Could Not Detect FBI Virus On Infected Machine

[Opcode]

I'm a college student moonlighting as a part-time computer tech. Today, I was sent to remove the FBI Virus from a home user's computer, something I have done for several other people. This time, though, I was unsuccessful.

I'm a firm believer in booting infected computers from an uninfected drive. So, I have Malwarebytes on a DVD running Windows PE, so I can boot from it at client's homes. As you know, the FBI Virus blocks all user access to the computer when booting to the regular desktop, and sometimes--as in this case--prevents booting into Safe Mode, too. I also have BitDefender 2012, which boots from a Linux disk. Finally, I have Microsoft Security Essentials loaded on a laptop.

Usually, Malwarebytes takes 1.5 to 2 hours to scan a computer, but it only needed 19 minutes to scan this client's computer. It failed to find any infected files, though. I then ran BitDefender. It also needed an unusually short time (17 minutes) to scan, and it also failed to find any infected files. So, I removed the hard drive from the client's system and hooked it up to my laptop via my USB port and ran Security Essentials on its partitions. I had to stop the scan after 515,000 files scanned in 2 hours.

The client had an old Dell OS disk, but it was unable to find the version of Windows on the machine (it said it could not work on systems prior to Vista, and the client was using Windows XP). I was able to gain command line access using this disk, but not much else. I also could use a DOS utility on one of my own disks to give me some command line access, but accessing NTFS partitions required me to load a utility that couldn't run with anything else.

I went to the command line and searched for files known to be associated with FBI Virus. I could not find any. I also checked file attributes, to ensure I saw all hidden files. I attempted to run explorer from the command prompt, but the system returned to the command line without any indication after I launched the command. I also attempted to run system recovery from the CLI, but it also returned to the prompt without comment.

I attempted to get into Task Manager from the desktop, but FBI Virus blocked my keystrokes.

I've never had this happen, that I could not find any trace of an infection that I could see was there. What do you make of it? What else could I have tried?

Sorry, I don't have any log files.

Thank you.

[daledoc1]

I'm a college student moonlighting as a part-time computer tech. Today, I was sent to remove the FBI Virus from a home user's computer, something I have done for several other people.

Hi and welcome, Opcode:

Unfortunately, no one security program -- even MBAM -- can possibly detect and remove every infection.

(The FBI Moneypak has proved to be a real challenge, because new variants appear every hour of every day.)

We don't work on malware-related issues in this particular section of the forum.

Since you are a computer tech, your MBAM corporate license entitles you to support directly from the corporate helpdesk.

The team there will assist you with cleaning the infected computer, if you still need help.

Please contact corporate support HERE.

Please make sure you have malwarebytes.org and salesforce.com in your Safe Sender list in your email program.

In order to assist you better please provide the following information when contacting them:

Cleverbridge Order Reference Number:

Organization name:

Approved Contact name:

If you no longer have access to the order number, you can contact Cleverbridge to obtain information about your order:

Cleverbridge customer service

cs@cleverbridge.com

Phone: +1-866-522-6855

Monday - Friday: 8:00 AM - 8:00 PM (CST)

Thank you very much,

daledoc1

[danacton]

Sorry if I posted in the wrong place, I just wanted to contribute something that helped me.!

[AdvancedSetup]

Actually I've removed your post Danaction. Though we certainly thank you for your concern and willingness to help others which is to be commended however many infection must be removed a specific way or it can cause more trouble. Its much better to have someone with experience assist you with trying to remove such an infection.

One should also always have a backup of their data on an external drive - there are some infections that control data that cannot be removed.