Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Moneypack - Even in Safe Mode


  • Please log in to reply
5 replies to this topic

#1 pwrmac7100

pwrmac7100

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 19 December 2012 - 01:41 PM

My friend's computer is infected with the FBI Moneypack...I believe IC3 version from what I've found. This stupid virus launches no matter if I start in Safe Mode, SM w/networking, SM w/command prompt, or normal. Therefore, none of the repair guidelines will work for me. I've tried with and without the network cable plugged in...no help.

I've connected my friend's HDD to my PC and ran a scan with SuperAntiSpyware, Malewarebytes, and AVG. They remove about 5 viruses each time, but nothing that gets rid of the FBI Moneypack. I've booted from Kaspersky Rescue disc and scanned...still didn't fix it.

Other than wiping the drive and starting over, I'm not sure what to do. I appreciate any help on this.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:07 PM

Posted 19 December 2012 - 04:18 PM

Hello..
Try this:

Download: te94decrypt.exe by DrWeb

Place it in the root of your C: drive. So... it should be at C:\te94decrypt.exe

  • Press and hold the Windows key Posted Image and then press the letter R on your keyboard.
  • This opens the Run dialog box.
  • Copy and paste the below text inside the text-field:
    • C:\te94decrypt.exe -k 186
  • Now press ENTER
  • The tool should open and start scanning your system to repair the .POLICE files to their original decrypted state.

Note: Some users report that C:\te94decrypt.exe -k 85 worked for them. So try that one incase the first command was not successful.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mn21111

mn21111

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 19 December 2012 - 05:18 PM

Look in each user \AppData\Roaming folder, the strain I encountered dropped .exe files with random character names in there (it also made booting up impossible without the locked FBI warning screen, even safe mode). Back up important data ASAP, many of these will encrypt your data and make a big mess for you to clean up after dealing with the infection.

Edited by mn21111, 19 December 2012 - 05:18 PM.


#4 pwrmac7100

pwrmac7100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 19 December 2012 - 09:52 PM

Boopme - That executable did not work (I don't think). It's hard for me to say for certain...the FBI splash screen launches immediately and I cannot see anything else. I did follow the instructions, and I think the scan started (only because the HDD started spinning fast). I gave it a few hours, but nothing happened.

#5 pwrmac7100

pwrmac7100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 20 December 2012 - 09:23 AM

We can close this case...I just gave up and formatted the drive. Thanks for your help

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:07 PM

Posted 20 December 2012 - 10:27 AM

OK, thanks, couldn't get back sooner with more steps. A reformat will fix it though..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users