Sign in to follow this  

FBI Virus.Get it off

Recommended Posts

Howdy Krist and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    This time, click on the Clean button.
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!



Please download Malwarebytes' Anti-Malware to your desktop.

    * Double-click  mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to  Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware, then click  Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select  Perform quick scan, then click Scan.


When the scan is complete, click  OK, then  Show Results to view the results.


    *  Then click  Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or via the Logs tab when the application is started.

Please don't attach the scans / logs, use "copy/paste".

Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes log

Share this post

Link to post
Share on other sites

Krista try this >> Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from this location:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  * Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    *  See this Link >>> <<<  for programs that need to be disabled and instruction on how to disable them.
    *  Remember to re-enable them when we're done.

    *  Double click on ComboFix.exe & follow the prompts.

    *  As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    *  Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


1.Do not mouse-click Combofix's window while it is running. That may cause it to stall
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of  ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4.  CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.   

Give it atleast 20-30 minutes to finish if needed.

 Please do not attach the scan results from Combofix. Use copy/paste.   


Share this post

Link to post
Share on other sites

OK Krista, back to square 1 i think !


That is if your husband downloaded the Farbar Tool, did he use the flash drive or a disk ?





Download this to any computer using a flash drive !!
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save  it to a flash drive. >>>
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. >>>
Plug the flashdrive into the infected computer.
Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

   *  Restart the computer.
    * As soon as the BIOS (Beeping) is loaded begin tapping the F8 key until Advanced Boot Options appears.
    * Use the arrow keys to select the Repair your computer menu item.
    * Select English as the keyboard language settings, and then click Next.
    * Select the operating system you want to repair, and then click Next.
   *  Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

        * Startup Repair
        * System Restore
        * Windows Complete PC Restore
        * Windows Memory Diagnostic Tool
        * Command Prompt
    * Select Command Prompt
    * In the command window type in notepad and press Enter.
    * The notepad opens. Under File menu select Open.
    * Select "Computer" and find your flash drive letter and close the notepad.
    * In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    * Note: Replace letter e with the drive letter of your flash drive.
    * The tool will start to run.
    * When the tool opens click Yes to disclaimer.


* Press Scan button.
* It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Share this post

Link to post
Share on other sites

Seeing how there has been no response in 5 days this topic is locked ! If you need it opened please PM me or another Mod !




Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this