Jump to content

Possible FBI virus


Recommended Posts

Based on reading other posts in this forum one of my laptops (running Windows 7 64-bit Pro) seems to have been hit by some virus - probably the FBI virus:

- started when I could not connect to any internet site other than Google.

- when I tried to switch to a previous restore point, i found that there were none.

- I have tried a few things (based on web searches):

  - changed the DNS to Google DNS.

  - reset the Winsock and TCP stacks

  - run adwcleaner and tdsskiller (downloaded on other computers).

Nothing seems to work.

I just ran frst64.exe and am enclosing the FRST.txt and Addition.txt that were generated.

I would hugely appreciate any help you experts can give me.

Thanks in advance!!!







Link to post
Share on other sites

They call me TwinHeadedEagle around here, and I'll be working with you.
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
  warning.gif Rules and policies
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

I do not see presence of some serious virus on your PC. But there are some things we need to fix.




warning.gif Multiple Resident Protection warning!
Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

  • avast! Antivirus
  • COMODO Antivirus

Uninstallation procedure:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for each uninstalled entry, right-click it and select Uninstall.

This should be done until any other steps will be taken.

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.


Link to post
Share on other sites

Thanks for your help.

When I tried to start appwiz.cpl with "Windows-key" + R (in ordr to uninstall Comodo anti-virus) , it said "Windows cannot access the specified device, path, or file....." When I tried searching for appwiz.cpl using the Windows Search bar, it could not find the file.Should I go ahead with Farbar/fixlist.txt step?

Link to post
Share on other sites


I tried to uninstall the entire Comodo package - both firewall and antivirus using the Control Panel but it kept saying "Access is denied". 

I then removed the Comodo Firewall from the startup list and rebooted. Now the computer will not boot up - says "Windows failed to start - a recent hardware or software change may be the cause". When (as instructed) I booted from the Windows DVD and tried to repair the Windows installation on the hard drive, it failed saying "Windows cannot repair this computer automatically".

Is there anything else I can do short of reinstalling Windows?

Help would be greatly appreciated.

Link to post
Share on other sites

We will need to work outside your Windows to restore your PC to previous time:
Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.

  • Plug the flashdrive into the infected PC.
  • Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
  • Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
  • In the Choose Recovery Tool menu select Command Prompt.
  • You will see a big black window with a blinking cursor (command prompt).
    notepad.png Access the notepad and identify your USB drive
    In the Command Prompt please type in:
    and press Enter.
  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.
  • Note down the letter and close the notepad.
    FRST.gif Scan with Farbar Recovery Scan Tool
    Once back in the command prompt window, please do the following:
  • Type in e:\frst64.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.
  • When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.
    Transfer it to your clean machine and include it in your next reply.
Link to post
Share on other sites

Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt
>>  Boot into Recovery Environment
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

  •    Press the Fix button once and wait.
  •    FRST will process fixlist.txt
  •    When finished, it will produce a log fixlog.txt on your USB flashdrive.

>>  Exit out of Recovery Environment and post me the log please.
Try to boot Windows normally...


Link to post
Share on other sites

1. The screen shows "Starting Windows" with the Microsoft logo.

2. After about 30sec, the screen goes dark and the cursor appears.

3. This last for just a second or two - followed by a blue window in the middle of the screen saying something like:

    "A problem has been detected and Windows has been shut down to prevent damage to your computer.

     A process or thread crucial to system operation has unexpectedly exited or been terminated ...."

 Before I can take down any more text from this message the blue window vanishes and the system tries to boot again.

 I also noticed that just as the screen goes dark (step 2), I hear the noise of some motor spinning up.

Could this be a hardware problem?

Link to post
Share on other sites

This is probably hardware problem, base on this:

Error: (09/01/2014 00:40:56 PM) (Source: volsnap) (EventID: 14) (User: )Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.Error: (08/31/2014 11:14:06 AM) (Source: iaStor) (EventID: 9) (User: )Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.Error: (08/30/2014 10:23:28 AM) (Source: volsnap) (EventID: 14) (User: )Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.Error: (08/29/2014 10:08:50 AM) (Source: volsnap) (EventID: 14) (User: )Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.Error: (08/27/2014 09:54:35 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}Error: (08/26/2014 10:23:30 AM) (Source: volsnap) (EventID: 14) (User: )Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.Error: (08/24/2014 03:11:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.Error: (08/24/2014 00:02:24 AM) (Source: volsnap) (EventID: 14) (User: )Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.Error: (08/24/2014 00:02:24 AM) (Source: iaStor) (EventID: 9) (User: )Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.Error: (08/24/2014 00:02:23 AM) (Source: iaStor) (EventID: 9) (User: )Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Your hard drive is either malfunctioned or cables are bad. Try to check if cables are ok, or think about backing up your data and replacing your hard drive.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.