Not sure how it happened - but my computer has locked up with a bogus "FBI" logo and message requesting $300 to "unlock" my computer (what a bunch of crap!). After rebooting, the same message (FBI / locked computer) appears on the screen. Not sure why my Trend Micro virus software allowed this to happen...but guess that's a separate matter. What I've done so far:
1. Was able to boot the infected computer in Safe mode.
2. Per your site's instruction, I saved the adwcleaner and Malwarebytes programs onto a thumb drive on a separate (uninfected) computer and ran them on the infected computer (was unable to run directly from the internet on the infected computer.)
3. After running the programs, both indicated no viruses were found...making me wonder if I properly installed the programs. Here's the log file from AdwCleaner:
# AdwCleaner v2.115 - Logfile created 03/27/2013 at 14:37:09
# Updated 17/03/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Allred - ALLRED_FAMILY
# Boot Mode : Safe mode
# Running from : J:\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Users\Public\Desktop\eBay.lnk
***** [Registry] *****
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKU\S-1-5-21-3750444814-3653419749-3341479254-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16519
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.172
File : C:\Users\Allred\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1283 octets] - [27/03/2013 13:53:28]
AdwCleaner[R2].txt - [1218 octets] - [27/03/2013 14:37:09]
########## EOF - C:\AdwCleaner[R2].txt - [1278 octets] ##########
=================================================================
4. Note: when I ran Malwarebyte set-up program I got a couple of error msgs saying "a problem has occurred". I clicked 'ok' in the error msg dialog box and the program appeared to keep installing/running (I later rec'd a msg saying something about the subscription being outdated 102 days, etc.) but eventually was presented a screen that offered "Quick" or "Full" scans. I selected "Full scan" as your site instructed) and the computer chunked away for 30 minutes. Here is the resulting log file:
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2012.12.14.11
Windows 8 x64 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16519
Allred :: ALLRED_FAMILY [administrator]
Protection: Disabled
3/27/2013 2:02:10 PM
mbam-log-2013-03-27 (14-02-10).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 435316
Time elapsed: 32 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
========================================================
***After getting "no malicious" items, I set the infected computer to boot in Normal mode and re-booted to see if somehow the problem had resolved itself...but after logging into the computer I immediately got the same bogus FBI / computer locked screen.
Hope you can HELP!!!! - Thank you!
1. Was able to boot the infected computer in Safe mode.
2. Per your site's instruction, I saved the adwcleaner and Malwarebytes programs onto a thumb drive on a separate (uninfected) computer and ran them on the infected computer (was unable to run directly from the internet on the infected computer.)
3. After running the programs, both indicated no viruses were found...making me wonder if I properly installed the programs. Here's the log file from AdwCleaner:
# AdwCleaner v2.115 - Logfile created 03/27/2013 at 14:37:09
# Updated 17/03/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Allred - ALLRED_FAMILY
# Boot Mode : Safe mode
# Running from : J:\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Users\Public\Desktop\eBay.lnk
***** [Registry] *****
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKU\S-1-5-21-3750444814-3653419749-3341479254-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16519
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.172
File : C:\Users\Allred\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1283 octets] - [27/03/2013 13:53:28]
AdwCleaner[R2].txt - [1218 octets] - [27/03/2013 14:37:09]
########## EOF - C:\AdwCleaner[R2].txt - [1278 octets] ##########
=================================================================
4. Note: when I ran Malwarebyte set-up program I got a couple of error msgs saying "a problem has occurred". I clicked 'ok' in the error msg dialog box and the program appeared to keep installing/running (I later rec'd a msg saying something about the subscription being outdated 102 days, etc.) but eventually was presented a screen that offered "Quick" or "Full" scans. I selected "Full scan" as your site instructed) and the computer chunked away for 30 minutes. Here is the resulting log file:
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2012.12.14.11
Windows 8 x64 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16519
Allred :: ALLRED_FAMILY [administrator]
Protection: Disabled
3/27/2013 2:02:10 PM
mbam-log-2013-03-27 (14-02-10).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 435316
Time elapsed: 32 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
========================================================
***After getting "no malicious" items, I set the infected computer to boot in Normal mode and re-booted to see if somehow the problem had resolved itself...but after logging into the computer I immediately got the same bogus FBI / computer locked screen.
Hope you can HELP!!!! - Thank you!