Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PCEU ransomware - should I be worried?


  • Please log in to reply
9 replies to this topic

#1 sav_uk

sav_uk

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 09 January 2013 - 03:14 PM

Okay, so I was on a well-known streaming site yesterday trying to catch up with various tv shows, and I ended up getting infected with the PCEU ransomware virus which completely locked my computer with a screen demanding 100.

I rebooted my computer into safe mode with networking and downloaded malwarebytes, and performed a quick scan which picked up some infected files and removed them. I then rebooted into normal mode and was able to use my PC again; it seemed that the pceu ransomware had gone. However, I performed a full scan with mbam which picked up the Trojan.FakeMS which it removed. Upon rebooting again, I ran another mbam full scan just to be safe, and it picked up the fakems trojan once again, which I thought it had just removed. I then decided to restore my laptop to factory settings (complete wipe of the C: drive) as I don't have many valuable files on here. If it's of any use, I use a Samsung laptop and used Samsung Recovery to restore my laptop to factory settings.

My issue is this - my laptop seems to be working fine now, and is configured the same as when I first started using it. I have reinstalled my antivirus (Avast) and run subsequent mbam full scans, all of which haven't been able to detect any malware. However, I know that some malware is pretty clever, and can modify itself to disappear once it knows it is being searched for. I just want to be on the complete safe side, as I use my laptop for purchases with my card etc, so I want to make sure I am completely rid of any malware that may still be lurking in the system somewhere.

Is there any way to make sure that I have indeed removed all malware - any methods to check to be certain my system is clean?

Many thanks :-).

BC AdBot (Login to Remove)

 


#2 sav_uk

sav_uk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 09 January 2013 - 08:02 PM

Also, if its of any use, the fakems Trojan seemed to be in a java-related file

#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:35 PM

Posted 10 January 2013 - 04:33 PM

Hello sav_uk

Please read the link provided below from BleepingComputer to make sure that the infection has been removed -
Remove the FBI MoneyPak Ransomware or the Reveton Trojan > Click the link below >
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware


Once infected with this Malware, it is always a good idea to change all passwords and do not use the computer for banking etc.
Clear all System Restore Points so that you can start fresh, as you may reinfect if you restore back too far.

If you have cleaned the infection and changed passwords, etc, you are usually safe to resume normal use of the computer in all online activities.

I hope this helps you -
If not, please post back with any other concerns that you may have -

Regards -

#4 sav_uk

sav_uk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 10 January 2013 - 09:20 PM

Many thanks for your reply :-)

Is there any possibility that any remnants of the reveton Trojan could remain even after a pc is restored to factory settings and had all data erased? Subsequent mbam and avast scans do not detect any suspicious objects, since I wiped my c drive and restored pc to factory default. My pc seems to be working normally so would it be safe to resume normal usage? I just want to know if there's any thing I could do to check that all traces of the pceu ransomware were removed.

Thanks again

Edited by sav_uk, 10 January 2013 - 09:30 PM.


#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:35 PM

Posted 10 January 2013 - 09:43 PM

Hi again -
The post I linked you to shows the best tested cleaning methods (if you do not wish to reinstall).
This is the first link we use for this infection, and 99% of the time it will fully clean it out.

If you reinstalled or wish to reinstall, still use the same methods then a full scan with Malwarebytes Anti-Malware Free.

I hope this calms your worries -

Regards -
EDIT -
Still change passwords -

Edited by noknojon, 10 January 2013 - 09:44 PM.


#6 sav_uk

sav_uk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 11 January 2013 - 11:05 AM

I followed the steps in the link you provided and ran the emsisoft emergency kit deep scan in safe mode with networking and it found no malicious files, so I'm pretty confident that my pc is fully clean now. Many thanks for your help - I feel much more relieved now!

#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:35 PM

Posted 11 January 2013 - 04:17 PM

No worries -
If you followed those steps and you Update and scan with MBAM, you seem OK now - :thumbup2:

Glad we helped -

#8 quaytec

quaytec

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 26 January 2013 - 08:30 PM

Got this same virus but can't get on even in safe mode the page comes up and prevents me from running any cleaner system resore won't work either.

#9 quaytec

quaytec

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 26 January 2013 - 08:31 PM

Got this same trojan but can't get on even in safe mode the page comes up and prevents me from running any cleaner system resore won't work either.

#10 penyghent

penyghent

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 28 January 2013 - 04:50 AM

Same problem - i am waiting on some help but am thinking factory reset




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users