FBI moneypack virus help

[strep3241]

A family member gave me a laptop to look at and said he thought it was infected with a virus. It turns out it is the FBI moneypack virus. It says the computer is locked and must pay $200 by a certain time or he will face criminal charges.

One problem I am having is Task Manager is disabled, regedit is also disabled. I have tried running in safe mode but neither will work.

Most of the time, the virus screen is the only thing you can see and will not let you do anything else. If running in normal mode, the screen will turn black after a few seconds and you have to restart it. When in safe mode, the screen stays up and does not disappear.

At this moment, I was able to get to the desktop, did it on its own, but with no shortcuts, and am running a MSE scan. After that is done, I am going to run a MBAM scan.

Has anybody else heard of or seen this virus? How hard are they to get rid of? When I first seen the virus screen, I was really worried that it was official.

 

[MustISO]

I've seen it before. I used Kaspersky Rescue Disk and it took care of it. One other thing you may want to try and restoring a previous recovery point. That may help to get any infected or changed system files back to normal. Infections can infect the recovery points as well so it can be hit or miss.

 

[unokitty]

I've seen that one. But I haven't had to remove it myself.

Here is a link with some instructions that might get you started.

http://blog.yoocare.com/pc-locked-fbi-moneypak-virus-malware-removal-guide/

Best of luck,
Uno

 

[midwestfisherman]

If all else fails format C: and start over with a fresh install. Hopefully he had his files backed up.

 

[strep3241]

I believe I got rid of the virus. I scanned with MSE and MBAM and both found a few things which they both got rid of. I also ran rkill.exe which did not find any bad processes.

This may or may not be related to the virus but I can't get the firewall running. When I try to turn it on, it asks me to start the service and when I choose yes, it says it can't start the service. Windows firewall is the only firewall on this pc.

 

[Chiefcrowe]

There could be something still left there. Did you also scan it with an AV boot cd?

 

[strep3241]

I have scanned with MSE and MBAM and both found nothing.

I am getting an error code 5 when I try to start the service.

Any idea how to get the firewall started? I have tried running system file checker and found no problems, did a restore point and did not help, tried a Microsoft Fix It download for my specific issue and did not help.

If I try a repair install, would I need the Windows cd? He did not get a Windows cd with this laptop.

 

[Puppies04]

Run a boot cd burned from another computer, they operate outside windows and pick up virtually anything from my experience. Personally I use AVGs one but any of the other big named ones seem to do the same thing by all accounts.

 

[xgsound]

The FBI moneybak virus has a removal guide on Bleeping Computer from July 5th. See http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware . They suggest a program called Emsisoft Emergency Kit which I've never heard of, but lately Bleeping Computer is more on top of any virus fighting more than anyone else.
They also say there are files %Temp%\<random>.exe and %StartupFolder%\ctfmon.lnk if you can find and rename them.

Jim

 

[oslama]

got hit with the virus, i was able to use malware bytes and combox fix to block it. however, the internet and sound drivers are not loading. the audio service is on automatic and not sure if i need to enable tcip services.

i did delete the user profile and regedit entries per the bleeding computer guide.