stupid FBI greendot virus

[celticolleen]

I don't know what to do. My husband opened an email from my grandson, clicked on a link, and now his computer has been hijacked and held for ransom.  This virus even starts in safe mode, safe mode with networking and safe mode with command prompt.  And it won't allow a system restore.  My hubby, an IT guy who should know better, never made a restart disk after we got his computer from dell.  Now what?

Any help would be greatly appreciated.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  
• Reboot your system using the boot CD you just created.
• Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  
• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved  in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.
  

[celticolleen]

His computer won't boot from that disk.  It is set to boot from the cd.

Sorry!  My hubby is talking about just taking it to Staples and having them blow everything away and reload with XP which he likes better anyway.

Thank you very much for trying though!

[SuperDave]

If the rescue disk is created correctly, it should boot your computer. Remember, this is an ISO file and needs to be burned with an image burner. You may have problems finding an XP disk and would be better of going to Windows 7

[brianc555]

I am experiencing the same problem with my computer. However, when I reboot the computer in safe mode with networking Windows shuts down when I get to the login screen and select my (administrator) icon. I can however use the computer with no issues from my wife's login icon. That is how I am able to access this website now. What do I do? if I run malware or spyware removal on my wife's login icon will it remove the malware from mine?

[SuperDave]

brian, please start a new thread of your own and I will help you.

[brianc555]

I did, thank you