Virus & Spyware

Gloria333 · ‎10-16-2012

The first response did not correct the situation. After I log on with my password, the desktop appears briefly and then I get a message from supposedly the Federal Bureau of Investigation requesting $ to unlock the computer. It doesn't allow me to do anything. I've taped on F8 with no results.

I would appreciate further assistance. Thanking you in advance for your help.

iroc9555 · ‎10-16-2012

Hi Gloria.

I was about to post in the other thread. You do not need to open a new one just hit reply a follow the thread. Since you are here. this is my answer:

You appeared to be infected with FBI MoneyPak Ransomware, and like Ky331 said your AV is not going to get rid of it. You can follow this tutorial:

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

Better yet if you open a topic in Bleepingcomputer: http://www.bleepingcomputer.com/forums/topic182397.html

Or in: http://spywarehammer.com/simplemachinesforum/index.php?board=10.0

to seek expert help.

Hernan.

Dim9200/XPS 410.C2D 2.40GHz.2GB RAM.XP Pro_86 SPk3. IE8 & FF38

Avast!Free 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. WOT. OpenDNS. SAS(o/d)

"We are all ignorant, but we don't all ignore the same things..." Albert Einstein

"When you've excluded the impossible, whatever remains, however improbable, must be the truth..." Sherlock Holmes.

View solution in original post

dalem29 · ‎10-16-2012

Gloria did not say what if any antivirus or maleware detection programming she was using. Several weeks ago, this ransom scumware locked up my screen and wanted the $200 to take care of it. It seemed like WinPatrol was almost able to start in order to block it, but not in time.

I was able to start in Safe Mode, which revealed the desktop, then MBAM was able get rid of this variant. It also had turned off the Windows firewall and Antivir and I was able to get them restarted. Multiple scans including some online ones since then seem to indicate this pest is gone.

View solution in original post

iroc9555 · ‎10-16-2012

Gloria did not say what if any antivirus or maleware detection programming she was using.

Dale.

My reference to an AV not able to get rid of this kind of malware was based on a reply Gloria got in another thread.

http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19471315.aspx

These ransomware change continously and most security softwares can't keep up. Also since it is most likely delivered as a trojan, it could have other surprises. Even though Bleepingcomputer has a tutorial to remove it, it is better if a specialist could take a look at Gloria's system to make sure it is really clean.

Regards.

Hernan.

Dim9200/XPS 410.C2D 2.40GHz.2GB RAM.XP Pro_86 SPk3. IE8 & FF38

Avast!Free 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. WOT. OpenDNS. SAS(o/d)

"We are all ignorant, but we don't all ignore the same things..." Albert Einstein

"When you've excluded the impossible, whatever remains, however improbable, must be the truth..." Sherlock Holmes.

View solution in original post

Bugbatter · ‎10-16-2012

I like the detailed info and tutorial at ESET, but as you mentioned these things are always changing and tend to invite other problems.

Windows Insider MVP 2016 - Present

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

View solution in original post

iroc9555 · ‎10-16-2012

I like the detailed info and tutorial at ESET, but as you mentioned these things are always changing and tend to invite other problems.

BB.

What do you mean ?

This: http://kb.eset.com/esetkb/index?page=content&id=SOLN3140&actp=search&viewlocale=en_US&searchid=13504...

or this: http://kb.eset.com/esetkb/index?page=content&id=SOLN3035

Could you post the link to the tutorial ?

Hernan.

Dim9200/XPS 410.C2D 2.40GHz.2GB RAM.XP Pro_86 SPk3. IE8 & FF38

Avast!Free 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. WOT. OpenDNS. SAS(o/d)

"We are all ignorant, but we don't all ignore the same things..." Albert Einstein

"When you've excluded the impossible, whatever remains, however improbable, must be the truth..." Sherlock Holmes.

View solution in original post

ky331 · ‎10-16-2012

We've had 3 or 4 people enter this thread after Gloria's opening statement... I would hope that we can be patient and wait for another response from her. I have only one basic comment/suggestion to offer her:

Gloria wrote: "After I log on with my password, the desktop appears briefly... I've tap

ed on F8 with no results".

The way I'm reading this, you waited until after you typed your password, and after the desktop appeared, to tap the F8. The F8 key needs to be pressed as soon as you turn on your PC, as the initial DeLL logo is appearing. If you wait past that screen, it's too late to enter safe mode.

Windows 10 Pro (64-bit), Panda DOME 20, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.

[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

View solution in original post

iroc9555 · ‎10-16-2012

Hi Gloria.

I was about to post in the other thread. You do not need to open a new one just hit reply a follow the thread. Since you are here. this is my answer:

You appeared to be infected with FBI MoneyPak Ransomware, and like Ky331 said your AV is not going to get rid of it. You can follow this tutorial:

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

Better yet if you open a topic in Bleepingcomputer: http://www.bleepingcomputer.com/forums/topic182397.html

Or in: http://spywarehammer.com/simplemachinesforum/index.php?board=10.0

to seek expert help.

Hernan.

Dim9200/XPS 410.C2D 2.40GHz.2GB RAM.XP Pro_86 SPk3. IE8 & FF38

Avast!Free 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. WOT. OpenDNS. SAS(o/d)

"We are all ignorant, but we don't all ignore the same things..." Albert Einstein

"When you've excluded the impossible, whatever remains, however improbable, must be the truth..." Sherlock Holmes.

dalem29 · ‎10-16-2012

Gloria did not say what if any antivirus or maleware detection programming she was using. Several weeks ago, this ransom scumware locked up my screen and wanted the $200 to take care of it. It seemed like WinPatrol was almost able to start in order to block it, but not in time.

I was able to start in Safe Mode, which revealed the desktop, then MBAM was able get rid of this variant. It also had turned off the Windows firewall and Antivir and I was able to get them restarted. Multiple scans including some online ones since then seem to indicate this pest is gone.

iroc9555 · ‎10-16-2012

Gloria did not say what if any antivirus or maleware detection programming she was using.

Dale.

My reference to an AV not able to get rid of this kind of malware was based on a reply Gloria got in another thread.

http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19471315.aspx

These ransomware change continously and most security softwares can't keep up. Also since it is most likely delivered as a trojan, it could have other surprises. Even though Bleepingcomputer has a tutorial to remove it, it is better if a specialist could take a look at Gloria's system to make sure it is really clean.

Regards.

Hernan.

Dim9200/XPS 410.C2D 2.40GHz.2GB RAM.XP Pro_86 SPk3. IE8 & FF38

Avast!Free 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. WOT. OpenDNS. SAS(o/d)

"We are all ignorant, but we don't all ignore the same things..." Albert Einstein

"When you've excluded the impossible, whatever remains, however improbable, must be the truth..." Sherlock Holmes.

Bugbatter · ‎10-16-2012

I like the detailed info and tutorial at ESET, but as you mentioned these things are always changing and tend to invite other problems.

Windows Insider MVP 2016 - Present

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

iroc9555 · ‎10-16-2012

I like the detailed info and tutorial at ESET, but as you mentioned these things are always changing and tend to invite other problems.

BB.

What do you mean ?

This: http://kb.eset.com/esetkb/index?page=content&id=SOLN3140&actp=search&viewlocale=en_US&searchid=13504...

or this: http://kb.eset.com/esetkb/index?page=content&id=SOLN3035

Could you post the link to the tutorial ?

Hernan.

Dim9200/XPS 410.C2D 2.40GHz.2GB RAM.XP Pro_86 SPk3. IE8 & FF38

Avast!Free 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. WOT. OpenDNS. SAS(o/d)

"We are all ignorant, but we don't all ignore the same things..." Albert Einstein

"When you've excluded the impossible, whatever remains, however improbable, must be the truth..." Sherlock Holmes.

ky331 · ‎10-16-2012

We've had 3 or 4 people enter this thread after Gloria's opening statement... I would hope that we can be patient and wait for another response from her. I have only one basic comment/suggestion to offer her:

Gloria wrote: "After I log on with my password, the desktop appears briefly... I've tap

ed on F8 with no results".

The way I'm reading this, you waited until after you typed your password, and after the desktop appeared, to tap the F8. The F8 key needs to be pressed as soon as you turn on your PC, as the initial DeLL logo is appearing. If you wait past that screen, it's too late to enter safe mode.

Windows 10 Pro (64-bit), Panda DOME 20, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.

[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Gloria333 · ‎10-18-2012

Thank you for this information. It was helpful. Have A Good Day!

Gloria333 · ‎10-18-2012

I appreciate this information. Have A Good Day!

ky331 · ‎10-18-2012

Gloria,

Does this mean you've solved/fixed your problem?

I realize the presence of so many "helpers" in this thread can be intimidating, and I do hope you're not just walking away from it all. If you're still interested, I'm sure we can agree on one person to assist you, until your issues are fully resolved. Or we can send you to another site, where you can start fresh again, working with a single helper.

Windows 10 Pro (64-bit), Panda DOME 20, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.

[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Virus & Spyware

Dell Laptop invaded by scam which has locked computer