FBI virus and unable to get to Safe Mode

[frode34]

Have the FBI warning virus. Running XP, on a 64 bit computer.

Need assistance in removing and cleaning up.

Thanks

[D-FRED-BROWN]

Hello frode34 and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

I'd like you to download the Kaspersky Rescue Disk and run it from a USB device. There are detailed instructions available on Kaspersky's official website, here: http://support.kaspersky.com/8092

After you have run the utility on the infected computer, please copy and paste the logfile here for me to see.

If at any point you have questions regarding how to proceed, please let me know immediately.

Let me know how things go.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

[frode34]

Hi D-FRED-BROWN.

I have the Kaspersky USB rescue disk on USB. Having trouble getting the computer to boot from USB. Don't see a BIOS setting

as described on the Kaspersky web site. Will do some research and get back to you.

Thanks for the help

[D-FRED-BROWN]

No worries. If you can't get it to boot from USB, it's also possible to burn it to a CD. Let me know if you can't get it to work from USB.

[frode34]

Doesn't look like the USB is going to work. Going to need to use a CD/DVD.

My bootlist has the DVD drive a #1. Is it as simple as moving the USB file over

to CD? and booting from it?

[D-FRED-BROWN]

No worries. You'll have to burn the .Iso file to a CD/DVD. Here are the insructions from the Kaspersky website: http://support.kaspersky.com/us/faq/?qid=208286084

Let me know how things go.

[frode34]

I burned the Kaspersky .iso file on the dvd. Only have the dvd in the boot list now as the first device.

I get the error: Disk boot failure,insert system disk and press enter. I tried a few times. I'll try burning it

again on another dvd. Let you know how that goes.

Question: just to make sure.....the iso file is the only file I need on the dvd to allow it to boot?

[D-FRED-BROWN]

Yeah the .iso should be the only one. If it doesn't work this time, let me know and we'll try something else.

[frode34]

OK. Tried the Kaspersky .iso file again, downloaded and burned to another cd. Same error, Disk Boot error, insert system disk......

Need to try something else. Let me know what to to try next.

Thanks.

[D-FRED-BROWN]

Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

Please print this guide for future reference!

You will need a blank CD, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

1. Download and Run Ultimate Boot CD for Windows

• Save it to your Desktop.
  
• Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
  
• Follow all of the instructions/prompts that come up.
  NOTES:
  
• Do not install to a folder with spaces in it's name.
  
• Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.
  

2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive

• Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
  
• Click "I agree" to the Builders License.
  
• Click NO to Search for Windows Installation Files
  
• Make the following selections from the Main Screen that pops up:
  
  • Builder
    
  • Source:(path to Windows installation files)
    
  • Enter the path to the drive where your XP CD is located.
    
  • You can click on the "..." button on the right to navigate to the path as well.
    

  [*]Custom: (include files and folders from this directory)

  • No information is necessary, leave blank.
    

  [*]Output: (C:\ubcd4win\BartPE)

  • Keep the default BartPE
    

• Media output
  
• Choose Create ISO image
  

• Do not choose Burn to CD/DVD
  

Please note: If your XP install disc is SP1 then please .....

• Disable- DComLaunch Service
  
• Enable- LargeIDE Fix
  This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections
  

Also note: If you have a Dell XP install disc you will need to follow the instructions here

http://www.ubcd4win.com/faq.htm#dell

3. Click on the "Build" button

• You will see the Windows EULA message. Click on I Agree
  
• You will now see the Build Screen. Let it run it's course
  
• When the Build is finished you can click close, then exit
  

4. Burn your ISO file to CD

• Please see HERE on how to burn an ISO to CD.
  

==========

Next, from your clean computer:

Download Farbar Recovery Scan Tool

and save it to your flash drive.

Now plug your flashdrive back into your sick computer and follow the next instructions:

==========

1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created

• Insert the UBCD4Win disc in to one of your CD/DVD drives.
  
• Restart your computer.
  
  • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
    

  [*]In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.

  • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
    

  [*]Once the desktop appears, you will receive a message asking: Do you want to start Network support?

  • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.
    

  [*]You should now have a desktop that looks like this:

  

==========

• Single click My computer from your UBCD4W desktop to navigate to the Farbar Recovery Scan Tool you saved to your flash drive.
  
• Double click on it to begin running the tool.
  
• When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your next reply.
  

[frode34]

D-FRED_BROWN:

I was without my "clean" computer this weekend, so I will get the last bunch of steps done

as soon as I can.

[D-FRED-BROWN]

Sounds good, keep me posted

[frode34]

Got errors during the build. Step 3. Click on the "Build" button.

From error log---------

Checking for missing files

Warning: File "fltmgr.sys" not found

Builder has stopped because there are 2 build errors

ISO image is not created, you must fix the errors!

Building done...

There where 2 errors and 1 warnings

Use the [<<] and [>>] buttons to jump to Error/Warning.

Error: SetupDecompressOrCopyFile() "c:\xpcd\I386\FLTMGR.SYS" to "C:\UBCD4Win\BartPE\I386\SYSTEM32\DRIVERS\FLTMGR.SYS" 2: The system cannot find the file specified.

DecompressOrCopy file "c:\xpcd\I386\FLTLIB.DLL" to "C:\UBCD4Win\BartPE\I386\SYSTEM32\FLTLIB.DLL"

Error: SetupDecompressOrCopyFile() "c:\xpcd\I386\FLTLIB.DLL" to "C:\UBCD4Win\BartPE\I386\SYSTEM32\FLTLIB.DLL" 2: The system cannot find the file specified.

-------------------------

I copied the XP CD to my hard drive. So the utility is looking on c:\xpcd The file is not in the xpcd dir.

frode34

[D-FRED-BROWN]

FLTMGR.SYS

FLTLIB.DLL

Can you verify that those files are on the disk?

[frode34]

Neither file is on the XP CD. I checked 2 old recovery disks too. Neither file is on those disks.

Checked hidden files too.

[D-FRED-BROWN]

Here's what we'll do:

Download the zip file I've uploaded here (frode34 files.zip). frode34 files.zip

Extract it to your Desktop.

Copy FLTMGR.SYS to the following folder (in bold)

c:\xpcd\I386\

So that the filepath looks like c:\xpcd\I386\FLTMGR.SYS

-------

Do the same for FLTLIB.DLL

So that the filepath looks like c:\xpcd\I386\FLTLIB.DLL

-------

Then re-run the "build" instructions that you previously had trouble with.

Report back here if you encounter any problems.

[D-FRED-BROWN]

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them.

If not, please let me know so I can close this topic.

-DFB

[frode34]

Still here. I was able to build the disk image. Should make some progress tonight if

I get the CD burned.

Definitely keep you updated until this gets fixed.

[D-FRED-BROWN]

Sounds good

[frode34]

CD is burned and Farbar is downloaded and on my flash drive.

Booting with Ultimate Boot CD in infected computer. Flash drive in computer too.

During the load I get "The file fltmgr.sys is corrupted." (press any key)

[D-FRED-BROWN]

I'll do some digging and get back to you asap.

edit: please read the private message I sent you.

[AdvancedSetup]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.