FBI Moneypak Ransomware
Laptop with Windows XP has this malware. I tried rebooting in safe mode, going to safe mode with command prompt, etc. I wasn't fast enough in typing "explorer" at the prompt and now can longer access the prompt. What can be done from this point? Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks TD! (That was my answer on that one, also!)
I wish I knew how people get this infection, though! I have had several PC's brought in to me over the past week with this, and I get the typical response when I ask what they were doing when this happened... "I dunno!"
Removal is simple enough, though!
I wish I knew how people get this infection, though! I have had several PC's brought in to me over the past week with this, and I get the typical response when I ask what they were doing when this happened... "I dunno!"
Removal is simple enough, though!
Do a system restore to an earlier point (if you have a restore point) is the easiest way.
ASKER
Thanks to you all. I've got to spend the next 24 hrs using these suggestions and see what will work, so it may be a bit before I'm able to get back to you with results. Have never slaved another computer, so will have to research that.
aadih--I'd try a system restore, but because I missed the opportunity to type in "explorer" at the command prompt, am no longer able to access any commands other system recovery.
The laptop had Avast and MalwareBytes already installed.
Thanks again...more later!
aadih--I'd try a system restore, but because I missed the opportunity to type in "explorer" at the command prompt, am no longer able to access any commands other system recovery.
The laptop had Avast and MalwareBytes already installed.
Thanks again...more later!
Even from the safe mode command prompt?
If you can get to it, type rstrui.exe. It will open up the system restore GUI and you can choose a restore point.
If you can get to it, type rstrui.exe. It will open up the system restore GUI and you can choose a restore point.
ASKER
Yes, even from the safe mode command prompt. Apparently I missed my one opportunity the first time I tried this...it just didn't give me enough time (2-3 seconds), and from then on, it was no go.
I've had two computers with this virus this week: one XP and one 7. On the XP machine, I had to login as a different user and then manually pull the ntuser.dat file of the user from one of the RPXXX directories under C:\system volume information into his profile directory and then it was gone.
On the Windows 7 machine: I booted from Windows Defender Offline boot media. It found the virus, removed it and then it would BSOD when I tried to boot Windows, even in safe mode. Somehow the virus also disabled System Restore from WinRE. I ended up backing up the data in WinPE and reloading the OS.
Pretty nasty stuff. This is the first time in a long time I've had to wipe a machine from a malware infection.
If you have access to MS DaRT, you might want to try a system restore using that method. I'm thinking that the virus won't be able to block that attempt.
On the Windows 7 machine: I booted from Windows Defender Offline boot media. It found the virus, removed it and then it would BSOD when I tried to boot Windows, even in safe mode. Somehow the virus also disabled System Restore from WinRE. I ended up backing up the data in WinPE and reloading the OS.
Pretty nasty stuff. This is the first time in a long time I've had to wipe a machine from a malware infection.
If you have access to MS DaRT, you might want to try a system restore using that method. I'm thinking that the virus won't be able to block that attempt.
Sorry. It appears that a reinstall may be the final solution.
ASKER
Tried the HitMan bootable flash drive, but couldn't get it to work. A friend happened to come over who works on computers, and he tried it, too. He finally used ComboFix, and made me another bootable flash drive with that on it. ComboFix seems to have done the trick, but I don't know everything that he did to get there.
Thanks everyone for the suggestions. You all are aces, and it's wonderful to know that you have and are willing to share the knowledge to take care of these computer issues.
Thanks everyone for the suggestions. You all are aces, and it's wonderful to know that you have and are willing to share the knowledge to take care of these computer issues.
https://www.experts-exchange.com/questions/28145442/FBI-Moneypak-CAME-BACK.html