Solved

FBI Moneypak CAME BACK!

Posted on 2013-06-02
4
603 Views
Last Modified: 2013-06-06
I've removed FBI MoneyPAK from several different computers. Some have required mounting the drive to another computer and using RogueKiller, MWB, ESET Online scanner, then all was okay.

Others had an existing extra user name and I used the same steps without the drive removal.

Today's is different: I thought I had fixed this, tested it, let it run for a bit as well. Returned it to the customer on Friday. Today he called and reports we're back to the warning screen. Interesting note: after I explained how it worked, the customer had taped over the webcam. Now, in place of the camshot that appeared before, there is an American flag.

Anyway, is this thing a latent infection that hides for a while? Where do I look?

I did have the thought that perhaps they went right back to the site where they had picked it up. However, the guy is a minister, and both he and his wife use it. I suspect there's no porn surfing going on. Also, the computer is protected with an updated ESET NOD32...it's the first time I've found this infection on a computer protected by ESET.
0
Comment
Question by:Bruce Corson
4 Comments
 
LVL 19

Accepted Solution

by:
n2fc earned 400 total points
ID: 39214843
Sounds like you now have the one described in this article (with removal instructions)...
http://www.bleepingcomputer.com/virus-removal/remove-urausy-fbi-ransomware


Perhaps a different variant from another source?
0
 
LVL 24

Expert Comment

by:aadih
ID: 39214851
A quick system restore to a point few days ago; followed by MBAM, etc is a good course of action.
0
 
LVL 23

Assisted Solution

by:tailoreddigital
tailoreddigital earned 100 total points
ID: 39214913
I just cleaned this virus out using,
http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/

The removal info is lower on the page, good luck
0
 
LVL 1

Author Closing Comment

by:Bruce Corson
ID: 39215249
Thank you to all. I tried n2fc's directions first, and I think I am in the clear. Thanks very much.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
remove chinese softwares 22 96
Different types of mobile security tests 3 91
vMware vShield Endpoint 6.0 4 34
Virus .zepto files 10 44
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now