http://www.winknews.com/Local-Florida/2012-07-23/Call-for-Action-FBI-computer-scam-warning

My Dad's Vista Home Premium laptop is now infected with this virus and I don't know how to tell him to fix it. He has Avira, SuperAnti spyware, SpywareBlaster, SS&D, AdAware. Is there anything I can do to help him get rid of that nasty virus? He can't get online at all. Is his information on his PC safe??

I need the safest, easiest, step by step directions, I C a lot when I google but I'd like a most trusted source if you all can recommend one please.

Thanks

Edit: Dad says Avira free detected the virus but it was after he hit "remove" that he got infected with it :(

If I remember correctly, your dad is in another state. If he isn't tech savvy enough to download some software tools on another computer and take them to his computer on a CD or flash drive, then he will need assistance from somebody who is technical.

I saw this infection the other day. I used ComboFix and Malwarebytes to remove it.

None of the security programs on the computer now will help because internet access is blocked and they can't get updates. You really need to get rid of Adaware, and I don't remember the last time I used Spybot, although it may still be a useful program.

Quote:

If I remember correctly, your dad is in another state. If he isn't tech savvy enough to download some software tools on another computer and take them to his computer on a CD or flash drive, then he will need assistance from somebody who is technical.

You have a good memory! I think he can handle that! I haven't used the ComboFix prog before but I've used Malwarebytes. Will these have to be run in safe mode? Not sure he can access his desktop? I'll have him DL these and go from there, hopefully he can do this tomorrow and I'll post back, thank you :--)

Edit: my concern with the Combo Fix is that if he doesn't have the windows recovery console installed then there will be now way for him to install it since he is unable to access the internet because of the virus he now has so then the ComboFix will be of no help right?

I don't have it either (recovery console)and I ran it about a week ago with no problems (not saying that is always the case). It tries to create a restore point before proceeding and just tell him to just leave it alone even if it takes a while as it can stall out if you click on the window.You don't really install this just run it.

ComboFix DOES install when you run it, but not in the conventional way. After you get everything all cleaned up, go to the Run window (Windows key + R) and type in "combifix /uninstall" to uninstall it.

Ran it a while back maybe a week ago and I tried your command and it just says it can't find it.I just thought it did it itself when it ended.

The uninstall won't work if you've already deleted the Combofix.exe file. But just deleting it doesn't uninstall it.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Quote From MajorGeeks cortious of Kestrel13!

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /uninstall
Notes: The space between the combofix" and the /uninstall, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Next time I will read things myself instead of going on other people's instructions :).

There is no recovery console in Vista. Just run combofix, it will be fine. As mentioned by someone else, uninstall or disable Avira first.

Ok, will do.

Once he gets these two programs installed on a flash drive then what should his next steps be to get rid of this nasty virus so I can talk him thru it?

I'd uninstall Avira first because it can conflict with Combofix.
Copy Combofix to the desktop, and run it.
When its done, attach the log file here for review if possible.

Thanks, I wouldn't have thot about that!

EDIT: The flash drive my Dad will use to DL those progs on is not blank. My next question is, will the flash drive get infected with the virus from his computer??

No way to know for sure. If it has important data on it, make sure it's backed up or use another flash drive or a CD-R. Flash drives shouldn't be used to archive data anyway, they are too vulnerable and unreliable.

I can't guarantee anything, but I'd say with 99.9999% confidence that the flash drive will not get infected with anything. Its always a good idea to back up data though.

I would just like to point out how representative this thread is of the value of this forum. Where else on earth can a person get the outpouring of neighborly help such as from those who have posted above??? Damned near gives me goose bumps to think about it!

I just cleaned up another PC with this infection. Couldn't do anything from normal or safe modes, had to use safe mode with command prompt. Then was able to navigate to my flash drive, E: in this case, and run combofix.exe. This removed the infection.

Did it take a while running from the flash drive?

No, the combofix.exe file that I carry with me is downloaded from bleepingcomputer.com. This installs and runs combofix on the c: drive.

Dad ran the mbam scan after installing as late a version as he could but that didn't get rid of the moneypak virus for him. Before installing the ComboFix he ran his AdAware and that fixed his problem since he was then able to get back online after doing so. I had long given up on AdAware but I will have to rethink that one now!

My question is now, how do I know the virus is totally gone? Should we still run ComboFix if his PC seems to be running properly now? I'm not familiar with ComboFix and from what you all say it's a lil' more complex of a prog. Thanks for all the help. Do I have to uninstall my antivirus or just disable it to run ComboFix?

I would run these three

TDSKiller
http://support.kaspersky.com/faq/?qid=208283363

Hitman Pro (30 day free trial)

http://www.surfright.nl/en/hitmanpro/

and Malwarebytes

If he can get on the internet his machine is no longer locked down so running those three above will probably clean up what is left, and there will probably be some odds and ends still there in different locations.

I've never seen these programs have any problems with antivirus scanners but you could disable yours if you want to.

I would explain to him after he is cleaned up how to delete all his system restore points and then create a new one.

I ran MalwareBytes in Safemode. It didn't find anything. I used my laptop to download ComboFix to the desktop of the laptop and then burned it to a CD. I put the CD into my infected computer, but had to do it in stages, because with ComboFix, you're supposed to close most of your antivirus, and malware programs (SuperAntiSpyware is okay to keep running). It took a few restarts to close all the programs I needed to, because the virus would show up again and lock things up; so I did a restart, closed another program, etc. Anyway, I got them closed and ran ComboFix off the CD and everything is now fine. Once ComboFix starts running, it just keeps going, even though the virus tries to start up again.

I called the FBI in San Francisco and passed on the info on ComboFix. They were glad to have the information.

I didn't even think about creating a new system restore point and deleting the old ones! Makes sense. Lil scary in a way since I haven't even done something like that in ages. I will have to be careful in this matter. Any further tips much appreciated. Thanks.

Some interesting info about the FBI Warning infection.

http://krebsonsecurity.com/2012/08/inside-a-reveton-ransomware-operation/

thanks..