I've tried CCleaner, Malwarebytes, scoured a million(?) files and it won't go away........

any suggestions ??

LD

try
http://www.f-secure.com/en/web/labs_global/removal-tools

I'd try F-Secure too. It has the advantage of not being on your PC until the scan starts so it isn't likely to be affected. Most of the sites I saw described removal as more or less deleting all custom or personal browser settings, but can't say if this gets it all or if it will assert itself again. Sometimes a System Restore will do the trick as well. Did you try scans in safe mode?

I'd try F-Secure too. It has the advantage of not being on your PC until the scan starts so it isn't likely to be affected. Most of the sites I saw described removal as more or less deleting all custom or personal browser settings, but can't say if this gets it all or if it will assert itself again. Sometimes a System Restore will do the trick as well. Did you try scans in safe mode?

Thanks, guys !!!

tried F-secure but couldn't tell if it was running or not so I gave up after about an hour. Ended up following a step by step "how-to" and it seems to be gone.
We shall see for how long.......

LD

You would have known if F-secure was running. It sounds like it was not. If I remember correctly F-Secure only runs in IE not any other browser. If you tried to run it in IE and it failed it is likely because your bug is blocking it from starting.

Something else you might want to try...

Usually when you cannot get rid of these types of things it is because they have embedded themselves too deep into your system and given themselves too many ways to re spawn if you clear them out.

To combat that you need to run another OS on your PC and scan from that OS.

You can try downloading Parted Magic (https://partedmagic.com/downloads/) (a Linux distribution) and running ClamAV (http://www.clamav.net/lang/en/) to clean out any infection.

Prior to doing that you may want to image your drive (to an external drive) in the event ClamAV is too aggressive and removes things you still want. You can image your drive with another utility on Parted Magic called Clonezilla (http://clonezilla.org/). That will give you the ability to go back to your infected state if you rip out too many files.

You can also pull off all your needed files (documents, pictures, and videos etc) to an external drive safely without infecting the external drive, if you don't want to make an image.

Once you copied all you need you can securely erase your hard drive removing everything and reload windows from scratch if needed.

Good luck what ever you try

Just went to F-Secures site and they've redone things a bit since last visit. From the main site look at the top and click F-Secure Labs, then lower down click Scan Your PC / On Line Scanner, then on the last page click Run Now. You will download then run the scanner which can take quite a long time depending on things. If you think you got rid of it or even if you're not sure, creating another admin account can also save the day. I've gotten rid of two pesky bugs by deleting the main account (taking the bug with it) and then using the other admin one. You just want to be sure to duplicate whatever you want on that account so you can get back up to speed quickly.

Hi ,i do not post here but was interested in your thread hope you do not mind me chipping in ,in the UK a number of my mates have been hit by a ransom virus,I have assisted them in performing a system restore ,which seems to have worked well for them, now i have not heard of you particular problem but most of these things seem to disable you USB keyboard /mouse inputs on your PC,so 1- switch off pc .2-remove all usb connected hardware on your pc ,3-connect a keyboard with a PS2 connector (round type connector not usb )you have now bypassed the usb keyboard connection on your pc,4-switch on PC,press F8 to boot into safe mode then perform a system restore to an earlier date before infection ,this has worked for quite a few friends so maybe it will help you , peter

Finally able to run a scan with f-secure............came out clean.

Chipping is always welcome:encouragement: I think for the RansomeWare, which knows no geographical bounds, can also be fixed by having the aforementioned second admin account, then deleting the primary. I am also a fan of System Restore which has saved my b*tt many times..

Good news on the scan, make a restore point in case you need it later.

If something like the "FBI virus" ransomware suddenly pops up on your computer while you are on the internet then try this:

1- Look at the time and remember it (it will be important in a few minutes)
2- Immediately do a hard shutdown - pull out the power cord
3- replace the power cord and reboot in safe mode. With most versions of Windows you have to repeatedly press f8 until the safe mode startup screen appears and then select safe mode without networking
4- When the computer is booted up go to the "system 32" folder and on the tool bar at the top under "View" sort all the folder's contents by date modified. Now remember that time I told you to remember? Look for files and folder that were created at the same time or within a minute or so before the ransomware popped up. Those are your virus. Delete them or if you have a shredder that overwrites them that is even better. Since you have sorted the contents by date modified they should be either at the end or beginning of the list of all files and folders in the system 32 folder.