Solved FBI MoneyPak Ransom Virus - Having trouble removing

September 12, 2012 at 11:34:05
Specs: Windows XP Pro, 1272 MB RAM

Hi - this is actually for my dad's computer, so my information down there is inaccurate. He is running an Acer laptop with Windows Vista - as far as I know, it's up-to-date. It updates automatically.
He got the FBI MoneyPak Ransom virus today. It's the version that locks up the computer with a black screen and FBI logo, demanding $200.
So far, I've taken it into Safe Mode with Networking and run Malwarebytes Anti-Malware, full scan. It claimed the computer was clean and had no viruses. I tried to go into Microsoft/Windows/Start Menu/Programs/Startup to remove it manually, but the folder was empty. I also searched for other files I was told were part of the virus, but again, found nothing. I tried restarting the computer afterward but, yep, it's still there.
It's back in Safe Mode with Networking and I'm currently trying a SuperAntiSpyware scan, but I'm not hopeful. Does anyone have any ideas for something else I could try to get rid of this thing?

See More: FBI MoneyPak Ransom Virus - Having trouble removing

Report •


#1
September 12, 2012 at 13:57:39
✔ Best Answer

http://www.bleepingcomputer.com/vir...

Please note that they recommend using a special removal tool from emisoft, with specific instrutions.

http://www.bleepingcomputer.com/dow...

:: mike


Report •

#2
September 12, 2012 at 17:42:03

Thanks - I'm giving it a try now. I tried restoring the computer, and I think that took care of it, but I'm not sure, since it said the restore didn't work - but the computer didn't lock up again throughout the Avira scan. I waited until that was done and restarted it into Safe Mode, and it's doing the scan right now. I'll post again when it's done with the results.

Report •

#3
September 13, 2012 at 06:24:22

That's a possibility. I just figured the known good fix would be the easiest to relay. Glad that things are back to more normal. I would suggest ensureing that all of your updates are current as this seems to be the way that many people aquire the infection.

:: mike


Report •

Related Solutions

#4
September 13, 2012 at 14:53:37

I think the Emisoft program is the one that got it - I'd done the restore, but it said it didn't quite work. When I ran the Emisoft, it found a high risk trojan. Dad said he used the computer this morning and didn't get locked out, so whoo, think it's gone. Thanks for the help!
I try and keep it up to date, but since it's not mine, there's only so much I can do. e_e

Report •

#5
September 14, 2012 at 06:21:54

It sounds like you are at least running the auto update from Microsoft, that's an excellent start. If there are continuing infections, you might suggest that he surf the net with a limited user account, (many people use an administrator account for their daily tasks, and while this can be more easier, the limited account while surfing can help keep many malicious events from occurring)

Glad that the Emisoft helped. You may also suggest to the other user to run a weekly scan of Malwarebytes, as its free and will often catch things that virus scanners don't.

:: mike


Report •

#6
October 17, 2012 at 04:53:05

Last version of FBI Moneypak is very hard to clean. Prior versions did not run under Safe Mode, but now the things changed...

Some Good Source:

http://answers.microsoft.com/en-us/...

http://answers.microsoft.com/en-us/...


Report •

#7
January 15, 2013 at 18:26:55

There have been more ransomware variants created by the hackers under the name of FBI right now! Since I was infected by the FBI moneypak virus, I have made more research to avoid this tricky virus. I got help from a tech support team to resolve this. And the FBI I had was the same one as described here:
http://removevirusmalware.blogspot....
TERMINATE FBI VIRUS!!!

Report •


Ask Question