Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Moneypak FBI virus- completely locked out

  • Please log in to reply
1 reply to this topic

#1 patriots1457


  • Members
  • 9 posts
  • Local time:12:11 AM

Posted 25 May 2013 - 08:12 PM

Hi, I'm completely locked out of my laptop running windows 8. I have checked multiple posts on this forum looking for a solution but nothing seems to work. I cannot run safe mode with networking or command prompt, because the FBI virus image fills my screen and I get an error message telling me to connect to the Internet and come out of safe mode. I am posting from my phone now and I am desperate for some help! Thank you!

BC AdBot (Login to Remove)


#2 Aaflac


    Doin' Dis 'n Dat...

  • Malware Response Team
  • 2,307 posts
  • Gender:Not Telling
  • Location:USA
  • Local time:06:11 PM

Posted 29 May 2013 - 09:45 PM



Let's use HitmanPro.Kickstart to access your computer, scan it for malware, and remove this infection. The program targets this ransomware.


Also, you may want to print these instructions, so they are available to follow.


Now, load a USB flash drive with HitmanPro.Kickstart as follows...

Note: the contents of the USB flash drive are erased during this process!


Use a clean (non-infected) computer, and download:

HitmanPro.Kickstart - Anti ransomware, politievirus, bundestrojaner, Reveton, BKA, GVU - SurfRight


Under Download (on the right) select the program applicable to the system: 64-bit, or 32-bit?


When HitmanPro opens, click the KickStart icon at the bottom of the screen.


>>Plug in the USB flash drive.


When the USB flash drive is detected, a selection screen is presented.

Select the USB flash drive from the choices, and press: Install Kickstart

A warning that all contents of the selected flash drive will erase is presented.

Press: Yes


As the HitmanPro.Kickstart files are loaded, a progress indicator is shown on the screen.

Once the process is completed a screen is presented with the contents of HitmanPro.Kickstart


Remove the USB flash drive from the clean computer and press: Close




Now, with the ransomed computer shut down, plug the USB flash drive into a USB port, and turn on the power.


When the computer starts, press the key that brings up the Boot Menu. (On some machines its F12, F10, or F2)


From there, select to boot from the USB drive. (It may say 'Removable Drive' in the options.)

Info: How to Remove Ransomware - Select Real Security


Once you select the USB flash drive to boot from, press: Enter


A Kickstart prompt with USB boot options appears.

Select: 1 (Bypass the Master Boot Record (Default))


The system continues to boot from the hard drive and starts Windows.


If you get a message stating that Windows failed to start, etc., just select: Start Windows Normally


When Windows boots, you either get a logon screen, or the Desktop is started.

If you see a logon screen with your User name, logon with it.


In the next prompt that appears, to start the program without installing to the local hard disk, select the option to do a: One-time scan to check the computer.


To start scanning for malware press: Next


If malware is detected, the program shows what malware is present on the system using a red framed screen as shown below:


Select Next to quarantine the malware into a secure storage where it can no longer start.



At the next screen, activate the 30-day free license:


After successful activation (30 days), press: Next



A screen indicating that the malware was successfully disabled or removed is presented.

Press: Next


To obtain a report of the scan results, press: Save log

>>Save the Notepad log to the Desktop<<

It has a name such as: HitmanPro_xxxxxxxx_xxxx


Remove the USB drive, and press: Reboot

If no malware is found, press: Close


After HitmanPro.Kickstart is done, you should be back into normal Windows.


Please post the HitmanPro log in your reply. <<Important!




To remove any remnant malicious files of the ransomware...


Download RogueKiller:

Tlcharger RogueKiller (Site Officiel)


When you get to the website, go to where it says:

(Download link) Lien de téléchargement: rendu2.png


Select the version that applies to your system: x64 0r x86 (32-bit)

Click the dark-blue button to download.

Save to the Desktop.


Close all windows and browsers.

Right-click and select: Run as Administrator


At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)


Press: SCAN


When done, a report opens on the Desktop: RKreport.txt


Please provide the RKreport.txt (Mode: Scan) in your reply. <<Important!



A matter of concern is whether there "something else" is in the system, so checking these reports is a wise decision.





Old duck...

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users