FBI moneypak

[baybiz]

Seem to have gotten a new version of FBI - moneypak. It won't let me run in any safe mode (XP media) or bring up the task manager. Just loads it ransom screen and can't access anything. Are there any tools that will kill it if I put the infected drive as a secondary drive on a clean computer?

[screen317]

Hello and welcome to Malwarebytes,

We have an advanced product in development that is now in public Beta: Malwarebytes Anti-Rootkit. This tool has been designed to address the specific type of infection(s) identified on your system. At this stage Malwarebytes Anti-Rootkit has been heavily tested and we are confident in it's capabilities and stability. That being said, this is a Beta product and certain disclaimers need to be made. All Beta versions are not final products. Malwarebytes does not guarantee the absence of errors which might lead to interruption in normal computer operations or data loss. Precautions should be taken. The types of infections targeted by Malwarebytes Anti-Rootkit can be very difficult to remove. Please be sure you have any valued data backed up before proceeding, just as a precaution.

While we encourage and invite participation, Malwarebytes Anti-Rootkit Beta users run the tool at their own risk. Malwarebytes bears no responsibility for issues that may arise during use of this tool, however all reasonable efforts will be made by Malwarebytes to assist in recovery should the need arise.

If you agree to these terms, please let us know and we will provide a download link and instructions for you.

[baybiz]

Would love to try it. I'm in the position of either trying this or reformatting the drive.

Thanks!!

[baybiz]

By the way I do agree to your terms. Please furnish the download link.

[screen317]

Please see the instructions and download link here:

http://www.malwarebytes.org/products/mbar

Please post both logs that it creates.

[baybiz]

Read the instructions but not sure how to implement it since I can't get past the FBI screen and can't get safe mode to come up without the FBI page either. can I use this program to scan the drive as a secondary drive on a clean computer?

[baybiz]

Can't scan any drive but c with the mbar program. Can't get into safe mode (it reboots now every time any version of safe mode is selected) so It is of no use in this situation.

[screen317]

Hi,

Okay let's see if we can clean things from outside Windows.

The Kaspersky Rescue Disk is a bootable CD based version of Kaspersky Antivirus.

The download is in ISO format.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Download the Kaspersky Rescue Disk:

http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/ .

• Burn the Kaspersky Rescue Disk ISO image to CD.
  
• Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
  
• Follow the instructions in the initial text screen to press Enter to start Kaspersky AntiVirus.
  
• Select your language (or wait a few seconds for the default English to load).
  
• Your screen may go blank for several minutes while the program loads.
  
• After the Kaspersky Rescue Disk loads, the database will be updated (if you have network connectivity)
  • Click the Update tab to view the update progress.
    
  • When the update has completed, click the Scan tab.

  [*]Place a checkmark in all the available drives to scan the entire system.

  [*]Click the "Security level" option, and select options.

  • Make sure "All Files" is selected
    
  • Under "Scan of compound files" ensure all options are selected and click the OK button.

  [*]Click the "On threat detection" option

  • Select "Do not prompt", "Disinfect", and "Delete if disinfection fails".

  [*]Click the "Start scan" button.

  [*]When the scan has completed, click the Reports button.

  • Click the Save button, and select your System drive (normally your C: drive)
    
  • In the "File name" box, name the file krd-log and click the Save button.
    
  • Click Close to close the Reports window.

  [*]Click the Exit button to close the Rescue Disk program and confirm.

  In the lower left of the screen, left-click the red K button, select Logout, and confirm.

  [*]The computer will shut down.

  [*]Restart the computer and reboot normally.

  [*]Please post the log (krd-log.txt) in your next reply.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!