Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI moneypak malware


  • Please log in to reply
4 replies to this topic

#1 mlambert603

mlambert603

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 18 December 2012 - 02:36 PM

I have been scouring the internet for hours. I am having the same exact problem... I cannot start in safe mode with networking or safe mode. when I hit Control Alt Delete I get to Task Manager with the option to log off lock the computer or change my password. I removed this virus before but I was always able to get into safe mode...

BC AdBot (Login to Remove)

 


#2 mlambert603

mlambert603
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 18 December 2012 - 02:38 PM

1 major detail that I forgot to add, I am on a netbook and do not have a CD ROM

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:29 PM

Posted 18 December 2012 - 03:02 PM

Hi mlambert603,

Can you tell me what you see when in safe mode; is it the ransom screen and the possibility to select taskmanager when you press alt-ctrl-del?

Also, what windows version is this?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 mn21111

mn21111

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 19 December 2012 - 05:25 PM

This happened to me, I ended up accessing the hard drive data through Mini XP (can be found on Hiren's Boot CD, you could also do a live boot of a Linux distro like PuppyLinux. Once logged in, look in your users' \AppData\Roaming folders for .exe files with random character names and remove them. Back up important data first before attempting to remove any files.

Edited by Elise, 20 December 2012 - 02:21 AM.
link removed


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:29 PM

Posted 20 December 2012 - 02:23 AM

Thank you for sharing your solution. However, as explained here we do not allow the usage of Hiren's boot CD, for which reason I removed the link in your post.

Linux can be used, but to make the removal process a bit easier we usually prefer to find out what we're dealing with before attempting the clean up. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users