Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Has anyone seen or have a fix for this yet


  • This topic is locked This topic is locked
4 replies to this topic

#1 Ryanzirra

Ryanzirra

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 28 September 2012 - 01:38 PM

New variant of fbi money pak got that removed. But alot of her documents and pictures have a .block file extension and are now encrypted. I will attach the text document that never came up I found the thing when searching around to see what was going on.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:06 AM

Posted 30 September 2012 - 08:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please follow the removal instructions on this page.

Remove the FBI MoneyPak Ransomware or the Reveton Trojan
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

If at any time you need advice on how to proceed please ask.

When done,

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Let me know what problem persists.

#3 Ryanzirra

Ryanzirra
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 01 October 2012 - 01:31 PM

Infections gone I need a way to decrypt her files found this topic about a similar infection http://www.bleepingcomputer.com/forums/topic446111.html/page__st__150 but the method did not work on her file is there someone that can check this out for me if I send them an encrypted file. Infection is gone computer is clean.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:06 AM

Posted 02 October 2012 - 07:32 AM

Sorry I cannot help you with this problem.

Hope some one will be able to help.

Since this topic is registered to me as a helper I suggest your start a new topic explaining your problem.

Good luck.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:06 AM

Posted 02 October 2012 - 12:39 PM

An Authorized Emsisoft Representative contacted my via a Personal Message.

Under an other circumstance he could have helped solved your problem.

How ever his last message to me was:

As I said, I can't reply directly to the topic . Anyways, I found the malware that most likely hit him. Unfortunately the malware uses random keys that are stored on the server only. So no chance to write a decrypter unfortunately






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users