1 Reply Latest reply on Jan 18, 2013 7:18 AM by exbrit

    moneypak ransomware

      Typing this from a phone, so I'm making this brief.. lent my laptop to a friend and it came back with the "FBI money pak" scam/ransomware. I've read countless help articles and found my virus isn't behaving like the others. If I restart in safe mode, the virus activates within 2 seconds. I can boot with a dos prompt and delete the .lnk file in startup, but can't find any similar file names to any listed in help articles. I'm not able to run anti malware, connect to the internet or do anything. It activates way too fast in normal and safe mode. Help would be appreciated since I need my laptop for school. Vistax32

       

      Also, my locked screen looks different than the screenshots I've seen of this virus.

        • 1. Re: moneypak ransomware
          exbrit

          I moved this to Malware Discussions > Top Threats as there are similar cases here.  Look for FBI Moneypak.

           

          The first thing to try is System Restore to before all this started.  See the last link in my signature for methods.

           

          Method Two here might be possible: http://www.vistax64.com/tutorials/76905-system-restore-how.html

           

          If successful then turn off System Restore temporarily to erase the infected restore point.

           

          I was thinking that you could use a USB Flash Drive to port over the installer files for Stinger and Malwarebytes Free, both linked in my signature below, again the last link.

           

          Note: you will probably have to rename the files to camouflage them from the malware or it will most likely prevent their installation.

           

          Also note that Malwarebytes Free can be run in Safe Mode and can even be updated in Safe Mode with Networking.

           

           

           

          .

           

          Message was edited by: Ex_Brit on 18/01/13 8:18:05 EST AM