Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Moneypak (No Safe Mode, No Normal)


  • This topic is locked This topic is locked
6 replies to this topic

#1 colbyc

colbyc

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 09 April 2013 - 03:02 AM

I apologize for posting in the wrong section; however, I am new to the forums and did not see an option to start new thread. I am sure this will be moved to the appropriate location. I have a desktop computer that uses Windows XP. I also have a laptop and a 256 MB flash-drive that I am using to repair the infected computer. The desktop became infected with the FBI Moneypak virus. At first, I could log on and open task manager or whatever I desired, but it was very slow and I was unable to delete things or end tasks. Soon after Windows started, it would bring up the FBI scam page. It brought up a black background page with a webcam box and an audio prompt saying the computer is locked and that I need to pay $300. I kept restarting and tried to find something that would fix it before Windows started. I went to BIOS and Boot Menu and Recovery. I do not have a recovery disc, so the recovery option would not work. I tried employing Fail-safe defaults under BIOS. I also tried enabling "Reset Configuration Data -> Extended System Configuration Data." The computer would not allow me to start in Safe Mode, Safe Mode with Command Prompt, Safe Mode with Networking, Restore to Last Working Configuration, or even Start Windows Normally. I found a suggestion on these forums saying to install HitmanPro (64 bit). I followed the video's instructions to convert my Flash-drive into a HitmanPro flash-drive. I inserted it into the infected computer. The light on the flash-drive flickered green, at first, then turned off. Finally, I got the light to remain green. This should indicate that the computer recognizes the device. I changed the priority boot to external (flash-drive) and tried to boot using the flash-drive (external). The device was not listed, but when the computer starts up it runs something and I see the name of the USB Storage Device: Scandisk... It is too fast for me to read the whole thing. Anyway, it is not giving me the option to boot with this or run the program to scan it (HitmanPro), yet it recognizes the device because it says the name of it. It keeps attempting to boot normally (or safe mode, I'm not sure). It then returns to the boot menu (actually, I think it is not called the boot menu but it is a menu that gives me the options to boot using safe mode, safe mode with networkingm safe mode with command prompt, last known good config., & normal). What do I do now?



BC AdBot (Login to Remove)

 


#2 colbyc

colbyc
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 09 April 2013 - 08:08 AM

Also, the computer has been manually unplugged from the internet (ethernet cable).



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:27 AM

Posted 09 April 2013 - 10:59 PM

I have asked another to look here that specializes on this situation.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:27 AM

Posted 10 April 2013 - 01:05 PM

Lets try the AVG Rescue CD:


"AVG rescue CD is basically a portable version of AVG anti-virus, which runs on linux distribution as bootable CD or bootable USB flash drive. This Rescue CD is equipped with AVG Antivirus , AVG Anti Spyware and some administrator recovery tool.


You can scan and remove computer virus without booting operating system first. It is suitable for recovering MS Windows and Linux operating systems (FAT32 and NTFS file systems) from virus and spyware attack. Meanwhile, Administrator toolset on AVG rescue disk are Windows Registry editor, a TestDisk utility for data recovering and lost partitions, a file browser for navigating folders, and a Ping tool for basic network diagnostics."

Please Note: Windows does not have to load for this scanner to work.

AVG Rescue CD Guide-check here

You can download  AVG rescue CD HERE.
It's also located on ThisPage, make sure you download the .iso file.

Here's how it goes:

Download and install Active@ ISO Burner
Click HERE  for ISOBurner Instructions.
Install the program, and follow the next set of steps.

After you install Active@ ISO Burner, put a blank cd-r in your burner and double click on the AVG Rescue CD.iso you downloaded and Active@ ISO Burner should automatically open up.....now click BURN.

The program is very easy to use, you'll just be pressing Enter most of the time but here's how it goes:

1. After the rescue cd is made, boot-up the sick computer, put the rescue cd in and then restart it.
Note: In order to do so, the computer must be set to boot from the CD first. For information on how to do that....click HERE.
2. At the Boot Menu: Choose AVG Rescue CD (1) and press Enter

3. Let it load, at the "Disclaimer Screen"... just choose I agree or not and press Enter

4. At the "Update Screen", choose Yes and press Enter

Next screen, Choose Update from Internet and press Enter

5. At the "Update Priority Configuration" window, choose Priority 2 Virus Database Update and press Enter

6. Let it update and when finished, Press any key to continue

7. You end up back at the "Update Screen", choose Return and press Enter

8. Your at the "Main Menu" screen, choose Scan, press Enter

9. "Scan Type Menu", choose "Volumes Scan - Selected Volumes" and press Enter

10. "Scan Volumes", choose "OK" and press Enter

11. "Scan Options", choose "OK" and press Enter

12. "Run Scan", choose "Yes" and press Enter

13. When scan is complete, Press any key to continue

14. "Info screen", choose "OK" and press Enter

15. To see the scan report, select "Report File" and press Enter
Please look over the list as some files can be crucial for the Windows system and deleting them can make it inoperative, if  in your not sure please Google the file or files.

16. "Scan Results Menu", use the up and down keys and choose "Select - Handle single or groups of infected files", press Enter
Go through the files and choose to Rename the infected file, don't choose Delete!
This is important....Rename<---

17. Read the "Warning Screen", "Yes" and Enter

18. Back to "Scan Results Menu", choose "Back or Return" to get to the "Main Menu" and then choose ---->Reboot System
Don't forget to take out the rescue cd.

19. All the malware files will be renamed to "_INFECTED.arl", to find all of these files....
Go to Start > Search > All Files and Folders > type "_INFECTED.arl" and click search.
  Example: malware.exe would be renamed to malware.exe_infected.arl

20. Note: If you find the cd doesn't load, it's most likely do to a bad download or bad burn, download the file again and burn it at a slower speed.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:27 AM

Posted 10 April 2013 - 02:23 PM


Hello, Just letting you know I moved this to the  Virus, Trojan, Spyware, and Malware Removal Logs forum,where it will stay.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:27 AM

Posted 14 April 2013 - 03:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/491169 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#7 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:27 AM

Posted 19 April 2013 - 03:10 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users