Spyware, Viruses, & Security forum


Cleaning up the "FBI" Virus/Malware

by FurAndFeathers / April 26, 2012 4:47 AM PDT

Hi All, I recieved this email a few days ago but didn't open it until today. I was trying to help a sight impared friend with her laptop instead. The laptop was inexplicably loaded with digital products that were running at start up. I was very confused. So I turned her firewall back on and proceeded to clean up her startup and processes, delete new software, etc. Still I was clueless as to what was wrong. The worst part is she cannot get on the internet. I was unable to resolve the problem before bedtime so it remains unsolved today.
Do you think that the attached information could have something to do with it? If not, what do you make of this "malware" or false internet?
Thx, Barbara

----------Original Message----------

Date: Apr 23, 2012 9:48:15 AM
Subject: You May Lose Internet July 9th, FBI Website Scans Your Computer For Virus That Affects Hundreds of Thousands

The FBI security partner website linked below (where they scan your computer for the virus) was down when I tried it a few minutes ago. It would have been nice if the FBI announced this months ago when they learned about it.
Hundreds of thousands may lose Internet July 9th
LOLITA C. BALDOR Associated Press

WASHINGTON - For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.
Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.

The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org , that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet.

Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.

"We started to realize that we might have a little bit of a problem on our hands because ... if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service," said Tom Grasso, an FBI supervisory special agent. "The average user would open up Internet Explorer and get `page not found' and think the Internet is broken."

On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn't enough time. A federal judge in New York extended the deadline until July.

Now, said Grasso, "the full court press is on to get people to address this problem." And it's up to computer users to check their PCs.

This is what happened:

Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet's domain name system.

The DNS system is a network of servers that translates a web address - such as www.ap.org - into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.

The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.

When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie's clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.

The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.

Vixie said most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers.

FBI officials said they organized an unusual system to avoid any appearance of government intrusion into the Internet or private computers. And while this is the first time the FBI used it, it won't be the last.

"This is the future of what we will be doing," said Eric Strom, a unit chief in the FBI's Cyber Division. "Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations."

Now, he said, every time the agency gets near the end of a cyber case, "we get to the point where we say, how are we going to do this, how are we going to clean the system" without creating a bigger mess than before.

To check and clean computers, try: http://www.dcwg.org .

Read more: http://www.abcactionnews.com/dpp/news/science_tech/hundreds-of-thousands-may-lose-internet#ixzz1sskfFOoY

Discussion is locked
You are posting a reply to: Cleaning up the "FBI" Virus/Malware
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Cleaning up the "FBI" Virus/Malware
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Barbara, I'm confused too. Some questions for you..
by Carol~ Forum moderator / April 26, 2012 6:22 AM PDT


Perhaps you might be able to clear some things up for us. In turn, we may be able to better help you.

I'm unclear as to the following: >>I recieved this email a few days ago but didn't open it until today.<<

Where did the email originate? Was it from a friend, as a warning? Or did it come from elsewhere? You seem to have quoted from the article you provided, with the below being an exception. Did YOU add it as note, in the middle of the quoted area? Or was it included in the email?

"The FBI security partner website linked below (where they scan your computer for the virus) was down when I tried it a few minutes ago. It would have been nice if the FBI announced this months ago when they learned about it.
Hundreds of thousands may lose Internet July 9th
LOLITA C. BALDOR Associated Press

The above states "it would have been nice if the FBI announced this months ago when they learned about it". There were announcements made continually for a long time.. I'm trying to figure out if the email is legitimate. The news IS legitimate. But I'm questioning the source of the email. As far as I know, the FBI is NOT sending out notices. So again I ask...... where did the email originate?

Please read this thread.: "Will the Internet end in July?" I believe it should help shed some further light on the matter.

>>I was very confused. So I turned her firewall back on<<

I take this to mean the firewall was off. Is there a reason? And has the firewall always been off?

Barbara, what sort of digital products were installed? And were up able to access the internet before you started 'cleaning up her startup and processes'?

We can suggest what we think needs to be accomplished, in order to help her get her connection back. But it would help to have the above questions answered first.

Help us.. help you.

Collapse -
Need to get more info so we can have this conversation.
by FurAndFeathers / April 26, 2012 10:00 AM PDT

Thank you for the response Carol,
I'm going to head across town and pick up the her laptop so I have access for this conversation. Otherwise I'm wasting your time. I've outlined what it was doing, what I have done so far, but I need to be precise.
I will also read the link you posted. Be back later.

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.