Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Moneypak on my Dell E310 w/Win XP


  • Please log in to reply
16 replies to this topic

#1 analog_al

analog_al

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 12 December 2012 - 01:33 PM

Hi All,

My internet browsing was interrupted with the FBI splash screen, and that is all I get when I try to access Windows in any mode. I can run Linux from a connected USB drive and that gives me access to my files. I'm thinking if I can find the folder with the Windows start up files, this might get me to the point where I can then dowload MB or some other antimalware program to get me back in business. I'm open to other suggestions as well. Thanks in advance!

BC AdBot (Login to Remove)

 


#2 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:42 PM

Posted 12 December 2012 - 03:51 PM

Hello, please use our guide and let me know.

Remove the FBI MoneyPak Ransomware or the Reveton Trojan

Edited by robocop321, 12 December 2012 - 03:51 PM.


#3 analog_al

analog_al
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 13 December 2012 - 12:11 AM

Well, opening to safe mode of any kind is out - just gets me to the FBI splash screen. I can get internet access only when I boot off my USB with a copy of Puppy Linux. I entered the link in your instructions to my Linux browser and got to Emsisoft. On my second attempt, it seemed to download successfully. However, Xarchiver - the Linux zipped file extractor, just hangs at "opening archive - please wait". I've waited for over ten minutes and I get nuthin.

Now, it's possible Emsisoft may not be compatible with Linux, or maybe it's just the extractor. If I need to be in Windows to follow these instructions, then I'll need some way to keep the FBI splash screen at bay. I can get to my Windows folders via Linux, so if someone could tell me where I might find the start up files, I'm willing to go in and do some cutting. Trashing the PC is not a worry, as I have no critical files on this machine and my friends have access to licensed OS disks. So fire away with the suggestions. I've read the disclaimers...

#4 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:04:42 PM

Posted 13 December 2012 - 08:43 AM

I don't mean to but into someone else who is offering you great advice but one thin that I have found is that as a general rule if you can "cut" your internet connection this malware will fail to start. If you are able to download Emsisoft to your pc via linux and then disable your internet connection and reboot to safe mode, or even into windows, you may be able to clean it up. NOTE: This may not be the case for all "strands" of this malware, it may just work on the ones i'v seen. For what it's worth thought it may help.

#5 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:42 PM

Posted 13 December 2012 - 12:57 PM

Follow Jimbob85's Advice that he has posted.

#6 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:04:42 PM

Posted 13 December 2012 - 01:47 PM

Thats ok. Thanks for the note.

Edited by Jimbob85, 13 December 2012 - 01:48 PM.


#7 analog_al

analog_al
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 14 December 2012 - 01:29 AM

Appreciate the suggestions, friends. The problem persists, however. I can download Emsisoft's emergency repair zip file in Linux, but then I get an error when I try to extract it. I'll play with that a bit more. Regardless, I then shut down my internet router and rebooted my PC to safe mode. I got to my login screen as usual, then got the Windows warning message that I was in Safe Mode - this seemed to stay up a bit longer this time - not sure if this was due to the network shutdown - but the FBI splash screen returned. Ordinarily, the screen includes my IP address, but obviously with the network down, this field just had a null value.

Like I said, I'll keep playing as time allows. The two avenues I'm pursuing is finding a better Linux Zip extractor, or accessing the Windows start up files. I'll let you know how I make out, and will happily try out any further suggestions. Thanks!

#8 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:04:42 PM

Posted 14 December 2012 - 09:05 AM

Since you seem to know how to operate a computer better than most. :thumbsup: Try Kaspersky Rescue Disk.

When the scan is about done you will see things start to pop up in a box in the bottom right of your screen for you to choose how to "fix". Pick the default, if there is nothing marked as a suggestion please pick ignore. When the scan is done click report and within that window there is a place to save the report to a txt file. Please post the results in your next post. If you have any questions please ask. This should get you on the road to getting rid of this fun stuff.

#9 analog_al

analog_al
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 15 December 2012 - 03:25 AM

Thanks for the kind words, Jimbo. I have another USB somewhere and will load Kapersky on it (CDr's are so 20th century..). Will update tomorrow!

#10 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:42 PM

Posted 17 December 2012 - 10:59 AM

Jimbob seems to know more about this problem than me. therefore I will leave it to him to solve.

Edited by robocop321, 17 December 2012 - 12:20 PM.


#11 analog_al

analog_al
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 19 December 2012 - 01:18 AM

Nothing new to report yet, friends. The day job and holiday crunch have taken up a lot of my discretionary time the past few days. Didn't want you to think I flaked. watch this space...

#12 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:04:42 PM

Posted 19 December 2012 - 08:54 AM

Thanks for letting me know! I will keep watch on this thread. Take your time, I totally understand, family is definitely more important. I will wait to hear from you.

#13 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:04:42 PM

Posted 31 December 2012 - 09:58 PM

Just checking to see how you are getting along.

#14 analog_al

analog_al
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 02 January 2013 - 12:19 AM

Happy 2013, Jimbo!

Well, I broke down and got a pack of CDRs for Kapersky. Meanwhile I'm starting to get interested in Linux, so I'm now downloading Gnome from Open SUSE to see if that gives me a something more robust than Puppy to fall back on. Once I get Gnome running, I'll install Kapersky and see if that recovers XP. An old friend is part of a Linux users group out here, so it might be time to give him an opportunity to say, "told ya so"...

Thanks for checking in!

- Al

#15 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:04:42 PM

Posted 02 January 2013 - 08:57 AM

I just want to make sure that you do understand that the Kaspersky link I gave was to a standalone ISO file that builds it's own standalone disk. It is a bootable disk on it's own when the image is written to a disk.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users