Knightmare Posted February 7, 2014 Share Posted February 7, 2014 My friend's computer was infected with this virus. They are running Windows 8 and they were on a site that doesn't even sound real. Anyway, I ran my typical scans to remove the infection, but the scans do not detect any infected files. The weirdest part is that the virus is affecting the IE app on the start menu only. If I access IE from the desktop, it works fine. Is there a way to uninstall and reinstall the IE app? I tried looking online but had no luck in finding a solution. Quote Link to comment Share on other sites More sharing options...
SnakeMasteR Posted February 7, 2014 Share Posted February 7, 2014 (edited) http://malwaretips.com/blogs/fbi-cybercrime-division-virus-removal/http://www.bleepingcomputer.com/virus-removal/remove-fbi-cybercrime-division-ransomware Edited February 7, 2014 by n0_risk! Quote Link to comment Share on other sites More sharing options...
locolol Posted February 7, 2014 Share Posted February 7, 2014 A few weeks ago I removed a variation of it booting with Hiren's Boot CD (Mini XP) and then using:RogueKillerRkillAdwCleanerJunkware Removal Tool(Before that i tried to use the Hitman-Kickstart method but no luck)Hope it helps -_- Quote Link to comment Share on other sites More sharing options...
cruelsister Posted February 7, 2014 Share Posted February 7, 2014 (edited) These ransomware trojans basically act in the same way. When the initial file is run, it will spawn off a payload which causes the system freeze usually in the directory Users/(whatever the computer name is)/App data/Roaming. You will see either an exe or a dat file there. Sometimes it may be in Users/(whatever the computer name is)/App data/Roaming/Microsoft.The problem is that most of these things will also start up in Safe Mode, so no help there. The best way to manually remove it would be to start the computer in Safe Mode with Command Prompt (this will work in ~98% of the cases). So boot into this (safe mode with CP) and at the command prompt window type explorer . You will then see the desktop show up beneath the Command Prompt Window. Now close the CP windows and get into whatever file manager is on the system (windows explorer will do). Go into the directory I listed above and look for the file in Roaming and delete it. Remember that in the root Roaming directory there should be NO exe OR dat files hanging out. If you see one, there is the issue. These things are actually really easy to manually fix with the steps above. Shouldn't take more than a minute t do it.When things are cleaned up and you can boot into Windows download and install Malwarebytes. Run it to clean any registry entries that point to the file you previously deleted.Finally, note the link to Malwaretips given above. Lots of smart folks there just waiting to help out. Edited February 7, 2014 by cruelsister jabrwky 1 Quote Link to comment Share on other sites More sharing options...
mike.mt Posted February 7, 2014 Share Posted February 7, 2014 My friend's computer was infected with this virus. They are running Windows 8 and they were on a site that doesn't even sound real. Anyway, I ran my typical scans to remove the infection, but the scans do not detect any infected files. The weirdest part is that the virus is affecting the IE app on the start menu only. If I access IE from the desktop, it works fine. Is there a way to uninstall and reinstall the IE app? I tried looking online but had no luck in finding a solution.@Knightmare..If I'm reading this correctly the Win8 Start Menu Tiles Internet Explorer link has become corrupted by the nasty....I take this is so as from your post you are able to install & scan with A/V , Anti-malware apps, open Windows Explorer etc..If after running with latest defs of Malwarebytes & other good removal solutions that members above have suggested... All is OK...You will probably have to manually edit & reset the corrupted link..... I am unaware of an auto fix for this..... If there is one, maybe another member can point you in the right direction??Hoping you get a speedy result!! Quote Link to comment Share on other sites More sharing options...
jackieo Posted February 7, 2014 Share Posted February 7, 2014 (edited) MoneyPak here ya go, :) try this Fake FBI MoneyPak scam If that doesn't work maybe try this... How to use Trend Micro AntiRansomware Toolhttp://esupport.trendmicro.com/soluti...Download AntiRansomware Toolhttp://esupport.trendmicro.com/media/... Britec Homepagehttp://www.briteccomputers.co.uk Edited February 7, 2014 by jackieo Quote Link to comment Share on other sites More sharing options...
Knightmare Posted February 11, 2014 Author Share Posted February 11, 2014 My friend's computer was infected with this virus. They are running Windows 8 and they were on a site that doesn't even sound real. Anyway, I ran my typical scans to remove the infection, but the scans do not detect any infected files. The weirdest part is that the virus is affecting the IE app on the start menu only. If I access IE from the desktop, it works fine. Is there a way to uninstall and reinstall the IE app? I tried looking online but had no luck in finding a solution.@Knightmare..If I'm reading this correctly the Win8 Start Menu Tiles Internet Explorer link has become corrupted by the nasty....I take this is so as from your post you are able to install & scan with A/V , Anti-malware apps, open Windows Explorer etc..If after running with latest defs of Malwarebytes & other good removal solutions that members above have suggested... All is OK...You will probably have to manually edit & reset the corrupted link..... I am unaware of an auto fix for this..... If there is one, maybe another member can point you in the right direction??Hoping you get a speedy result!!How do I manually edit and reset the link? I've tried to remove and pin it again, but that didn't work. Quote Link to comment Share on other sites More sharing options...
mike.mt Posted February 11, 2014 Share Posted February 11, 2014 My friend's computer was infected with this virus. They are running Windows 8 and they were on a site that doesn't even sound real. Anyway, I ran my typical scans to remove the infection, but the scans do not detect any infected files. The weirdest part is that the virus is affecting the IE app on the start menu only. If I access IE from the desktop, it works fine. Is there a way to uninstall and reinstall the IE app? I tried looking online but had no luck in finding a solution.@Knightmare..If I'm reading this correctly the Win8 Start Menu Tiles Internet Explorer link has become corrupted by the nasty....I take this is so as from your post you are able to install & scan with A/V , Anti-malware apps, open Windows Explorer etc..If after running with latest defs of Malwarebytes & other good removal solutions that members above have suggested... All is OK...You will probably have to manually edit & reset the corrupted link..... I am unaware of an auto fix for this..... If there is one, maybe another member can point you in the right direction??Hoping you get a speedy result!!How do I manually edit and reset the link? I've tried to remove and pin it again, but that didn't work.Check that IE is set to be default browser, otherwise according to posts elsewhere the tile will not work...To reset Win 8.* start screen to default tiles:-http://www.howtogeek.com/178667/how-to-reset-the-windows-8.x-start-screen-to-the-default-tiles/ Quote Link to comment Share on other sites More sharing options...
Knightmare Posted February 11, 2014 Author Share Posted February 11, 2014 Check that IE is set to be default browser, otherwise according to posts elsewhere the tile will not work...To reset Win 8.* start screen to default tiles:-http://www.howtogeek.com/178667/how-to-reset-the-windows-8.x-start-screen-to-the-default-tiles/Thanks! I'll give this a try Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.