Solved

FBI Moneypak CAME BACK!

Posted on 2013-06-02
4
618 Views
Last Modified: 2013-06-06
I've removed FBI MoneyPAK from several different computers. Some have required mounting the drive to another computer and using RogueKiller, MWB, ESET Online scanner, then all was okay.

Others had an existing extra user name and I used the same steps without the drive removal.

Today's is different: I thought I had fixed this, tested it, let it run for a bit as well. Returned it to the customer on Friday. Today he called and reports we're back to the warning screen. Interesting note: after I explained how it worked, the customer had taped over the webcam. Now, in place of the camshot that appeared before, there is an American flag.

Anyway, is this thing a latent infection that hides for a while? Where do I look?

I did have the thought that perhaps they went right back to the site where they had picked it up. However, the guy is a minister, and both he and his wife use it. I suspect there's no porn surfing going on. Also, the computer is protected with an updated ESET NOD32...it's the first time I've found this infection on a computer protected by ESET.
0
Comment
Question by:Bruce Corson
4 Comments
 
LVL 20

Accepted Solution

by:
n2fc earned 400 total points
ID: 39214843
Sounds like you now have the one described in this article (with removal instructions)...
http://www.bleepingcomputer.com/virus-removal/remove-urausy-fbi-ransomware


Perhaps a different variant from another source?
0
 
LVL 24

Expert Comment

by:aadih
ID: 39214851
A quick system restore to a point few days ago; followed by MBAM, etc is a good course of action.
0
 
LVL 23

Assisted Solution

by:tailoreddigital
tailoreddigital earned 100 total points
ID: 39214913
I just cleaned this virus out using,
http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/

The removal info is lower on the page, good luck
0
 
LVL 1

Author Closing Comment

by:Bruce Corson
ID: 39215249
Thank you to all. I tried n2fc's directions first, and I think I am in the clear. Thanks very much.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title. Examples: XP Antispyware 2012 XP Antivirus 2012 XP Security 2012   XP Home Sec…
It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now