so just turn the computer off then right? Can I see what would happen if I hit ok on the update error window or no?

alilujah wrote:

ok so just turn the computer off then right? Can I see what would happen if I hit ok on the update error window or no?

Sure, give it a shot. It can't hurt much.

After I hit ok, it started scanning!  Is it possible it couldn't update because I have no internet connection? I noticed on the update option that it said it required an internet connection. Maybe that was just the problem? 

It's still scanning

Is it possible it couldn't update because I have no internet connection?

Yes, that's something else we'll fix. Please let me know how the scan turns out and whether or not you can boot you computer.

That's weird...the scan finished..but it says no threats have been detected. It says 0 for: infected items, Suspected tems, and deleted items.
It scanned 87828 files and seems to have found nothing wrong  ?
unless I missed something I did step away for about 10 minutes

I tried rebooting and it does the same thing. (It tries to do a Recovery of Factory Default Software. but then nothing happens) and it won't do anything until I restart it. Same thing with safe mode.

Ok, You will have to create the OTL rescue disk.

oh  it will also say
an error has occurred
ERROR : F3-F200-0002
press ok to turn off the computer

ok I never use cds anymore so I don't have any laying around (or dvds) can I do this with my flash drive?

Nevermind I found one, creating the disk now..sorry about that

I booted from the cd and got to a screen that says Choose an operating system to start and "Windows Setup" is highlighted is this the first step?

alilujah wrote:

I booted from the cd and got to a screen that says Choose an operating system to start and "Windows Setup" is highlighted is this the first step?

No, it should boot directly from the disk. Are you certain that you created the disk correctly? This is an ISO file and you will need a special program to burn the ISO file to the disk.

Im pretty sure I did it right, I downloaded the ISO burner from the link. And it created a cd. but Let me try it again to create it again and see what happens

Ugh, ok I made 3 cds and none of them work. I'm almost positive I did it right. I have used an ISO burner successfully in the past before. The programs that I burned on the cd are there. (I checked with the good laptop)
I'm using a CD-Rewritable disk. Is that ok? I'm thinking maybe I'm not booting from the CD right.
My boot menu looks like this
1. HDD/SSD -TOSHIBA MK6475GSX (S1)
2. ODD         TSSTcorp CDDVD TS-L633F (PM)
3. FDD         
4. LAN          ATHEROS Boot Agent
5. USB


I chose the second one because it's the only one that looks like its the boot from CD option but it's not doing what its supposed to
Hitting 'C' to boot from CD after startup doesn't work either.
I also tried changing the boot priority with the ODD CDDVD option as the first one and the HDD one as the second one..but that didn't work either...
Think you know what I'm doing wrong? Is CD-R the same as CD-Rewritable?

I'm using a CD-Rewritable disk. Is that ok? I'm thinking maybe I'm not booting from the CD right.

That's a good idea because they can be used over and over. It shouldn't affect the boot disk. I have mine on a CD-RW and it works. The only thing I can think of doing is to try the disk in another computer to see if it will boot that computer. If it doesn't, there's something wrong with the disk. Don't forget to change the boot order. BTW, your boot order looks correct.

Ok I tried the disk in this computer and REATOGO-X-PE started to load but then I got a blue screen, so I shut the computer down. I don't know could the hardrive be shot? How do I check to see if it's working properly?

on the infected computer I mean

I don't know could the hardrive be shot? How do I check to see if it's working properly?.

I think there's more going on with this laptop than malware. You could try running a diagnostic on the harddrive.
Run hard drive diagnostics: tacktech.com
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: imgburn to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
For Toshiba hard drives, see here:
Note : If you do not know how to set your computer to boot from CD follow the steps here

I'm not sure what you mean by make sure you select tool? There's several versions under Toshiba. which one do I choose?

alilujah wrote:

I'm not sure what you mean by make sure you select tool? There's several versions under Toshiba. which one do I choose?

You will need to select the correct program according to the make of harddrive in your laptop. You can open the back and get the information from the harddrive or do a search on-line to find the maker of the harddrive. The harddrive may not even be made by Toshiba.

The make of the harddrive is Fujitsu I just didn't know what version to do because there is a few to choose from.
I don't see how to put the diagnostics tool on a cd to use in the Toshiba laptop?

Well, I think I'm about ready to give up
Seems like everything I'm trying isn't working or I'm doing it all wrong...I appreciate all your help!

alilujah wrote:

Well, I think I'm about ready to give up
Seems like everything I'm trying isn't working or I'm doing it all wrong...I appreciate all your help!

I'm curious as to who do you know you have the FBI virus?

It's my Co-workers laptop and she said an FBI emblem popped up and said to pay 300 dollars to unlock her computer. I just researched it and found out that other people had the same problem. She tried calling the Geek Squad and they said they'd look at it but of course it would cost her money so I told her I'd consult with you guys to see if maybe I could fix it for her for free. It's kinda fun to fix things myself. But this is proving to be a challenge for me. Like maybe I got in way over my head :/

alilujah wrote:

It's my Co-workers laptop and she said an FBI emblem popped up and said to pay 300 dollars to unlock her computer. I just researched it and found out that other people had the same problem. She tried calling the Geek Squad and they said they'd look at it but of course it would cost her money so I told her I'd consult with you guys to see if maybe I could fix it for her for free. It's kinda fun to fix things myself. But this is proving to be a challenge for me. Like maybe I got in way over my head :/

As I said before this looks like a hardware problem that happened just as the malware was installed. You only hope now is to get the computer booted with OTL disk that you created or boot with the OS disk. If it still crashes, that would indicate a hardware problem.

I'm trying to do a rescue with Avira Antivir Rescue System. I'm able to run it and I think it's because I'm using a USB. Every time I try to use a disk it doesn't work. It's found several detections so far. One says a Trojan horse.
Should I try the OTL on a USB next?

alilujah wrote:

I'm trying to do a rescue with Avira Antivir Rescue System. I'm able to run it and I think it's because I'm using a USB. Every time I try to use a disk it doesn't work. It's found several detections so far. One says a Trojan horse.
Should I try the OTL on a USB next?

A trojan shouldn't cause those sort of problems on your computer. I don't believe OTL will work on a USB memory stick. If you could borrow a USB CD ROM that might get OTL running. Do you have the OS disk?

There were 18 detections. Could that cause them?
I don't have the OS disk, I can get it though. But like I said anything I try with a disk doesn't work.
Yeah I tried copying the files off of the OTL disk I made onto a USB and it didn't work.
I'm wondering why disks aren't working maybe the Cd drive is damaged, I don't know.
After the Avira scan it says to restart and quarantine the detected items but it still won't boot to windows so I can't do that.

Don't laugh at me... but can I use my laptop as an external drive like hook it up to the Toshiba somehow and access the CD drive that I know works?

alilujah wrote:

Don't laugh at me... but can I use my laptop as an external drive like hook it up to the Toshiba somehow and access the CD drive that I know works?

No, I don't think that will work. If the CDRom is not working on that computer you could try disconnecting the power supply to that laptop which would mean removing the battery for about 30 secs. That may get the CDROM working again. If that fails only a USB external CDROM drive will work to get the OTL or the OS disk to work.

Ok I'll try it...can't hurt anything

Ok that didn't work.


is reseating the harddrive something that I can do myself? if that's even the case... I've just been doing alot of research and want to rule the harddrive out. It's still listed in the BIOS screen does that mean it's still working? 
Also whenever I try to boot from a CD I notice that it says 
Check Cable Connection!
Exiting Intel PXE ROM
or something like that it disappears quickly

is reseating the harddrive something that I can do myself? if that's even the case

If you mean re-formatting here's some information about that.

To wipe the drive clean, re-format and reinstall the OS.

I've just been doing alot of research and want to rule the harddrive out. It's still listed in the BIOS screen does that mean it's still working?

The only way to check the harddrive is to run a diagnostic program on it. If you can remove the harddrive, a repair shop should be able to run a diagnostic on it.

so whenever I try to boot from a CD I notice that it says
Check Cable Connection!

That would indicate a cable to the CDROM is loose or disconnected. That should easily be checked.

That would indicate a cable to the CDROM is loose or disconnected. That should easily be checked.

Can you show me how to check it?

I have access to the Toshiba with something called Ubuntu right now. It's connected to the internet so I'm trying to see what I can do now.

Oh and my co-worker can't find her OS disk so hopefully I can find another way to install it maybe a download then try with the flash drive? Can I use a OS disk from my Lenovo Laptop on the Toshiba?

Can you show me how to check it?

You can check it out here.

Can I use a OS disk from my Lenovo Laptop on the Toshiba?.

Only if it's the same version that's on the other laptop.

Thanks for the info.
Got another question...I'm going to try to reinstall the OS with a flash drive. I found the download but I don't know which one it is either 32 bit or 64. Is there anyway to check out which one without booting to windows? Like in the BIOS or something?
Also, what would happen if I installed the wrong one?

alilujah wrote:

Thanks for the info.
Got another question...I'm going to try to reinstall the OS with a flash drive. I found the download but I don't know which one it is either 32 bit or 64. Is there anyway to check out which one without booting to windows? Like in the BIOS or something?
Also, what would happen if I installed the wrong one?

That information may be there. Can you access the BIOS? I don't think the OS will install if it is not the correct 32 or 64 bit.

I was thinking maybe the drivers won't work if it wasn't the right bitness...or whatever thats called, after reinstalling the OS for a 32 bit it says I have to install a driver for the network adapter. And everything on the screen kinda looks funny like all stretched out. I changed the resolution but it's still kinda weird
Yes, I could still access the BIOS.
My coworker now tells me she thinks it was a Windows 64 bit. So would it hurt anything if I installed the 64 bit?

My coworker now tells me she thinks it was a Windows 64 bit. So would it hurt anything if I installed the 64 bit?.

Most newer computer are 64 bit and it shouldn't cause too much trouble if you tried to install it.

Ok, thanks for letting me bug you. I moved my problems to the Operating Systems forum. I don't think this is a virus or malware issue anymore now it's just a 'I don't know what I'm doing' issue!
I'm confused :o