"FBI" Virus removal instructions.
I’ve been seeing more and more clients getting hit with the “FBI” virus. The virus seems to be making it’s way into systems using Java exploits. I can’t stress to my clients enough that when Adobe or Java products prompt for an update to install them ASAP. These updates address security and performance issues within the products and it is imperative that they be updated! Just last October Oracle released JAVA updates to resolve 50 known security exploits that would allow attackers to gain access to outdated systems or infect computers with Virus’s like the “FBI” virus. Even if you’re Anti Virus program is up to date and you let other updates lapse you are still very vulnerable to virus infections.
Removal Instructions: This set of instructions is pretty generic for removing most types of viruses.
1. Boot the system into safe mode with networking support by pressing the F8 key, right after the computer is started but right before the Windows splash screen loads. This may take a few tries.
2. Once the system starts and you are at you’re desktop download, install and run the following programs in the order they are listed.
program 1 rkill will shutdown any third party background processes that may prevent you’re system from running the other programs listed below. Safe mode will not always stop malware processes.
Program 2 MalwareBytes this is the mother of all Malware removal tools and will often remove what Norton, McAfee, and other Anti-virus programs cannot. Once installed and opened it should grab some updates and you should than select “Perform Full scan”. This may take about two hours depending on the computer. Mean while you can run the next program.
Program 3 TDSSKiller Simply just click Start when the program opens and a quick scan for rootkits will be done. I Find that most computer users with that have managed to get one Virus will often have rootkits on the machine so this is just a follow up to MalwareBytes.
Once MalwareBytes is done scanning you can select the option to remove the infections and than click yes to reboot the computer. With any luck the “FBI” virus and any other virus on the system will be removed.
I’ve also seen version of the “FBI” virus prevent users from accessing safe mode by causing a blue screen each time an attempt is made, Enter Kaspersky Rescue Disk 10 which is a live cd based on Debian Linux that will allow you to run a Kaspersky AV scan without booting into windows and hopefully eliminate the “FBI” virus.