Go Back  DoItYourself.com Community Forums > Electrical, AC & DC. Electronic Equipment and Computers > Computers, Internet Capable Devices and Peripherals
Reload this Page >

Locking up my computer cannot go to safe mode says Mexican Gov stays onthatpage

Locking up my computer cannot go to safe mode says Mexican Gov stays onthatpage

Reply

  #1  
Old 12-29-13, 10:19 AM
Member
Thread Starter
Join Date: Oct 2003
Location: Tenn
Posts: 308
Received 0 Votes on 0 Posts
Locking up my computer cannot go to safe mode says Mexican Gov stays onthatpage

I know going some where I should not be going. I'm on it lusting away and this time a Mexican Gov computer page all in Spanish.. It tells you to send them money and they will remove the page.. This page comes up and computer will not do anything it stays on that page.. I cut off back and back on I can go to safe mode when I get on safe mode that Mexican comes back on and stays on..

If I mess with it alt delete messing with it for about hour it goes off I think.

I know I should not be going to a girly site, I'm single man and get no thrills
Can you tell me how to get around this when it happens?
 
Sponsored Links
  #2  
Old 12-29-13, 10:59 AM
PJmax's Avatar
Group Moderator
Join Date: Oct 2012
Location: Northern NJ - USA
Posts: 52,608
Received 339 Votes on 317 Posts
That is called Ransomware. First of all....... DON'T SEND ANY MONEY ANYWHERE.
FBI Cybercrimes is a matching virus to what you have.

This virus appears at many file sharing sites as well as music sharing and porn sites. The virus plays on the operator potentially doing something illegal. Of course, if you were actually doing something illegal the government wouldn't send you this on-line gift. They'd make a personal appearance.

I had this virus a while back. Since I run my computer from a user partition and not as the admin....I was able to go to the admin section and remove it there.

Here is a link to Malaware to remove the virus.

Remove Department of Justice virus (MoneyPak Scam)
 
  #3  
Old 12-29-13, 11:04 AM
Forum Topic Moderator
Join Date: Mar 2005
Location: USA - N.E.Tn
Posts: 46,063
Received 120 Votes on 107 Posts
I wonder if using system restore would remove it ??
 
  #4  
Old 12-29-13, 11:20 AM
lawrosa's Avatar
Super Moderator
Join Date: Dec 2010
Location: Galivants Ferry SC USA
Posts: 17,799
Received 10 Votes on 8 Posts
Use superanti spyware ... Its free and better then malwarebytes..

SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Clear your caches..

Use CCleaner...free.

CCleaner CCleaner CCleaner Download - CCleaner 2013 Download

Or glaryutilities.free...

Glary Utilities | Glarysoft


I use them weekly....
 
  #5  
Old 12-29-13, 12:32 PM
Temporarily Suspended
Join Date: Jul 2008
Location: NY
Posts: 10,986
Received 0 Votes on 0 Posts
I had one in English. It was the FBI virus. I knew that I hadn't downloaded any illegal music. I rebooted & cleaned the virus. Someone had compromised a web page & that's how I got it. I usually use Firefox with no script but that time I was using IE.
 
  #6  
Old 12-29-13, 04:08 PM
Member
Thread Starter
Join Date: Oct 2003
Location: Tenn
Posts: 308
Received 0 Votes on 0 Posts
But the only thing that is on my screen is the page.. You can not do anything go anywhere.. I rebooted about 5 times the first 3 my safe mode would come up but then this page would show on the screen.

My question is when it comes up what do I do ?? After 45 min or so finally it I got to malware and did a quick scan but do I have to wait like that..
 
  #7  
Old 12-29-13, 04:20 PM
lawrosa's Avatar
Super Moderator
Join Date: Dec 2010
Location: Galivants Ferry SC USA
Posts: 17,799
Received 10 Votes on 8 Posts
you cant control , alt, delete and close it? With task manager?
 
  #8  
Old 12-29-13, 04:24 PM
lawrosa's Avatar
Super Moderator
Join Date: Dec 2010
Location: Galivants Ferry SC USA
Posts: 17,799
Received 10 Votes on 8 Posts
Your going to have to use combo fix, r kill, and tdss and the such..

Follow instructions here.

ComboFix: A guide and tutorial on using ComboFix

Majorgeeks .com has similar instructions...
 
  #9  
Old 12-29-13, 06:27 PM
Temporarily Suspended
Join Date: Jul 2008
Location: NY
Posts: 10,986
Received 0 Votes on 0 Posts
Reboot, hit F8, choose safe mode with networking, run regedit
HKLM
Software
Microsoft
Windows
CirrentVersion
Run

It's in there somewhere. Also check the same path in HKCU
 
  #10  
Old 12-29-13, 06:36 PM
Member
Thread Starter
Join Date: Oct 2003
Location: Tenn
Posts: 308
Received 0 Votes on 0 Posts
I hit F8 and it goes to Safe Mode but by the time I click on something this SITE COMES UP and all is frozen just shows the page... You can cut off back on 2 times back to SAFE MODE but 4 time the page shows up before going to safe mode....

any button i hit will do nothing..
lawrose
I do hit Alt Cont Delete and it will flash off and on on the screen but you cannot click on nothing.. its weird
lawroase how do I get to Combofix I can't go no where
 
  #11  
Old 12-29-13, 06:52 PM
lawrosa's Avatar
Super Moderator
Join Date: Dec 2010
Location: Galivants Ferry SC USA
Posts: 17,799
Received 10 Votes on 8 Posts
Are you replying from a different computer then the one that is infected?
 
  #12  
Old 12-29-13, 07:17 PM
Member
Thread Starter
Join Date: Oct 2003
Location: Tenn
Posts: 308
Received 0 Votes on 0 Posts
No its this computer I clicked on F8 cut off and on about 7 times when start up page would come up I would click malware real quick it would about load up and this page from hell would pop up and that was it... then I would alt cont delte it would pop up and off I could see malware running.
i will click on it and might show up then get to run quick scan off it would run and then my computer would come back.. WEIRD

Think I will just find a Playboy mag
 
  #13  
Old 12-29-13, 07:21 PM
lawrosa's Avatar
Super Moderator
Join Date: Dec 2010
Location: Galivants Ferry SC USA
Posts: 17,799
Received 10 Votes on 8 Posts
you need to clear the cache's...

Superantispyware is better and may work...Malware bytes dont fix everything...

If you can get it loaded it will scan on start up if you can adjust the settings...
 
  #14  
Old 12-29-13, 07:24 PM
lawrosa's Avatar
Super Moderator
Join Date: Dec 2010
Location: Galivants Ferry SC USA
Posts: 17,799
Received 10 Votes on 8 Posts
R kill will stop the process of fbi window popping up... Once you stop that you can scan with the programs suggested...
You must stop the process... If you restart your computer it will just keep coming back...

RKill - Free download and software reviews - CNET Download.com
 
  #15  
Old 12-29-13, 07:54 PM
Temporarily Suspended
Join Date: Jul 2008
Location: NY
Posts: 10,986
Received 0 Votes on 0 Posts
Instead of choosing Safe Mode w/ Networking on F8, try Last Known Good Config. If that doesn't work, choose command prompt. If you get to a command prompt, type rstrui.exe & press enter. Then pick a date before the virus. If none of that works, do you know how to boot the machine with a boot disk or use a USB HD enclosure?
 
  #16  
Old 12-30-13, 04:43 AM
Member
Join Date: Apr 2007
Location: Near Buffalo, NY
Posts: 4,239
Received 0 Votes on 0 Posts
System restore has probably been disabled by the virus and even if it could work the rootkit would still be there.
 
  #17  
Old 12-30-13, 05:24 AM
Temporarily Suspended
Join Date: Jul 2008
Location: NY
Posts: 10,986
Received 0 Votes on 0 Posts
I cleaned the virus in less than an hour when I had it. restrui.exe is still worth a try.
 
  #18  
Old 12-30-13, 07:06 AM
Member
Thread Starter
Join Date: Oct 2003
Location: Tenn
Posts: 308
Received 0 Votes on 0 Posts
No Pulpo I'm not to swift on computers with boot disk and such.
On your 2 post you put try rstrui.exe and restrui.exe which is it that might work?
 
  #19  
Old 12-30-13, 07:23 AM
Temporarily Suspended
Join Date: Jul 2008
Location: NY
Posts: 10,986
Received 0 Votes on 0 Posts
Sorry about that. It's rstrui.exe which is the executable in order to do a system restore to a previous date. If you are running a version of windows, Vista or later, there should be a recovery partition. To access that, it's usually F11 or F12 depending on your system. However, if you access the recovery partition, all your files will be lost along with any programs that you have installed along the way. I'm sure that you have your files backed up to date but you may not have the CDs to reinstall the programs.
 
  #20  
Old 12-30-13, 07:43 AM
Member
Thread Starter
Join Date: Oct 2003
Location: Tenn
Posts: 308
Received 0 Votes on 0 Posts
K Tks a bunch for you and all you guys hepin me on this
 
  #21  
Old 12-31-13, 09:24 AM
Member
Thread Starter
Join Date: Oct 2003
Location: Tenn
Posts: 308
Received 0 Votes on 0 Posts
fixed and came back

I got it off after messing with it.. Ran malware 2 days later I CUT MY COMPUTER ON AND THE PAGE CAME BACK...
 
  #22  
Old 12-31-13, 03:51 PM
Temporarily Suspended
Join Date: Jul 2008
Location: NY
Posts: 10,986
Received 0 Votes on 0 Posts
That means that either it's still, in the registry OR you went back to the infected site. I mentioned the two most popular registry keys that are used for viruses in post #9. Try to run regedit & look in there.
 
  #23  
Old 12-31-13, 05:07 PM
Member
Thread Starter
Join Date: Oct 2003
Location: Tenn
Posts: 308
Received 0 Votes on 0 Posts
No Im done gone there for sure I just started up my computer in the morning and came in to desk and there it is,,
 
  #24  
Old 12-31-13, 05:11 PM
Temporarily Suspended
Join Date: Jul 2008
Location: NY
Posts: 10,986
Received 0 Votes on 0 Posts
Are you giving up on the machine? What about removing the HD & connect it to another PC with a USB enclosure?
 
  #25  
Old 12-31-13, 06:56 PM
Member
Join Date: Jan 2011
Location: United States
Posts: 2,446
Received 0 Votes on 0 Posts
You could always wipe the drive and then install Linux. Linux doesn't have the same issues with viruses that Windows does. You can't run as many programs on Linux and some newer printers will not work with Linux but as far as browsing the web is concerned there isn't much that Linux can't do except work with Netflix. Right now the Linux community is working on that problem but so far hasn't solved it.
 
  #26  
Old 12-31-13, 06:59 PM
Member
Thread Starter
Join Date: Oct 2003
Location: Tenn
Posts: 308
Received 0 Votes on 0 Posts
I did all I could to get it gone, I had got it cleared before but spent all day on it and gave up.
I took it to a guy/shop in town to work on it.. I had ran Malware full scan 2 days ago..
Then got the page today, guy called me told me he got one out but there is another virus that will not turn loose going to take more time.. I have had this computer about 7 8 years and been great
now this
 
  #27  
Old 12-31-13, 09:15 PM
Temporarily Suspended
Join Date: Jul 2008
Location: NY
Posts: 10,986
Received 0 Votes on 0 Posts
Maybe the guy in town can do it for you. If I weren't in a different state, I would offer to do it. I don't know if Linux is for you. It's not a replacement for Windows, at least not for me. I run it in a VM but only has a side OS. I have FreeBSD too.
 
  #28  
Old 12-31-13, 11:18 PM
Member
Join Date: Jan 2011
Location: United States
Posts: 2,446
Received 0 Votes on 0 Posts
I agree with you Pulpo Linux really isn't a replacement for Windows. It is less prone to being infected by viruses though although you do hear occasionally about the rare virus infecting a computer but it is very rare. Not many people are interested in trying to make a virus for Linux but for Windows with all of its vulnerabilities they certainly do. Myself I use PCLinuxOS and have found that to be very easy to install and maintain compared to other versions of Linux and it is a rolling distro which means once installed you never have to remove it to update it.
 
  #29  
Old 01-01-14, 06:46 AM
Member
Join Date: Dec 2013
Posts: 138
Received 0 Votes on 0 Posts
Maybe just because I am comfortable with Linux I'd use a Linux live CD to copy all important files then Fdisk and do a clean install of XP.
 
  #30  
Old 01-01-14, 07:02 AM
Temporarily Suspended
Join Date: Jul 2008
Location: NY
Posts: 10,986
Received 0 Votes on 0 Posts
The OP already said that he is not familiar with boot disks. Besides that, a Linux live CD is not persistent. Where would you put the files?
 
  #31  
Old 01-01-14, 08:55 AM
Member
Join Date: Dec 2013
Posts: 138
Received 0 Votes on 0 Posts
a Linux live CD is not persistent. Where would you put the files?
Dropbox or similar. A USB drive or if available a second optical drive. Or use a live USB with persistence.
 
  #32  
Old 01-01-14, 02:51 PM
Temporarily Suspended
Join Date: Jul 2008
Location: NY
Posts: 10,986
Received 0 Votes on 0 Posts
By his own admission, that's a little beyond his scope.
 
Reply

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread
Display Modes
 
Ask a Question
Question Title:
Description:
Your question will be posted in: