Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI or Monepak virus removal


  • Please log in to reply
14 replies to this topic

#1 scoutyscout

scoutyscout

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 19 March 2013 - 06:21 PM

Hi,

 

I have been hit by apparently a very nasty version of the FBI/Moneypak virus.  It is preventing me from accessing the internet even in safe mode with networking.  It will also not allow me to upload malware removal tools from a flash drive to the infected computer in safe mode.  Any ideas?

 

Thanks!


Edited by hamluis, 19 March 2013 - 06:24 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:01 AM

Posted 19 March 2013 - 06:30 PM

Can you boot into safemode with command prompt?



#3 scoutyscout

scoutyscout
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 19 March 2013 - 06:42 PM

Yes. But cannot access the internet here.



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:01 AM

Posted 19 March 2013 - 06:45 PM

.


Edited by narenxp, 19 March 2013 - 06:50 PM.


#5 scoutyscout

scoutyscout
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 19 March 2013 - 06:48 PM

Yes. I already tried this as well with a third party tech guy (attempting to remotely access).  Still would not allow internet access even with the TEMP account; so, IT could not dial in.



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:01 AM

Posted 19 March 2013 - 06:52 PM

I dont need a internet access.

 

Can you access your desktop?

 

Did you try a system restore?

 

What security tools do you have on your PC?

 

What happens when you try  to copy via flash drive? Did you try a different one?



#7 scoutyscout

scoutyscout
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 19 March 2013 - 06:57 PM

Yes.  I can access the desktop.  

Have not been able to perform system restore.

Running microsoft essentials, spybot.  And have malwarebytes.  Will not allow me to upload newer version of malwarebytes from flashdrive to desktop (getting error message).  However, was able to upload iexplore (runkill) to desktop, which is currently running.



#8 scoutyscout

scoutyscout
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 19 March 2013 - 06:59 PM

....sorry. "Rkill"



#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:01 AM

Posted 19 March 2013 - 07:02 PM

Just malwarebytes you cant copy from flash drive? Any other tool? Did you try a different flash drive?

 

Did you try different browsers ?



#10 scoutyscout

scoutyscout
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 19 March 2013 - 07:07 PM

Google will also not work.  Have not tried another tool, yet.  Just malwarebytes.  Flash drive is working because did upload Rkill.



#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:01 AM

Posted 19 March 2013 - 07:13 PM

I would like to see the RKILL log.Please do not run any other tools unless instructed

 

Copy this tool from a clean PC to infected one using flash drive.

 

Please download Farbar Service Scanner, save it to your desktop, and run it.
 

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Edited by narenxp, 19 March 2013 - 07:51 PM.


#12 Thomas840

Thomas840

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 23 March 2013 - 04:02 PM

I woke up to the FBI virus first thing this morning and when I try to boot in safe mode and safe mode with networking it will restart to the FBI message. I can only boot in safe mode command prompt. Any suggestions? Any help will be greatly appreciated.



#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:01 AM

Posted 23 March 2013 - 04:20 PM

Thomas840

Create a new topic

 

Thanks



#14 Thomas840

Thomas840

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 23 March 2013 - 04:31 PM

My apologies



#15 live_tech

live_tech

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 09 April 2013 - 12:47 AM

I've had some success with FBI Virus Removal using safe mode with networking has allowed me to access the computer to run Malwarebyes. If you have problems getting into Safe Mode with networking you may have to try Safe Mode with command prompt. For Windows XP type C:\windows\system32\restore\rstrui.exe and for Windows Vist, & and 8 type rstrui.exe to start windows System Restore. I've had that fail as well... If all else fails you will need to have access to another computer to download Hitman Pro and create a bootable flash drive to scan the affected compputer.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users