Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected with FBI Moneypak, now won't boot into normal mode


  • Please log in to reply
2 replies to this topic

#1 funko-branco

funko-branco

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 08 April 2013 - 01:00 PM

Hi! I started troubleshooting this issue back in like September of last year, and stopped in October and forgot to follow up until now. Time to stop putting this off and forgetting about it and try to get this computer up and running again.

 

So, back in September of last year, the 19th, I think, my computer got taken over by the FBI Moneypak ransomware. My webcam flashed, screen went white, and the pay screen went up and wouldn't leave. I went to work asap when I got it to see if scanning it, deleting susipicious files, trying MalwareBytes and HitmanPro, which both got rid of things in a folder named "hellomoto". After trying everything, the computer would boot into normal mode, let me login, I could see my desktop but then got immediately locked out by the payscreen, followed by a bluescreen saying REGISTRY_ERROR. I no longer have any restore points, because I guess the virus deleted what I had. I know I had some prior to the attack, I had restored once before.

 

I got a lot of help in the first thread I made about this, in the Security "Am I Infected?" part of these boards (link: http://www.bleepingcomputer.com/forums/t/469156/i-have-the-fbi-moneypak-ransomware/). In there, we scanned with ESET online scanner, TSSkiller, Autoruns, aswMBR, and they found and removed things. Now, it doesn't show me the pay screen, but upon booting into normal mode, I'm greeted with a REGISTRY_ERROR bluescreen. I can boot into Safe Mode, Safe Mode with networking just fine, and do things, run tests, scan in there. Normal mode doesn't work and bluescreens quick.

 

I was then sent to post in the Virus, Trojan, Spyware, and Malware Removal Logs subforum, and we used a bunch of things to scan (everything I did with every single log I included is available in the thread: http://www.bleepingcomputer.com/forums/t/469373/infected-with-fbi-moneypak-virus/). A Microsoft Hotfix didn't work, nor did the Memory Diagnostics Tool, and finally, we tried the MemTest, which I burned to a disc as asked to test the RAM on the computer, and it wouldn't boot from the disc, either when I did it manually or when I configured it to boot directly from the CD/DVD Drive before anything else. The user helping me, TheShooter93, concluded it may be a hardware issue that needs troubleshooting, so he linked me here and told me to make a thread in this subforum to see if it can help at all. So here I am.

 

The computer that got hit and that is having issues is my laptop, a Dell Inspiron N5110, running Windows 7 Home Premium 64bit. I'm on a desktop typing everything, I'm doing any tests in safe mode on the laptop.

 

Hopefully this can all be solved and I can start using the ol' laptop again! I got it for Christmas 2011, it was a nice computer until this happened. Thanks in advance for any help.



BC AdBot (Login to Remove)

 


#2 the_patriot11

the_patriot11

    High Tech Redneck


  • BC Advisor
  • 6,755 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wyoming USA
  • Local time:12:18 AM

Posted 10 April 2013 - 07:30 PM

Do you think that this computer is still infected, or clean but with some sort of registry/hardware problem?


picard5.jpg

 

Primary system: Motherboard: ASUS M4A89GTD PRO/USB3, Processor: AMD Phenom II x4 945, Memory: 16 gigs of Patriot G2 DDR3 1600, Video: AMD Sapphire Nitro R9 380, Storage: 1 WD 500 gig HD, 1 Hitachi 500 gig HD, and Power supply: Coolermaster 750 watt, OS: Windows 10 64 bit. 

Media Center: Motherboard: Gigabyte mp61p-S3, Processor: AMD Athlon 64 x2 6000+, Memory: 6 gigs Patriot DDR2 800, Video: Gigabyte GeForce GT730, Storage: 500 gig Hitachi, PSU: Seasonic M1211 620W full modular, OS: Windows 10.

If I don't reply within 24 hours of your reply, feel free to send me a pm.


#3 funko-branco

funko-branco
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 11 April 2013 - 10:02 AM

I'm thinking it's probably clean, but with a registry/hardware problem. It no longer shows me the Moneypak pay screen when it actually does get itself onto my desktop in normal mode, it just loads normally for a minute or two before just going bluescreen with a REGISTRY_ERROR message on it. Also, it had issues booting from the disc I was going to use to run a test that I was asked to run in the last thread and it wouldn't, which made the person helping conclude there was likely a hardware issue.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users