Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

FBI Moneypak CAME BACK!

Posted on 2013-06-02
4
Medium Priority
?
697 Views
Last Modified: 2013-06-06
I've removed FBI MoneyPAK from several different computers. Some have required mounting the drive to another computer and using RogueKiller, MWB, ESET Online scanner, then all was okay.

Others had an existing extra user name and I used the same steps without the drive removal.

Today's is different: I thought I had fixed this, tested it, let it run for a bit as well. Returned it to the customer on Friday. Today he called and reports we're back to the warning screen. Interesting note: after I explained how it worked, the customer had taped over the webcam. Now, in place of the camshot that appeared before, there is an American flag.

Anyway, is this thing a latent infection that hides for a while? Where do I look?

I did have the thought that perhaps they went right back to the site where they had picked it up. However, the guy is a minister, and both he and his wife use it. I suspect there's no porn surfing going on. Also, the computer is protected with an updated ESET NOD32...it's the first time I've found this infection on a computer protected by ESET.
0
Comment
Question by:Bruce Corson
4 Comments
 
LVL 20

Accepted Solution

by:
n2fc earned 1600 total points
ID: 39214843
Sounds like you now have the one described in this article (with removal instructions)...
http://www.bleepingcomputer.com/virus-removal/remove-urausy-fbi-ransomware


Perhaps a different variant from another source?
0
 
LVL 24

Expert Comment

by:aadih
ID: 39214851
A quick system restore to a point few days ago; followed by MBAM, etc is a good course of action.
0
 
LVL 23

Assisted Solution

by:tailoreddigital
tailoreddigital earned 400 total points
ID: 39214913
I just cleaned this virus out using,
http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/

The removal info is lower on the page, good luck
0
 
LVL 1

Author Closing Comment

by:Bruce Corson
ID: 39215249
Thank you to all. I tried n2fc's directions first, and I think I am in the clear. Thanks very much.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question