Solved

FBI Virus Hijack

Posted on 2013-06-15
4
585 Views
Last Modified: 2013-11-22
HP Desktop running Vista has the FBI Startup page, the MoneyPak one with the USA pictured with the Flag.
I have tried the  standard fixes with no luck.
PC will not boot to CMD prompt or Safe Mode.
The Drive is in the machine right now but can be slaved to this PC. I  can mount the drive either in this PC or the affected one.
I've posted here before with the same basic problem but this time nothing works.

Starting from scratch OK with me.

Pete
0
Comment
Question by:cfourkays
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 24

Expert Comment

by:aadih
ID: 39250296
Start from scratch (reinstall) will work.

You may like, however, to use a rescue disk (e.g., avira) to boot and scan the PC and see if that clears up the virus.
0
 
LVL 7

Assisted Solution

by:dec0mpile
dec0mpile earned 250 total points
ID: 39250312
If you do not want to format your system you can use the following steps to remove the virus:

Use windows installation disk to go into recovery console:

Click "Repair Your Computer" to open the Recovery Console. The Recovery Console window opens. Click "Command Prompt" to open the Windows command line utility.

Type "bootrec.exe /fixmbr" and press "Enter." The "/fixmbr" switch indicates that you want to fix the MBR.

Remove the DVD from the drive and reboot your computer.

Then load windows and execute:
Roguekiller http://tigzy.geekstogo.com/roguekiller.php

After Roguekiller runs delete and fix all files that it detects (including MBR if this is affected).

Immediately after Roguekiller run ComboFix
http://www.bleepingcomputer.com/download/combofix/

You can read about the virus here:
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

NOTE: You may need to rename the files and/or use right click "Run As" command and run them form different account to get them to start.
0
 
LVL 4

Accepted Solution

by:
kdubendorf earned 250 total points
ID: 39250454
I've also used HimManPro on this package with some success.   If Safemood doesn't work use HitManPro.kickstart.   You can put it on a USB and boot from the USB.   It will clean the MoneyPack Virus.

After you get it clear with HitManPro run Malwarebytes and then try Combofix.  

That should do it for you.
0
 
LVL 2

Author Closing Comment

by:cfourkays
ID: 39252026
This one was an SOB.
Final cleaner was Hitmanpro from boot.
Thanks, all.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question