• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1328
  • Last Modified:

Moneypak Removal

Dell laptop B130 with W-7 installed.
Get FBI warning on boot.
I've removed a number of them but this on is different, for me.
I can't get to Safe Mode. From the F8 display, each selection, Safe Mode, with Networking,
with Command Prompt gives me a quick peek at the Home page and goes into the warning.
I can access from a CD. UBCD4WIN but there's nothing on there to help.
Tried to Restore from the CD but no restore points.
I don't have the DVD that was used to install W-7 on this original XP but it's a legit install.

Pete
0
cfourkays
Asked:
cfourkays
  • 4
  • 4
  • 2
2 Solutions
 
n2fcCommented:
The following article has removal instructions:
http://deletemalware.blogspot.com/2012/07/remove-fbi-moneypak-ransomware.html

If you can't get to "safe mode" in order to perform these functions on the existing PC, you can always do them offline by pulling the hard drive and performing them under control of another PC if you attach the hard drive as a slave on another working PC!
0
 
n2fcCommented:
Another option:


Restart the PC
 
Press F8 on bootup
 
Select REPAIR YOUR COMPUTER
 
Click on REPAIR
 
On the System Recovery Options menu you will get the following options:
 
Startup Repair
 System Restore
 Windows Complete PC Restore
 Windows Memory Diagnostic Tool
 Command Prompt
 
Can you get to this screen?
 
If yes
 
Select System restore
 
If you have restore point before you were infected, restore it

You should then be able to get to SAFE MODE & do normal AV recovery steps...
0
 
younghvCommented:
@cfourkays,

Based on your past history, I'm sure you've tried all of the steps shown by 'Grinler' - right?
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

I've burned the Emisoft Emergency Kit to both USB and CD and have been carrying it around in my tool kit for a few weeks now.

Try creating a Bootable CD or USB stick and see if that helps you get back to a bootable system:
http://www.emsisoft.com/en/software/eek/
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
cfourkaysAuthor Commented:
Hey there, n2fc. When I click on Repair, starts to  load then stops.
Also tried a System Restore using the Registry Restore Wizard on the UBCD but there's none there.

younghv, one of the problems with getting old is temporary memory loss.
You must be suffering from it since we both worked this type problem before.

http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/Q_27820159.html

This is rather embarrassing.
I'm taking the drive out tomorrow and will post back.
Pete
0
 
younghvCommented:
Hey Pete -
You're right my <Admin Edit> mind isn't the well-oiled machine it once was...or maybe I've over-oiled it through the years (if you know what I mean).

I would sure like to know what variant of this stuff your customers are finding down there, that link I posted from BP has been working up here.

I'll monitor this to see what else you come up with on your slave scan.

Have you tried any of the other Boot CD's (i.e., http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline?SignedIn=1)?

Hang tough,
Vic
0
 
cfourkaysAuthor Commented:
Just got prodded by automod. 3 day warning.
I'm running Malwarebytes full scan on the affected drive, slaved to a wotk PC.
Any other cleaners I can use before I put the drive back in?
0
 
younghvCommented:
I hope that does the trick to getting that drive to boot up back in its original system.

Any kind of boot should let you run all the regular stuff, but I would NOT run anything else until you test the boot first.

You can run TDSSKiller on a slave scan - with all the caveats mentioned here:
http://www.experts-exchange.com/A_6650.html Malware Fighting – Best Practices --but I think you're at the "Kitchen Sink" point here and need to try any damn thing you can think of.
0
 
cfourkaysAuthor Commented:
Whew!
TDSSKiller while slaved took out something I forgot to record but then allowed me to boot.

After booting, Malwarebytes took out:
"Backdoor.IRCBot, Trojan.oAcess"
and a couple more misc.

Thanks n2fc and younghv
0
 
cfourkaysAuthor Commented:
Always get an answer or find a solution since 2003.
0
 
younghvCommented:
Hey Pete -
Thanks for the comments and really glad you worked through this one.
Vic
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now