Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Ransomware Virus - Out of Options


  • Please log in to reply
8 replies to this topic

#1 Goomba

Goomba

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 30 May 2013 - 10:31 PM

So I got the FBI Ransomware Moneypak virus, and have literally been in Safe Mode for the past 2 weeks. I've tried all the suggestions I've read online, and used both Malwarebytes and Norton Power Eraser, to no avail. Is there a more surefire way to get rid of this?

Thanks.



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:30 AM

Posted 30 May 2013 - 11:19 PM

I'll report this topic to appropriate helpers.

Hold on there....


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:30 AM

Posted 31 May 2013 - 12:25 AM

:welcome:

Try the AVG rescue CD:

"AVG rescue CD is basically a portable version of AVG anti-virus, which runs on linux distribution as bootable CD or bootable USB flash drive. This Rescue CD is equipped with AVG Antivirus , AVG Anti Spyware and some administrator recovery tool.


You can scan and remove computer virus without booting operating system first. It is suitable for recovering MS Windows and Linux operating systems (FAT32 and NTFS file systems) from virus and spyware attack. Meanwhile, Administrator toolset on AVG rescue disk are Windows Registry editor, a TestDisk utility for data recovering and lost partitions, a file browser for navigating folders, and a Ping tool for basic network diagnostics."

Please Note: Windows does not have to load for this scanner to work.

AVG Rescue CD Guide-check here

You can download AVG rescue CD HERE.
It's also located on ThisPage, make sure you download the .iso file.

Here's how it goes:

Download and install Active@ ISO Burner
Click HERE for ISOBurner Instructions.
Install the program, and follow the next set of steps.

After you install Active@ ISO Burner, put a blank cd-r in your burner and double click on the AVG Rescue CD.iso you downloaded and Active@ ISO Burner should automatically open up.....now click BURN.

The program is very easy to use, you'll just be pressing Enter most of the time but here's how it goes:

1. After the rescue cd is made, boot-up the sick computer, put the rescue cd in and then restart it.
Note: In order to do so, the computer must be set to boot from the CD first. For information on how to do that....click HERE.
2. At the Boot Menu: Choose AVG Rescue CD (1) and press Enter

3. Let it load, at the "Disclaimer Screen"... just choose I agree or not and press Enter

4. At the "Update Screen", choose Yes and press Enter

Next screen, Choose Update from Internet and press Enter

5. At the "Update Priority Configuration" window, choose Priority 2 Virus Database Update and press Enter

6. Let it update and when finished, Press any key to continue

7. You end up back at the "Update Screen", choose Return and press Enter

8. Your at the "Main Menu" screen, choose Scan, press Enter

9. "Scan Type Menu", choose "Volumes Scan - Selected Volumes" and press Enter

10. "Scan Volumes", choose "OK" and press Enter

11. "Scan Options", choose "OK" and press Enter

12. "Run Scan", choose "Yes" and press Enter

13. When scan is complete, Press any key to continue

14. "Info screen", choose "OK" and press Enter

15. To see the scan report, select "Report File" and press Enter
Please look over the list as some files can be crucial for the Windows system and deleting them can make it inoperative, if in your not sure please Google the file or files.

16. "Scan Results Menu", use the up and down keys and choose "Select - Handle single or groups of infected files", press Enter
Go through the files and choose to Rename the infected file, don't choose Delete!
This is important....Rename<---

17. Read the "Warning Screen", "Yes" and Enter

18. Back to "Scan Results Menu", choose "Back or Return" to get to the "Main Menu" and then choose ---->Reboot System
Don't forget to take out the rescue cd.

19. All the malware files will be renamed to "_INFECTED.arl", to find all of these files....
Go to Start > Search > All Files and Folders > type "_INFECTED.arl" and click search.
Example: malware.exe would be renamed to malware.exe_infected.arl

20. Note: If you find the cd doesn't load, it's most likely do to a bad download or bad burn, download the file again and burn it at a slower speed.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 Goomba

Goomba
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 01 June 2013 - 03:18 PM

Sorry to sound arrogant, but this is a legitimate question: Do I really need a "rescue CD" when I can safely access Safe Mode and everything works perfectly?



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:30 AM

Posted 01 June 2013 - 04:42 PM

If you are able to boot in Safe Mode, try this. It is only a scanner but it will let me see areas that may be infected.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 Goomba

Goomba
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 01 June 2013 - 09:39 PM

Alright.

 

Attached Files



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:30 AM

Posted 01 June 2013 - 11:08 PM

Download the enclosed file.

Save it next to FRST.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log net to FRST (Fixlog.txt) please post it to your reply.

If successful, attempt to start in Normal Mode and let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 Goomba

Goomba
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 02 June 2013 - 02:39 PM

Thanks a bunch! Computer works fine now.

 

Attached Files



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:30 AM

Posted 02 June 2013 - 03:58 PM

Lets scan:

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

bf_new.gif Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users