Civil War Talk And The FBI Virus

[R. Evans]

Not sure whether the Civil War Talk forums was where I recently had my computer infected by the FBI virus. But it was the last place I visited before ending my session. When I returned and fired up my computer this virus struck.

Nasty piece of work this is, in addition of accusing you of being a pedophile, it totally shuts down your computer from your normal operating screen. I was able to get removed with the help of my computer genius friend. But it kind of gives itself away with it's whole premise. For one thing, if you were guilty of what it accuses you of, the real FBI would be at your house putting the cuffs on. The 2nd give away is that it says that part of the fine is between 2 and 5 hundred minimum wages. WTF is that?



So does anyone know whether or not that site is infected or did I maybe pick it up somewhere else? I won't go back there until I'm sure it's safe.

Any input from you guys would be helpful.

[mikeck]

I got this same virus from a newspaper sight. If you have not already you can search YouTube for "FBI virus" And it will show u how to remove it in safe mode, it's not difficult. It is usually not on the sight but a pop up...maybe an ad that when you click on the x to close, activates it. Either way, it requires no exe file so it's hard for anti virus to get.

Just FYi, mine didn't "activate" until about 15 minutes later. I read the article (newspaper from Jerusalem) and when I closed it, I walked away. 15 minutes later, I hear "warning, your computer has been locked by the FBI" over and over. I'm a police officer so I knew it was BS right off the bat, but it was a pain in the rear.

Another give away is the " if this is your first offense, you can just pay a fine by sending money to this address" ...and the accusation that you either downloaded child pornography, illegal music files or pirate videos...or if you didn't, your guilty of negligent use of a computer.

[semperpietas]

Quote:

Originally Posted by R. Evans

Not sure whether the Civil War Talk forums was where I recently had my computer infected by the FBI virus. But it was the last place I visited before ending my session. When I returned and fired up my computer this virus struck.

Nasty piece of work this is, in addition of accusing you of being a pedophile, it totally shuts down your computer from your normal operating screen. I was able to get removed with the help of my computer genius friend. But it kind of gives itself away with it's whole premise. For one thing, if you were guilty of what it accuses you of, the real FBI would be at your house putting the cuffs on. The 2nd give away is that it says that part of the fine is between 2 and 5 hundred minimum wages. WTF is that?



So does anyone know whether or not that site is infected or did I maybe pick it up somewhere else? I won't go back there until I'm sure it's safe.

Any input from you guys would be helpful.

I occasionally browse there, but I have not registered there. Do you have an anti-virus?

[R. Evans]

Pain in the rear is putting it mildly.

[mikeck]

My a anti virus didn't catch it....apparently it has something to do with it just putting something in the registry instead of an exe.

[R. Evans]

Quote:

Originally Posted by semperpietas

I occasionally browse there, but I have not registered there. Do you have an anti-virus?

Yes but as Mike says it slips past anti-virus. My fixer friend also said it did no permanent damage. It's a money scam pure and simple. I guess whoever launched it figures that you'll be so embarrassed at being accused of watching child porn and zoophilia (had to look that one up), that you'll pay and keep quiet.

I've got to wonder if anyone has ever paid and then what happens to virus after payment?

[semperpietas]

Quote:

Originally Posted by R. Evans

Yes but as Mike says it slips past anti-virus. My fixer friend also said it did no permanent damage. It's a money scam pure and simple. I guess whoever launched it figures that you'll be so embarrassed at being accused of watching child porn and zoophilia (had to look that one up), that you'll pay and keep quiet.

I've got to wonder if anyone has ever paid and then what happens to virus after payment?

Hmm.... might have to do so on a non vital computer to be sure. Cheeky bastards, that's for sure.

[semperpietas]

Got on CWT, and everything appears ok.

[wonderwhy]

I can say with 99.99999% assurance that you did not get infected here.

First - as a former intel officer, DoD Security Manager, White Hat Hacker and current Security Architect/Engineer for a security software company I've got some background in these things. ;-)

Yes it's malware for money making (most of them are now).

How did I get infected, you ask?

Yes, quite often from surfing porn, downloading from bitorrent or pirate sites, etc. You don't get these from legitimate sites though there have been occurrences every now and then where hackers have gained access to legitimate sites to do this - e.g. Paul McCartney's site several years back.

But I don't surf porn or download from pirate sites and I still got infected you say!

Its a case of keeping up with the bad guys and the multiple, multiple ways they come up with for fraud. They build these things and test against ALL the major AV vendors software to make sure they aren't caught or blocked.

Some examples of how you could have gotten infected even though you've never "done anything shady" on the Internet.

- You've been pretty good about deleting all those scam emails but you just saw one for the worlds greatest fishing lure. Or an email comes from one of your best friends and it has a link in it....bottom line is these emails can lead ultimately to infection. Be careful.
- You need to buy a new truck so you go on Craigslist and find one that is beautiful, low miles and very, very reasonably priced. There's a link to see more pictures or get more info...next thing you know, you are infected.
- You just came in from hunting rabbits and decide to google for some good recipes...you start clicking links

How do you protect yourself?
1 - Common Sense - sometimes this won't even help.
2 - Backup everything! Whether to an external drive or online. No matter what, you are going to get infected at some point unless you disconnect from the Internet and go live in a cave.
3 - Use a Firewall and AntiVirus: I use free versions of Zone Alarm and Avast. Avast has plugins for browsing too so you can see a sites rating before visiting. See pic attachment. I don't work for either of these companies BTW.

Hope this helps.

[mikeck]

No, he wouldnt have. I belive it appears in pop ups that if you click on it (even to "x" out of it) you get it. It may een appear as a pop up for an apparently innocent advertisement. It simply does not require you to open up an exe file.

who knows. I come here all the time and never had a problem.

But I don't surf porn or download from pirate sites and I still got infected you say!

Uhhh, yeah..uhhh, I dont look at porn either....

[copenhagen]

This occured at work a little while back. Its a piece of malware that accuse you of being a perv and you'll go to jail forever unless you pay 40 buck or something Yeah there are websites which will help you get rid of it in safe mode..

[R. Evans]

Quote:

Originally Posted by semperpietas

Got on CWT, and everything appears ok.

Thanks, I'll give it another try.

[R. Evans]

I've gone back to CWT and so far, so good.

I might have picked up that virus somewhere else. I can assure you guys though, it wasn't a porn site. The wife would have me drawn and quartered if she caught me viewing that crap. And since we use the same computer, it would be kind of hard to hide.