[I've been hit with the FBI Ransom Malware.]

Okay, ran RogueKiller again and deleted the two items. Ran the Anti-rootkit and it said no cleanup is needed. Only one log was found, the system-log.txt, which is attached. Everything is looking good. I thank you very much.

 

Mikesystem-log.txt

[I've been hit with the FBI Ransom Malware.]

Okay, ran it and here is the report:

 

RogueKiller V8.6.12 [sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3, v.3264) 32 bits version
Started in : Normal mode
User : Fire1 [Admin rights]
Mode : Scan -- Date : 09/23/2013 18:55:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ SECU][PUM] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ SECU][PUM] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ SECU][PUM] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 2 ¤¤¤
[Administrator][Rans.Gendarm] msconfig.lnk : C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\msconfig.lnk @C:\WINDOWS\system32\rundll32.exe c:\docume~1\alluse~1\applic~1\ri6zwi.dat,FG00 [-][-][x] -> FOUND
[Fire1][Rans.Gendarm] msconfig.lnk : C:\Documents and Settings\Fire1\Start Menu\Programs\Startup\msconfig.lnk @C:\WINDOWS\system32\rundll32.exe c:\docume~1\alluse~1\applic~1\ri6zwi.dat,FG00 [-][-][x] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ( @ )  -  +++++
--- User ---
[MBR] 7108622ecbff1dd410576848592d108f
[bSP] e82bf694fe43c6b7390da1003ba6e9e5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09232013_185521.txt >>

 

 

[I've been hit with the FBI Ransom Malware.]

Running the unlocker was the trick. I have control of my computer now but I'm getting a run error now. I can't attach or paste the pix of it. Any ideas on how I can get it to you?

Mike

[I've been hit with the FBI Ransom Malware.]

I'm pretty sure I've done that but I'll do it again. I'll let you know.

 

Mike

[I've been hit with the FBI Ransom Malware.]

Hello,

 

Thanks to my son, my laptop has been infected with the FBI ransom malware. After logging in, everything seem fine but at the end of loading profile, I get a screen basically saying that I have been to an illegal website and wanting money to unlock my computer. Of course, it is locked up and I can not do any thing. I get the same in "Safe Mode" login too. I'm running Windows XP and the current version of Malwarebyte didn't stop it from entering. Any help would be appreciated.

 

Thanks,

Mike