Solved

FBI Virus Hijack

Posted on 2013-06-15
4
558 Views
Last Modified: 2013-11-22
HP Desktop running Vista has the FBI Startup page, the MoneyPak one with the USA pictured with the Flag.
I have tried the  standard fixes with no luck.
PC will not boot to CMD prompt or Safe Mode.
The Drive is in the machine right now but can be slaved to this PC. I  can mount the drive either in this PC or the affected one.
I've posted here before with the same basic problem but this time nothing works.

Starting from scratch OK with me.

Pete
0
Comment
Question by:cfourkays
4 Comments
 
LVL 24

Expert Comment

by:aadih
ID: 39250296
Start from scratch (reinstall) will work.

You may like, however, to use a rescue disk (e.g., avira) to boot and scan the PC and see if that clears up the virus.
0
 
LVL 7

Assisted Solution

by:dec0mpile
dec0mpile earned 250 total points
ID: 39250312
If you do not want to format your system you can use the following steps to remove the virus:

Use windows installation disk to go into recovery console:

Click "Repair Your Computer" to open the Recovery Console. The Recovery Console window opens. Click "Command Prompt" to open the Windows command line utility.

Type "bootrec.exe /fixmbr" and press "Enter." The "/fixmbr" switch indicates that you want to fix the MBR.

Remove the DVD from the drive and reboot your computer.

Then load windows and execute:
Roguekiller http://tigzy.geekstogo.com/roguekiller.php

After Roguekiller runs delete and fix all files that it detects (including MBR if this is affected).

Immediately after Roguekiller run ComboFix
http://www.bleepingcomputer.com/download/combofix/

You can read about the virus here:
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

NOTE: You may need to rename the files and/or use right click "Run As" command and run them form different account to get them to start.
0
 
LVL 4

Accepted Solution

by:
kdubendorf earned 250 total points
ID: 39250454
I've also used HimManPro on this package with some success.   If Safemood doesn't work use HitManPro.kickstart.   You can put it on a USB and boot from the USB.   It will clean the MoneyPack Virus.

After you get it clear with HitManPro run Malwarebytes and then try Combofix.  

That should do it for you.
0
 
LVL 2

Author Closing Comment

by:cfourkays
ID: 39252026
This one was an SOB.
Final cleaner was Hitmanpro from boot.
Thanks, all.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now