Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

FBI Virus Hijack

Posted on 2013-06-15
4
Medium Priority
?
601 Views
Last Modified: 2013-11-22
HP Desktop running Vista has the FBI Startup page, the MoneyPak one with the USA pictured with the Flag.
I have tried the  standard fixes with no luck.
PC will not boot to CMD prompt or Safe Mode.
The Drive is in the machine right now but can be slaved to this PC. I  can mount the drive either in this PC or the affected one.
I've posted here before with the same basic problem but this time nothing works.

Starting from scratch OK with me.

Pete
0
Comment
Question by:cfourkays
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 24

Expert Comment

by:aadih
ID: 39250296
Start from scratch (reinstall) will work.

You may like, however, to use a rescue disk (e.g., avira) to boot and scan the PC and see if that clears up the virus.
0
 
LVL 7

Assisted Solution

by:dec0mpile
dec0mpile earned 1000 total points
ID: 39250312
If you do not want to format your system you can use the following steps to remove the virus:

Use windows installation disk to go into recovery console:

Click "Repair Your Computer" to open the Recovery Console. The Recovery Console window opens. Click "Command Prompt" to open the Windows command line utility.

Type "bootrec.exe /fixmbr" and press "Enter." The "/fixmbr" switch indicates that you want to fix the MBR.

Remove the DVD from the drive and reboot your computer.

Then load windows and execute:
Roguekiller http://tigzy.geekstogo.com/roguekiller.php

After Roguekiller runs delete and fix all files that it detects (including MBR if this is affected).

Immediately after Roguekiller run ComboFix
http://www.bleepingcomputer.com/download/combofix/

You can read about the virus here:
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

NOTE: You may need to rename the files and/or use right click "Run As" command and run them form different account to get them to start.
0
 
LVL 4

Accepted Solution

by:
kdubendorf earned 1000 total points
ID: 39250454
I've also used HimManPro on this package with some success.   If Safemood doesn't work use HitManPro.kickstart.   You can put it on a USB and boot from the USB.   It will clean the MoneyPack Virus.

After you get it clear with HitManPro run Malwarebytes and then try Combofix.  

That should do it for you.
0
 
LVL 2

Author Closing Comment

by:cfourkays
ID: 39252026
This one was an SOB.
Final cleaner was Hitmanpro from boot.
Thanks, all.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question