Solved

FBI Moneypak CAME BACK!

Posted on 2013-06-02
4
635 Views
Last Modified: 2013-06-06
I've removed FBI MoneyPAK from several different computers. Some have required mounting the drive to another computer and using RogueKiller, MWB, ESET Online scanner, then all was okay.

Others had an existing extra user name and I used the same steps without the drive removal.

Today's is different: I thought I had fixed this, tested it, let it run for a bit as well. Returned it to the customer on Friday. Today he called and reports we're back to the warning screen. Interesting note: after I explained how it worked, the customer had taped over the webcam. Now, in place of the camshot that appeared before, there is an American flag.

Anyway, is this thing a latent infection that hides for a while? Where do I look?

I did have the thought that perhaps they went right back to the site where they had picked it up. However, the guy is a minister, and both he and his wife use it. I suspect there's no porn surfing going on. Also, the computer is protected with an updated ESET NOD32...it's the first time I've found this infection on a computer protected by ESET.
0
Comment
Question by:Bruce Corson
4 Comments
 
LVL 20

Accepted Solution

by:
n2fc earned 400 total points
ID: 39214843
Sounds like you now have the one described in this article (with removal instructions)...
http://www.bleepingcomputer.com/virus-removal/remove-urausy-fbi-ransomware


Perhaps a different variant from another source?
0
 
LVL 24

Expert Comment

by:aadih
ID: 39214851
A quick system restore to a point few days ago; followed by MBAM, etc is a good course of action.
0
 
LVL 23

Assisted Solution

by:tailoreddigital
tailoreddigital earned 100 total points
ID: 39214913
I just cleaned this virus out using,
http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/

The removal info is lower on the page, good luck
0
 
LVL 1

Author Closing Comment

by:Bruce Corson
ID: 39215249
Thank you to all. I tried n2fc's directions first, and I think I am in the clear. Thanks very much.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Vulnerabilities & precautions when using WorldCard software (Windows Version) 5 117
ransomware and redirected folders 9 100
Ransomware 9 90
anti virus for Blackberry 6 70
Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra) Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”. It’s kind of a no-brainer. “The following procedure works for me, so here is …
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question