# I've got the IRS Virus



## Judy in IN (Nov 28, 2003)

Shame on me for opening this, but we are dealing with the IRS right now, and I thought it was legit. 

I tried to download Malwarebytes onto my desktop and transfer it, but the worm/virus stops it from downloading. Then I tried to use Rkill to clean it up, but the virus evidently is using all of the RAM, so no room to download Rkill. 

Any suggestions? This is an HP notebook, so no CD port-just thumb drives. 

I was able to get into safe mode, but that's as far as I've been able to go. The &^%$# virus has hidden all of my programs, so can't access the internet.


----------



## katy (Feb 15, 2010)

Judy, I sincerely hope you have a spare computer to use, because the infected one is /will be giving out your personal financial data. Following is an explanation. Apparently this virus has been around for several years, when I find a reputable fix I will come back and post it.

http://northcity.fox2now.com/news/business/circuit-attorney-irs-warning-about-email-virus/51012


Title
Circuit Attorney: IRS Warning About Email Virus
Submitted by KTVI & KPLR
Tuesday, March 22nd, 3:30 pm
Topics: Business, News

Circuit Attorney: IRS Warning About Email Virus

The IRS is currently warning taxpayers of an active e-mail scam in the Midwest. The scam involves e-mails supposedly sent from the IRS that bear copycat logos and the names of real IRS officials. The recipients are told that their payment for taxes due has been rejected.

They are then asked to click on a link in order to fill out an attached form and thereby resolve the payment rejection issue. However, the attachment actually contains a virus. This virus allows the scammer to gather personal and financial information from the recipient&#8217;s computer.

IRS spokesperson Michael Devine says that the IRS will never send an e-mail asking for personal information to any taxpayer. All correspondence regarding any problem with your tax return will be through the U.S. Mail. This official IRS letter will describe the problem and contain contact information for the person or agency who can help you resolve the issue.

If you receive an e-mail that claims to be from the IRS, remember the following:

* Do not respond to it.
* Do not open any attachments.
* Do not click on any links in the e-mail.

To assist the IRS in locating and prosecuting the criminals perpetrating this scam, you can do the following:

* Call 1-800-829-1040 to determine if the IRS is indeed trying to contact you regarding your tax return.
* Forward any e-mail claiming to be from the IRS to [email protected].

Topics: Business, News
Share with friends


----------



## Judy in IN (Nov 28, 2003)

Katy, 

Yes, I have been very busy changing all of my IDs and passwords. 

I think all persons responsible for these viruses should be buried alive.....


----------



## texican (Oct 4, 2003)

Not personally familiar with that one... the IRS was 'kind' to me this year.

IF you can reboot, and hit the F10 key repeatedly, to get to the options screen (where you'd go into safe mode), does it have a 'repair' or option to system restore? I caught something two months ago, just by browsing... I couldn't get rid of it, or get to system restore... Rebooting into safe mode wouldn't do any good... finally tried rebooting, getting to the safe mode options screen, and tried the system repair key... which got me back to a week before, and all was well... you'd lose the virus, but not any data. Then, go in and clean up the system with whatever program you choose...

It's how I solved my crisis....


----------



## Kung (Jan 19, 2004)

Frankly, if I knew I'd had this virus on my computer, and that it was (or even could possibly be) giving out my financial information, I would

a) find a 'bootable live' disc - such as an Ubuntu Live disc (one can be downloaded by you or a friend); 

b) use it, along with a few CD's or DVD's, or an external hard drive, to burn your important personal data (music, documents, favorites, etc.) to said CD's/DVD's/external hard drive; 

c) and then I would reformat/reload the computer as SOON as I made sure I had a) the Windows CD to reload it, and b) at least the drivers for your network card or modem (which will allow you to get on the internet and download anything else you may need). 

(Of course, if you have one of those 'recovery CD's' or 'recovery partitions', those will take care of both.)

My rationale for this is simple - any tech I know will NEVER say that your computer *IS* completely free of a virus/malware/spyware program once they believe they have removed it. Yes, when I go to my day-to-day job, and I remove malware, I believe it's clean; but there are SO many types out there that it's not funny. The vast majority of them simply slow your PC down, try to get your money, etc.

BUT this one can broadcast financial data? NO way will I allow it to do that, nor will I bet on the possibility that it WON'T do that. So to make sure, I personally would perform the above steps, were it my computer.


----------



## Del Gue (Apr 5, 2010)

HP netbooks have a recovery partition. Hitting F10 will bring up the recovery and repair thing.

Tell it to reset to factory default. The it will wipe the active partition and reinstall the OS.

It'll be like you just got it from the store. I have a couple of HP laptops and a netbook, this is a handy feature.
I think Dells have this too as does compaqs (which are, HPs)

Now... dont touch the dirty IRS emails again.
lol


----------



## datars (Jul 26, 2011)

If you go into safemode Go here to get into Restore C:\WINDOWS\system32\Restore\rstrui.exe and go back a later date

If that don't work do this
Run System Restore from the Command Prompt in Safe Mode 

A lot of people don't use System Restore because you can't run it if your computer won't boot into Windows, and you can't run it from the Recovery Console, however you can run it from the Command Prompt in Safe Mode. 

To do so, power up your computer and use the"F8" key to boot to: Safe Mode with Command Prompt. 

At the command prompt type: c:\windows\system32\restore\rstrui.exe 

Click "Enter", and System Restore should open

Also you can take out the drive and put it into another PC and do a virus removal


----------

