cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 41 of 73

Re: FBI MoneyPak Scam - Removing Virus

Jump to solution

One of McAfee's Technicians posted a way of recovering any files lost through this particular malware here:  https://community.mcafee.com/thread/56760?tstart=0

Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 42 of 73

Re: FBI MoneyPak Scam - Removing Virus

Jump to solution

As I said above not that great with malware removal but will try.

When you download the programs did you download stinger it is current and each download is the most up to date version. IE to update you download the next day's version.

McAfee Communities: Anti-Spyware, Malware & Hijacker Tools

Another thought is when you download the programs to a stick rename teh file and when you install it rename the default folder it is installing into as some malware recognise these names and block access.

Re: FBI MoneyPak Scam - Removing Virus

Jump to solution

Hi gothamguy,

I just got the FBI MoneyPak Scam appear on my PC 10-13-2012 with McAfee up and running. 

I also managed to get by the blocking screen and started a full McAfee scan of all my drives, all files, registry ect.  McAfee did not find or do anything about the FBI MoneyPak Scam. 

I ran Ad-Aware for 10 hours to be sure every file was examined.  Again nothing found and nothing done.

I searched the internet and found Malwarebytes.  The folks at Malwarebytes were aware of the FBI MoneyPak Scam and indicated it was not a very new virus. 

I ran a free copy of Malwarebytes, it found the infected files and deleted them.  The scan report indicated that FBI MoneyPak Scam was completely remove and registry corrected.

My PC has been in use for the past three days with no issues.  Everythng indicates that the FBI MoneyPak Scam is completely gone.

I am hoping the moderator picks up on my reply and has an explanation.

All the best

John

Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 44 of 73

Re: FBI MoneyPak Scam - Removing Virus

Jump to solution

· ...from one of the lead developers of MalwareBytes (Bruce Harrison) :
...
As far as why MBAMis very good at dealing with this type of infection, that is simple.MBAM is designed to be very good at dealing with malware that the AVs seem tobe having problems with. I do not spend my time making MBAM detect millions of infections that any decent AV already detects as MBAM is DESIGNED to work alongside antivirus software, not replace it. A huge chunk of the research that goes into MBAM revolves around what we see making it into HJT threads as the vast majority of these threads involve antivirus software that was in some waybypassed.
...
Lets settle this now and avoid any further misinformation. MBAM is now a very good backup to any antivirus software and will only get better in the future.MBAM will NEVER add antivirus abilities to itscore app and is always advised to be used WITH antivirus software. We actually get this question a lot in the forums and I assure you that we always say :

"No, MBAM can't replace your existing antivirus software and is not designed to."

That said it would be nice if Mcafee picked up all there scams but it does not . This is common with the front line AVs so I hear.

Maybe stinger will detect it they ,the developers, seem to add this type of detection into it. Remember the malware developers change these things regularly so the general AV is playing catch up.

I will ask though if Mcafee has a better explanation.

Re: FBI MoneyPak Scam - Removing Virus

Jump to solution

I am like the guy earlier.  I got the FBI thing and it will not allow me to boot in safe mode at all.  With networking or not.  With networking it tries to connect to the net and pull up the message.  Does same thing without networking but has a web page that says no connection.  I cannot get to the safemode screen.

I noticed when I got it a small window came up on the monitor with what looked like a java script.  It ran very quickly and then went to the FBI warning page. 

I can't get in at all.

I assume I can remove the hard drive and set it up as slave is there any other option open?

Thanks

Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 46 of 73

Re: FBI MoneyPak Scam - Removing Virus

Jump to solution

That probably the way to go. I will ask a tech for comment as malware not my best area.

Highlighted

Re: FBI MoneyPak Scam - Removing Virus

Jump to solution

Hi Dan,

Did your procedure of setting up your C drive as a slave work?  If not, I found a solution that might actually be easier.

I noticed a time lapse between my Windows XP startup and the FBI thing taking over.  To me this suggested the virus (or whatever you want to call it) was starting like an application.

During the time lapse I kept pressing Ctl/Alt/Del and randomly shut down applications as they appeared by clicking "End Process" in the Windows Task Manager.

It took about 4 reboots before my trigger finger got lucky and I stopped the villain.

From that point I was able to download and use the free trial version of Malwarebytes.  Malwarebytes found the FBI "ransomware" and along with several other known spywares removed it all.

By the way I tried Ad-Aware, perhaps a more well known malware removing product, first.  Ad-Aware did not find the "FBI ransomware".

Please let us know if this method works for you.

All the best John

34. Oct 17, 2012 8:55 AM (in response to Peacekeeper)

Re: FBI MoneyPak Scam - Removing Virus

I am like the guy earlier.  I got the FBI thing and it will not allow me to boot in safe mode at all.  With networking or not.  With networking it tries to connect to the net and pull up the message.  Does same thing without networking but has a web page that says no connection.  I cannot get to the safemode screen.

I noticed when I got it a small window came up on the monitor with what looked like a java script.  It ran very quickly and then went to the FBI warning page. 

I can't get in at all.

I assume I can remove the hard drive and set it up as slave is there any other option open?

Thanks

Re: FBI MoneyPak Scam - Removing Virus

Jump to solution

Hi Tony,

Your response is appreciated. 

McAfee AV is a great product with a very good reputation.

I understand the strengths of AV vs. AntiMalware...... however

I obtained McAfee through my Internet providerCOX communications.  The package is labeled COX McAfee SecuritySuite.  The word "Suite" gives the impression that no otherproduct is needed.  In addition please have a look at the description ofthe COX/McAfee Suite.  To a non-developer like me it seems to suggestspyware and malware should be handled.

http://ww2.cox.com/residential/centralflorida/support/internet/article.cox?articleId={0b7d0470-6409-11df-ccef-000000000000}

Thank you very much

John

                                                Re: FBI MoneyPak Scam - Removing Virus                                                                                       

· ...from one of the lead developers of MalwareBytes (Bruce Harrison) :
...
As far as why MBAMis very good at dealing with this type of infection, that is simple.MBAM is designed to be very good at dealing with malware that the AVs seem tobe having problems with. I do not spend my time making MBAM detect millions of infections that any decent AV already detects as MBAM is DESIGNED to work alongside antivirus software, not replace it. A huge chunk of the research that goes into MBAM revolves around what we see making it into HJT threads as the vast majority of these threads involve antivirus software that was in some waybypassed.
...
Lets settle this now and avoid any further misinformation. MBAM is now a very good backup to any antivirus software and will only get better in the future.MBAM will NEVER add antivirus abilities to itscore app and is always advised to be used WITH antivirus software. We actually get this question a lot in the forums and I assure you that we always say :

"No, MBAM can't replace your existing antivirus software and is not designed to."

That said it would be nice if Mcafee picked up all there scams but it does not . This is common with the front line AVs so I hear.

Maybe stinger will detect it they ,the developers, seem to add this type of detection into it. Remember the malware developers change these things regularly so the general AV is playing catch up.

I will ask though if Mcafee has a better explanation.

 

Tony

Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 49 of 73

Re: FBI MoneyPak Scam - Removing Virus

Jump to solution

Hello Tony number 2

Yes suite implies it should cover many things also firewall and maybe other security concerns.

No AV is 100% up with these fake AV/ransomware programs. They the programs change sometimes daily to try to keep ahead of the mainline AV programs

That said the suggestions here are worth a look

McAfee Communities: Anti-Spyware, Malware & Hijacker Tools

Trying a restore point before the issue sometimes is blocked but other times might help.

Message was edited by: Peacekeeper on 21/10/12 8:19:22 AM

Re: FBI MoneyPak Scam - Removing Virus

Jump to solution

Hi Tony,

Your quick response is appreciated

First, I already removed FBIMoneyPak Scam using a product other than McAfee.  (Malwarebytes)

From the posts here McAfee should have been aware of this virus back in July.  Of course your explanation that these viruses can change daily is near impossible to dispute.  There is no way I can tell whether or not the virus I got a few days ago was exactly the same as the one posted here in July. One thing for sure is that the screen that appeared upon blocking was identical to the one that appeared in July to another McAfee customer.

I run a business from my pc and can't afford to have it down.

My plan will be to scan with Norton and McAfee at least for now.  I will also keep Malwarebyte looking for these items as well.

Thanks again

JOHN