?
Solved

FBI Moneypak Ransomware

Posted on 2013-06-06
12
Medium Priority
?
406 Views
Last Modified: 2013-06-10
Laptop with Windows XP has this malware.  I tried rebooting in safe mode, going to safe mode with command prompt, etc.  I wasn't fast enough in typing "explorer" at the prompt and now can longer access the prompt.  What can be done from this point?  Thanks
0
Comment
Question by:blueminnow
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +3
12 Comments
 
LVL 30

Accepted Solution

by:
Sudeep Sharma earned 400 total points
ID: 39226955
Well then I would suggest you to try cleaning the PC using one of the bootable Anti-Virus disk. Pick the one you can easily download or have personal preference on. I would recommend Kaspersky

Kaspersky Rescue Disk
http://support.kaspersky.com/viruses/rescuedisk

BitDefender Rescue CD
http://download.bitdefender.com/rescue_cd/

Dr.Web CureIt!
http://www.freedrweb.com/cureit/?lng=en

F-Secure Rescue CD
http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/rescue-cd/

Avira AntiVir Rescue System
http://www.avira.com/en/support-download-avira-antivir-rescue-system

AVG Rescue CD
http://www.avg.com/us-en/avg-rescue-cd

Sudeep
0
 
LVL 20

Assisted Solution

by:n2fc
n2fc earned 1600 total points
ID: 39226961
2 ways to remove:
1) Slave drive to another PC and run MalwareBytes AntiMalware and your favorite AV program against it...

2) Download (from a good PC) HitManPro and create a "Kickstart" disk to run on your infected PC...

Both ways work equally well, and I have had success with both!

More info on HitMan Pro here:
http://www.bleepingcomputer.com/virus-removal/remove-fbi-cybercrime-division-ransomware
0
 
LVL 23

Expert Comment

by:tailoreddigital
ID: 39226962
0
WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

 
LVL 20

Expert Comment

by:n2fc
ID: 39226982
Thanks TD!  (That was my answer on that one, also!)

I wish I knew how people get this infection, though!  I have had several PC's brought in to me over the past week with this, and I get the typical response when I ask what they were doing when this happened...   "I dunno!"

Removal is simple enough, though!
0
 
LVL 24

Expert Comment

by:aadih
ID: 39226988
Do a system restore to an earlier point (if you have a restore point) is the easiest way.
0
 

Author Comment

by:blueminnow
ID: 39227074
Thanks to you all.  I've got to spend the next 24 hrs using these suggestions and see what will work, so it may be a bit before I'm able to get back to you with results.  Have never slaved another computer, so will have to research that.

aadih--I'd try a system restore, but because I missed the opportunity to type in "explorer" at the command prompt, am no longer able to access any commands other system recovery.  

The laptop had Avast and MalwareBytes already installed.  

Thanks again...more later!
0
 
LVL 24

Expert Comment

by:aadih
ID: 39227088
Even from the safe mode command prompt?

If you can get to it, type rstrui.exe.  It will open up the system restore GUI and you can choose a restore point.
0
 

Author Comment

by:blueminnow
ID: 39227320
Yes, even from the safe mode command prompt.  Apparently I missed my one opportunity the first time I tried this...it just didn't give me enough time (2-3 seconds), and from then on, it was no go.
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39229830
Did you tried  bootable Anti-Virus disk as suggested above (ID: 39226955)?

Sudeep
0
 
LVL 22

Expert Comment

by:Adam Leinss
ID: 39230393
I've had two computers with this virus this week: one XP and one 7.  On the XP machine, I had to login as a different user and then manually pull the ntuser.dat file of the user from one of the RPXXX directories under C:\system volume information into his profile directory and then it was gone.

On the Windows 7 machine: I booted from Windows Defender Offline boot media.  It found the virus, removed it and then it would BSOD when I tried to boot Windows, even in safe mode.  Somehow the virus also disabled System Restore from WinRE.  I ended up backing up the data in WinPE and reloading the OS.

Pretty nasty stuff.  This is the first time in a long time I've had to wipe a machine from a malware infection.

If you have access to MS DaRT, you might want to try a system restore using that method.  I'm thinking that the virus won't be able to block that attempt.
0
 
LVL 24

Expert Comment

by:aadih
ID: 39230412
Sorry.  It appears that a reinstall may be the final solution.
0
 

Author Comment

by:blueminnow
ID: 39233396
Tried the HitMan bootable flash drive, but couldn't get it to work.  A friend happened to come over who works on computers, and he tried it, too.  He finally used ComboFix, and made me another bootable flash drive with that on it.  ComboFix seems to have done the trick, but I don't know everything that he did to get there.  

Thanks everyone for the suggestions.  You all are aces, and it's wonderful to know that you have and are willing to share the knowledge to take care of these computer issues.
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question