Skip to content

Remove FBI Virus, Removal of Fake FBI virus

July 26, 2012

People, i am going to be honest. Whoever created the new FBI fake scam is the funniest person ever. You should see the looks on peoples faces when they come in and tell us the FBI is onto them for pirating music and videos. It makes my day, and for that i am greatful.

Conversation with customer who called today

Me “hello, **** ******, how can i help you?”

Customer “Can you please keep a secret….”

Me “………..” < long pause “yes?”

Customer “i was downloading movies illegally when an FBI warning came up. I did what it said and i have a 200 dollar moneypac card i just bought, but i am unsure on what to do from here”

Me “Really? Did you scratch it off yet”

Customer “No, should i do that now?”

Me “No! dont scratch it off, you are going to go to the store you bought it at, and beg them to return it since you didnt scratch it, then you should bring your computer in so we can remove that for you…its fake.”

Customer “Are you sure, it looks real?”

Me “Trust me im sure. If the FBI wants you, they dont send you to the store to get moneypac cards”

Customer “ye….i guess now that i think about it, it doesnt make much sense. I will be in soon”

A few quick comments on this:

1. If the FBI was onto you for pirating stuff, they wouldnt warn you, they would kick in your doors with  a warrant, pull you out of your house, take every computer, flash drive, and hard drive you own, and then, and only then, would they tell you that they were onto your illegal actions.

2. What the fuck does the FBI want with your webcam? If the FBI wants a picture of you, they dont turn on your webcam and take one, they call their friends at the DMV or a whole host of other places and get them.

3. This is by far my favorite. The FBI wants moneypac? Your fucking kidding me right? You think for one second the FBI is going to black mail you with a  moneypac?

**THE FIX

Ok so i decided to post an actual fix due to the fact that this virus has changed its shape quite a bit over the past few months.

1. You can download a bootable cd or dvd so you can gain access to the windows file system. If you have no idea what i am talking about do this.

2. Press f8 while starting the computer. When a list appears select the repair your computer option and press enter.

3. Once inside, enter login information and then look for command prompt.

4. type c:  and press enter. Then type dir and press enter. If you see what appears to be your file system (program data, users, etc…..) then you have the correct drive. If not type d: and then type dir and see if you can see you file system there.

5. Once you have the file system type cd c:\programdata

6. Type del *.exe

(this should delete the executable that it uses)

7. Once loged back into the OS, make sure you run a virus scan.

**if you do end up booting off a cd and can access you file system, locate the windows file system and navigate to the program data folder. Make sure you delete any executable files inside there EVEN IF THEY LOOK LEGIT. We have seen this virus name itself as a real program . Do not worry, just delete it.

As always, enjoy. AND please people, think a little here. Commonsense goes a long way.

 

******EDIT*******

You may want to use del *.* on these folders, as many of the newer forms of this virus have been using skype.dat among other names and extensions for the launching of the application. It now makes itself look like its a real program as opposed to being named something crazy and random that you know you can delete.

Advertisements

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: