Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing the FBI MoneyPak ransomware...you need to update your guide.


  • Please log in to reply
5 replies to this topic

#1 prowler3

prowler3

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 26 July 2012 - 04:18 PM

This doesn't work with the new "$200" ransom malware:

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

Nothing, including the suggested Emsisoft Emergency Kit, touches it, so far. I've tried updated EEK, Spybot and Spywareblaster...no one seems to have a handle on this one yet.


Vic

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:46 PM

Posted 26 July 2012 - 05:03 PM

Boot into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 prowler3

prowler3
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 26 July 2012 - 05:07 PM

Boot into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


I must tell you that I have downloaded so much stuff today that would supposedly get rid of this annoyance, that adding your 3 to the list presents me with a problem. Please do not take offense...I surely appreciate any help. Can you see, however, where I'm coming from? Everybody and their brother apparently has some download that will fix this...and, so far, it's all BS. What I would like to see is a working update for my tried and true (usually) programs, like Spybot and Spywareblaster. I hold out little hope that MS will come up with a working update soon to MSE. I have manually deleted the files, again, and things are running normally, it appears...but I would really like to know the registry locations for this little POS. Even better would be the home address of the person who is putting it out there...but we can only dream LOL! Again, I do appreciate the help.

Manual removal, at this point, has been fairly easy, 2 files, which leads me to believe there is still something lurking in the untouched registry?

Edited by prowler3, 26 July 2012 - 05:21 PM.


#4 ruralgeek

ruralgeek

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 30 July 2012 - 05:04 PM


Boot into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


I must tell you that I have downloaded so much stuff today that would supposedly get rid of this annoyance, that adding your 3 to the list presents me with a problem. Please do not take offense...I surely appreciate any help. Can you see, however, where I'm coming from? Everybody and their brother apparently has some download that will fix this...and, so far, it's all BS. What I would like to see is a working update for my tried and true (usually) programs, like Spybot and Spywareblaster. I hold out little hope that MS will come up with a working update soon to MSE. I have manually deleted the files, again, and things are running normally, it appears...but I would really like to know the registry locations for this little POS. Even better would be the home address of the person who is putting it out there...but we can only dream LOL! Again, I do appreciate the help.

Manual removal, at this point, has been fairly easy, 2 files, which leads me to believe there is still something lurking in the untouched registry?



Have an old XP home edition with the latest one of these ransomware trojans. So far the above "fixes" no longer fix this one.

I can get in to safe mode command prompt only. If I go to safe mode networking the ransom page sstill loads.

I downloaded the latest combofix and ran it in cmd prompt a number of times but it did not change a thing. The programmers are obviously working around all fixes that are showing up.

I can't run tdsskiller in command mode so can't even start the above fix.

all I can do is work from the command prompt.


I've been at this all day. I tried that hitmanpro36 also but he programs for much larger screen resolution so in safe mode cmd prompt you can't see the next button to click it to continue on. Not much foresight there.


so does anyone have any more ideas?

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:46 PM

Posted 30 July 2012 - 07:44 PM

ruralgeek

Create a new topic.We can help you

Thanks

#6 prowler3

prowler3
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 31 July 2012 - 09:21 AM

What is wrong with this topic? I'm not trying to be obtuse here...but I'm on XP Pro and, unless the difference between Pro and Home is much greater than I'm aware of, any solutions should work for both ruralgeek and I equally?

I thought I had stated my concerns about "downloading more stuff" politely. If you took offense then look at it from my point of view. I'm supposed to blindly go around downloading stuff that I've never heard of...after downloading other stuff I've never heard of that didn't work? How about a little info on these downloads you suggest? Just slapping them out there, like everybody else is doing, does nothing for my confidence. When you consider that the original suggestion of Emsisoft found here didn't do a thing...why would I not be just a tad bit leary of any other suggestions here? There are a thousand sites out there professing to fix your malware problems and the vast majority are attempts at selling something or, worse, install there own malware.

You'll excuse me if I ask for some "referrals" or "pedigree" on these downloads you suggest, instead of making the problem worse?

Edited by prowler3, 31 July 2012 - 09:38 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users