Solved

FBI Moneypak CAME BACK!

Posted on 2013-06-02
4
652 Views
Last Modified: 2013-06-06
I've removed FBI MoneyPAK from several different computers. Some have required mounting the drive to another computer and using RogueKiller, MWB, ESET Online scanner, then all was okay.

Others had an existing extra user name and I used the same steps without the drive removal.

Today's is different: I thought I had fixed this, tested it, let it run for a bit as well. Returned it to the customer on Friday. Today he called and reports we're back to the warning screen. Interesting note: after I explained how it worked, the customer had taped over the webcam. Now, in place of the camshot that appeared before, there is an American flag.

Anyway, is this thing a latent infection that hides for a while? Where do I look?

I did have the thought that perhaps they went right back to the site where they had picked it up. However, the guy is a minister, and both he and his wife use it. I suspect there's no porn surfing going on. Also, the computer is protected with an updated ESET NOD32...it's the first time I've found this infection on a computer protected by ESET.
0
Comment
Question by:Bruce Corson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 20

Accepted Solution

by:
n2fc earned 400 total points
ID: 39214843
Sounds like you now have the one described in this article (with removal instructions)...
http://www.bleepingcomputer.com/virus-removal/remove-urausy-fbi-ransomware


Perhaps a different variant from another source?
0
 
LVL 24

Expert Comment

by:aadih
ID: 39214851
A quick system restore to a point few days ago; followed by MBAM, etc is a good course of action.
0
 
LVL 23

Assisted Solution

by:tailoreddigital
tailoreddigital earned 100 total points
ID: 39214913
I just cleaned this virus out using,
http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/

The removal info is lower on the page, good luck
0
 
LVL 1

Author Closing Comment

by:Bruce Corson
ID: 39215249
Thank you to all. I tried n2fc's directions first, and I think I am in the clear. Thanks very much.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question