Solved

FBI Virus Hijack

Posted on 2013-06-15
4
596 Views
Last Modified: 2013-11-22
HP Desktop running Vista has the FBI Startup page, the MoneyPak one with the USA pictured with the Flag.
I have tried the  standard fixes with no luck.
PC will not boot to CMD prompt or Safe Mode.
The Drive is in the machine right now but can be slaved to this PC. I  can mount the drive either in this PC or the affected one.
I've posted here before with the same basic problem but this time nothing works.

Starting from scratch OK with me.

Pete
0
Comment
Question by:cfourkays
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 24

Expert Comment

by:aadih
ID: 39250296
Start from scratch (reinstall) will work.

You may like, however, to use a rescue disk (e.g., avira) to boot and scan the PC and see if that clears up the virus.
0
 
LVL 7

Assisted Solution

by:dec0mpile
dec0mpile earned 250 total points
ID: 39250312
If you do not want to format your system you can use the following steps to remove the virus:

Use windows installation disk to go into recovery console:

Click "Repair Your Computer" to open the Recovery Console. The Recovery Console window opens. Click "Command Prompt" to open the Windows command line utility.

Type "bootrec.exe /fixmbr" and press "Enter." The "/fixmbr" switch indicates that you want to fix the MBR.

Remove the DVD from the drive and reboot your computer.

Then load windows and execute:
Roguekiller http://tigzy.geekstogo.com/roguekiller.php

After Roguekiller runs delete and fix all files that it detects (including MBR if this is affected).

Immediately after Roguekiller run ComboFix
http://www.bleepingcomputer.com/download/combofix/

You can read about the virus here:
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

NOTE: You may need to rename the files and/or use right click "Run As" command and run them form different account to get them to start.
0
 
LVL 4

Accepted Solution

by:
kdubendorf earned 250 total points
ID: 39250454
I've also used HimManPro on this package with some success.   If Safemood doesn't work use HitManPro.kickstart.   You can put it on a USB and boot from the USB.   It will clean the MoneyPack Virus.

After you get it clear with HitManPro run Malwarebytes and then try Combofix.  

That should do it for you.
0
 
LVL 2

Author Closing Comment

by:cfourkays
ID: 39252026
This one was an SOB.
Final cleaner was Hitmanpro from boot.
Thanks, all.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra) Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”. It’s kind of a no-brainer. “The following procedure works for me, so here is …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question