I've removed FBI MoneyPAK from several different computers. Some have required mounting the drive to another computer and using RogueKiller, MWB, ESET Online scanner, then all was okay.
Others had an existing extra user name and I used the same steps without the drive removal.
Today's is different: I thought I had fixed this, tested it, let it run for a bit as well. Returned it to the customer on Friday. Today he called and reports we're back to the warning screen. Interesting note: after I explained how it worked, the customer had taped over the webcam. Now, in place of the camshot that appeared before, there is an American flag.
Anyway, is this thing a latent infection that hides for a while? Where do I look?
I did have the thought that perhaps they went right back to the site where they had picked it up. However, the guy is a minister, and both he and his wife use it. I suspect there's no porn surfing going on. Also, the computer is protected with an updated ESET NOD32...it's the first time I've found this infection on a computer protected by ESET.