After about 4 years of not working MAJORLY with Windows (I only repair Linux desktops now). My uncle calls me tonight and tells me that the FBI has siezed control of his computer and will not allow him to have it back b/c they said he was doing something illegal with it. . . To be clear, I had never heard about this virus before so I was like "???". Apparently, it siezes control of your desktop, doesn't allow you to get on the Internet (routes everything through a proxy that denies you service), and then displays a box of your webcam, warning that they're even recording you. . . The user is forced to pay $200 to unlock the computer. :( Really creative concept :) but a big pain in the kisser. :(

I am reminded of the occasional email I receive claiming to be from the FBI. Jurisdictional issues aside, I'd be surprised to receiving a genuine warning email from the FBI sent from a Yahoo or Hotmail email address.

I am reminded of the occasional email I receive claiming to be from the FBI. Jurisdictional issues aside, I'd be surprised to receiving a genuine warning email from the FBI sent from a Yahoo or Hotmail email address.

The worst part is, he was actually going to pay the $200 to have it unlocked. . .

I've finally stopped repairing customer computers with scareware installed. THe best way I've found is to download combofix (http://www.bleepingcomputer.com/download/combofix/) to a usb thumb drive.

Then start the system in safe mode, disable virus protection, copy the executable to the infected system, and install it.

Next open a terminal as an administrator, click Start->Run and type cmd, and then press Shift-Ctrl-Enter, then navigate to where you installed combofix, and type combofix.

Depending on how badly infected the system is, it should take 10 - 15 minutes for combofix to run, it will tell you when the system is ready to reboot.

I usaully run a live version of Ubuntu and scan it with clam-tk. Works for me but I hate and love (at the same time) how creative black hats have become.

But after you recovered the data files you were successfully able to upgrade your uncle to Linux so it won't happen again, right? :)

I WISH. Unfortunately, Netflix is a must have for a LOT of people. Everyone I haven't been able to convert to Linux, it was because of Netflix :(.

After about 4 years of not working MAJORLY with Windows (I only repair Linux desktops now). My uncle calls me tonight and tells me that the FBI has siezed control of his computer and will not allow him to have it back b/c they said he was doing something illegal with it. . . To be clear, I had never heard about this virus before so I was like "???". Apparently, it siezes control of your desktop, doesn't allow you to get on the Internet (routes everything through a proxy that denies you service), and then displays a box of your webcam, warning that they're even recording you. . . The user is forced to pay $200 to unlock the computer. :( Really creative concept :) but a big pain in the kisser. :(

That's the coolest virus I've ever heard of. :)

That one is quite creative. First I've heard of it but I am sure that it will be making the rounds.

It's amazing just what people will fall for. After all, why would a government agency tell you that you are doing something illegal, so pay them $200 and go ahead and carry on with whatever it was they were doing.

That's the coolest virus I've ever heard of. :)

I have to admit a certain level of admirability towards the idea. The person themselves is low down **** :) but it's the best thing as far as viruses go, that I've ever seen.

Reveton/FBI ransomware - exposed, explained and eliminated [VIDEO]

http://nakedsecurity.sophos.com/2012/08/29/reveton-ransomware-exposed-explained-and-eliminated/

That's the coolest virus I've ever heard of. :)

Not as cool as the Selectronic virus:

http://www.youtube.com/watch?v=5Ry30c8M8rE

(honestly, it's so cool I'm not even sure it's a virus)

Personally, I don't trust compromised installs, and I wouldn't even bother to fix it. My suggestion would be to nuke the hard drive with DBAN, and then reinstall Windows.

http://www.dban.org/download

Personally, I don't trust compromised installs, and I wouldn't even bother to fix it. My suggestion would be to nuke the hard drive with DBAN, and then reinstall Windows.

http://www.dban.org/download

Good Point! You never know what else could be hidden.

When you reinstall you might reinstall into a virtual machine using VirtualBox. That would allow him to take a snapshot of a clean system and use that any time he wanted to use Netflix.

Not as cool as the Selectronic virus:

http://www.youtube.com/watch?v=5Ry30c8M8rE

(honestly, it's so cool I'm not even sure it's a virus)

That's pretty cool, but I don't think it tops this FBI virus.

Last time the FBI wanted to look at my computers, the put them in big boxes labeled "EVIDENCE", gave me a receipt and drove away in black SUVs. ;)

I WISH. Unfortunately, Netflix is a must have for a LOT of people. Everyone I haven't been able to convert to Linux, it was because of Netflix :(.

Can somebody start a petition in conjunction with this forum/community and then present it to netflix or something? Somebody really needs to slap them round the chops and get them to WAKE UP!

But then again silverlight is a windows invention isn't and everyone and his techno-dog has decided that computers that don't fart money are heretic.

sorry to thread hijack.

Although creative unless an attachment of abseiling agents smash through the windows i'm not going to mess my pants ;) (I hope of course)

heh.

I regularly receive emails of the FBI Special Response Team, and the Nigerian government managing to secure money, and let me keep a portion.

No offence, but its always been Nigerian governments. Not South Africa, Zimbabwe, but Nigeria.

/me thinks spammers should be more creative at least

^ In the past, got "Nigerian scam" emails from Greece, Trinidad and Tobago and some latin country I can't remember.

One of the first great uses I found for Linux was cleaning windows boxes. Just grab some live CD with NTFS access and you can get rid of any rootkit with some experience.

Sounds like Ransomware (http://en.wikipedia.org/wiki/Ransomware_%28malware%29) to me.

heh.

I regularly receive emails of the FBI Special Response Team, and the Nigerian government managing to secure money, and let me keep a portion.

No offence, but its always been Nigerian governments. Not South Africa, Zimbabwe, but Nigeria.

/me thinks spammers should be more creative at least

I even have a web page (http://lisati.homelinux.com/friends.php) to keep such people supplied with email addresses.

I actually had a pastor come in today to see me because he was affected by the FBI bug. Seems to be a really easy fix with the likes of malwarebytes, combofix and ccleaner. Of course this is one of the reasons that I have made the switch to Linux so I do not have to worry about the headaches of windows.

That's the coolest virus I've ever heard of. :)
That was my reaction, too!

That one is quite creative. First I've heard of it but I am sure that it will be making the rounds.

It's amazing just what people will fall for. After all, why would a government agency tell you that you are doing something illegal, so pay them $200 and go ahead and carry on with whatever it was they were doing.

You're joking, right? They call it 'taxes', 'business fees', and sometimes even 'fines'. The government is very creative.

After about 4 years of not working MAJORLY with Windows (I only repair Linux desktops now). My uncle calls me tonight and tells me that the FBI has siezed control of his computer and will not allow him to have it back b/c they said he was doing something illegal with it. . . To be clear, I had never heard about this virus before so I was like "???". Apparently, it siezes control of your desktop, doesn't allow you to get on the Internet (routes everything through a proxy that denies you service), and then displays a box of your webcam, warning that they're even recording you. . . The user is forced to pay $200 to unlock the computer. :( Really creative concept :) but a big pain in the kisser. :(

I have seen a few variants of these "viruses" - actually they are not viruses (at least the versions i have seen), only a program that starts with user rights and does this or that - the variants i have seen were saying that the computer has hdd errors or they are virused (had various names, windows antivirus, system cleaner and the like) and did not let programs to launch - typically they also hid everything on the hdd to the extent of user access. Pain in the @$$ recovering start menu/control panel items, and sometimes the start menu settings were messed with also, disabling stuff there.
But usually the fix was quite easy - launch a terminal (ahem, commmand line), tasklist (task manager was always disabled), identify the randomly-named executable(s), taskkill them (usually there is an active process and a monitor that restarts it if killed, so the monitor has to go first) then proceed to actually remove them both the actual executable and their registry entries (the free sysinternals autoruns is very very handy for this job).
Then did a Malwarebytes + the installed antivirus scan to wrap up stuff if something was left. Worked every time.
The one thing that its not entirely clear to me is the vector of infection. The only common thing was using IE as browser and all of them browsed "safe" sites (meaning not porn/warez/etc)...