[Help! I'm stuck with FBI Ransomware Virus!]

Alright, so I was able to finally log in. I needed to update my drivers, badly (had 22 important ones out of date. Yikes!) and it stopped the BSOD that I was constantly getting. It seems just fine now, so I'll get back to you if any problem persists. Thank you so much for your guidence, and help. I've learned a bunch from this!

[Help! I'm stuck with FBI Ransomware Virus!]

Sorry, I keep getting a 'desktop is not accessible. Access is denied.' message if I boot it up normally.

[Help! I'm stuck with FBI Ransomware Virus!]

This is what I am getting if I log in normally. Caan't seem to get rid of it. Keeps popping up.

[Help! I'm stuck with FBI Ransomware Virus!]

Here you go! And I think you may have fixed the problem! I can open task manager, and the command promt! I'll boot it up normally, and see of the fixes carry across!

11242012_212752.log

[Help! I'm stuck with FBI Ransomware Virus!]

Here's the most recent ComboFix log for the user32.dll fix.

ComboFix.txt

[Help! I'm stuck with FBI Ransomware Virus!]

Alright, I'll do that now. This is what I get when I run ComboFix, with your updated script from earlier. (Screenshot)

[Help! I'm stuck with FBI Ransomware Virus!]

Here's the virus total scan URL:

https://www.virustotal.com/file/769154826a60361c9f9b8981b45dacce9b5d14f46d488c666a4a7bbbda29b791/analysis/1353787955/

[Help! I'm stuck with FBI Ransomware Virus!]

Here's the ComboFix log. Many thanks for your assistance!

Regards,

Chris

ComboFix.txt

[Help! I'm stuck with FBI Ransomware Virus!]

I'll run the combofix scropt, but I ran an ESET scan last night, and it got rid of over 16 threats. I think the 2 files you're speaking of got deleted, because I cannot find them. I'll post the log from the scan.

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=284614dd595e134cb71b4ded4475d99b

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-11-23 07:54:16

# local_time=2012-11-23 01:54:16 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776573 100 94 0 62474896 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=209941

# found=20

# cleaned=20

# scan_time=12608

C:\psneuter Android/Exploit.Lotoor.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\8ar28lsw.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Steph\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_001531 a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Steph\Local Settings\Temp\ICReinstall\cnet2_EWBackup_1-1-1006_dwn_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Steph\Local Settings\Temp\Temporary Internet Files\Content.IE5\KXUJK1AJ\com-comtribute-sntb[1].exe Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Steph\My Documents\Downloads\avc-free.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Steph\My Documents\Downloads\BestVideoDownloaderSetup-OL.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Steph\My Documents\Downloads\cnet_avc-free_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Steph\My Documents\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentrer.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\SystemRestore\FRStaging\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\8ar28lsw.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\SystemRestore\FRStaging\Documents and Settings\Steph\My Documents\Downloads\avc-free.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\SystemRestore\FRStaging\Documents and Settings\Steph\My Documents\Downloads\BestVideoDownloaderSetup-OL.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\SystemRestore\FRStaging\Documents and Settings\Steph\My Documents\Downloads\cnet_avc-free_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\SystemRestore\FRStaging\Documents and Settings\Steph\My Documents\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Chris and Steph\Downloads\Hirens.BootCD.15.2(1).zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Chris and Steph\Downloads\Hirens.BootCD.15.2.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Yes\Desktop\Hiren's.BootCD.15.2.iso multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\Desktop\hiren's.bootcd.15.1.iso Win32/PSWTool.KonBoot.A application (deleted - quarantined) 00000000000000000000000000000000 C

[Help! I'm stuck with FBI Ransomware Virus!]

The drivers disappeared. Couldn't find them.

[Help! I'm stuck with FBI Ransomware Virus!]

Here ya go!

ComboFix.txt

[Help! I'm stuck with FBI Ransomware Virus!]

I'll take a look at the drivers. none of them look familiar. And the .bat file is the one I use to open up the command prompt. It cannot be opened any other way.

[Help! I'm stuck with FBI Ransomware Virus!]

I've already tried this. Does not work. My boot up time is significantly faster, so I believe we're making head way. Any other suggestions?

Thanks,

Chris

[Help! I'm stuck with FBI Ransomware Virus!]

Clicking on the FBI page icon at the bottom, I can push it back to the task bar, kinda like you can click a program, and it will shrink back to the task bar. If I click on it again, the task bar disappears, but maybe this is progress?

Many thanks,

Chris

[Help! I'm stuck with FBI Ransomware Virus!]

I had another relative at the computer, and he deleted the files. It's still infected. I am able to log into a profile, but am greeted with the FBI fake warning page. I can log out, and log back in, and the task bar is accessible, so I can click on the script that is running. Thimg is, I can't start any program from shortcuts or anything, but I can from the start menu. I'm still at a loss as to what to do.

[Help! I'm stuck with FBI Ransomware Virus!]

Here ya go.

TDSSKiller.2.8.15.0_21.11.2012_19.44.59_log.txt

TDSSKiller.2.8.15.0_21.11.2012_19.42.53_log.txt

TDSSKiller.2.8.15.0_21.11.2012_19.30.44_log.txt

[Help! I'm stuck with FBI Ransomware Virus!]

Sorry! I totally read the instructions wrong. Here they are.

[Help! I'm stuck with FBI Ransomware Virus!]

There's no folder where the log files should be.

[Help! I'm stuck with FBI Ransomware Virus!]

This is what I get after I've run the scan. I rebooted as it told me to after I changed the parameters. Still nothing.

[Help! I'm stuck with FBI Ransomware Virus!]

Are you still here Mr. C?

[Help! I'm stuck with FBI Ransomware Virus!]

I just got a BSOD when I started the scan. It said CLASSPNP.SYS was the culprit.

[Help! I'm stuck with FBI Ransomware Virus!]

And no, it seem to have erased my system restore points. I may have disabled restore point (major fail, I understand), because when I boot up and select system repair, and system restore, the aren't any restore points available.

[Help! I'm stuck with FBI Ransomware Virus!]

No, I do not recognize it.

[Help! I'm stuck with FBI Ransomware Virus!]

Here are the logs.

Search.txt

FRST.txt

[Help! I'm stuck with FBI Ransomware Virus!]

I'm running in Safe Mode with Networking currently. Still can't log in normally.