After experiencing a period with lower virus activity, the tables are beginning to turn and ransom ware like the FBI virus is becoming more and more common. Virus activity is beginning to take a leap as we approach the holiday shopping season. We see it happen year after year. During this period, many people opt to online for doing a good majority of their Christmas shopping. Virus hijackers like to take advantage of the extra online traffic by writing new virus code and infecting thousands of sites in order to get there wares out into the wild.
According to reports, Windows 7 and Windows XP are the primary targets. It appears that Vista is not quite as vulnerable and that is because most people either have stuck with their old faithful XP or have upgraded the buggy Windows Vista to the rock solid Windows 7. We will probably also see an increase in virus attacks on Macs as well since many Windows users have changed their platform to a Mac.
Attacks on the 32-bit version of Windows 7 have increased by as much as 23% over the last few months. This is due to the huge popularity of Windows 7 and the great number of new users that are using the OS. One of the most aggressive of these infections is ransom ware called the FBI virus. This virus is brutal once it gets into your system. Depending on how long it stays in your system, your computer can be locked down sometimes even in safe mode with no easy way to get into your operating system. The fake screen that pops up looks very real and can be intimidating for many people. Essentially the virus lets you believe that you are committing a copyright violation and you need to pay $200.00. The money is usually requested to be made as a money pak from Walgreen’s or Wal Mart. As real as it looks, it is a fake program. Do Not Pay the $200.00 as the screen will still remain on your computer and the virus will still be there.
Removing the virus can be a challenge even for an experienced tech. Since we do all remote, sometimes we have to walk our customers through some complex steps in order to be able to gain access to the machine. The first step we will usually try is to get the computer into Safe Mode to see if the screen comes up that way. In some computers we can gain access at this point but in others, the screen is still there blocking all access to the computer. If safe mode fails then we attempt to enter the computer by using the safe mode with command prompt. This is accomplished by pressing and tapping the F-8 key while booting.
Once you see the advanced boot options menu come up, choose the Safe Mode with Command Prompt option and press enter. Once you are logged in, your screen will look like a DOS screen ready for your command. If you type Start System Configuration Utility on the command line, a window that looks like Windows Explorer should open. From here it is a treasure hunt to find the file that is triggering the fake screen and delete it. The infected file is usually located in the Users/App Data folder on your computer. The file is rarely always the same name so we have to look at the date and location of the file to determine if the file is indeed the one we are looking for. The file will often be a set of random numbers and letters and be marked as an application.
One of the worst aspects of the FBI virus is that it is almost never stopped by anti virus software. It appears to be most common with video sites and X rated websites.
In addition, we have seen an increase in exe hijackers and the system restore virus that actually changes the configuration of your files so that you think they have been erased. These virus variants are a bit easier to remove but registry fixes often have to be implemented in order to get the machine back to a normal state. Most of these virus attacks will take several steps to completely remove. It can almost never be done just by a simple scan from your anti virus program.
Author: Joe Zelenak, Staff Writer
Leave a Reply