7 Replies Latest reply on May 23, 2013 5:15 AM by Vinod R Branched to a new discussion.

    FBI Moneypak Virus-Unable to access any of my files!!

      My computer was infected with the FBI Moneypak virus about 6 days ago...I have been working with someone on another forum to help remove the virus but feel like I'm going in circles! I'm not sure if the virus is still there or not but virus scans are not detecting it and I am now able to sign into my computer without the Moneypak page popping up. However, ALL of my files (pictures, word docs, etc) have been converted to an internet explorer link so everytime I click it redirects me to internet explorer (mcafee will then block access to it as its unsafe). Last night I tried to change a word doc back to a word format and now ALL the files say they are a word document!! Please help!! I'm afraid I have lost access to all my files!! Should I take it in to a professional at this point??

        • 1. Re: FBI Moneypak Virus-Unable to access any of my files!!

          Well I don't know what the other forum suggested but the first thing to do when this sort of thing hits is touch nothing and do a hard power off.  Then boot into Safe Mode and initiate System Restore to before it all started, hoping that SR was turned on in the first place.


          We don't actually do malware removal here, but if you click the last link in my signature below and scroll down, there are a number of forums who specialize in that.


          FYI no antivirus will catch these scams properly because of the way they work.  You just have to be ultra careful these days and make sure you keep everything up to date and backed up.

          • 2. Re: FBI Moneypak Virus-Unable to access any of my files!!
            Vinod R

            Please try below steps  and let me know if it works for you.. these are picked from other help forums- i would suggest you to reach out to other malware cleaning forums for any additional help.



            Here's the most recent directions


            Download decrypt_mblblock.exe to your desktop.

            • If you only have a single hard disk with one partition, then only thing you need to do is start the tool.
            • Windows XP users can simply double click and run the tool, Windows Vista, 7 & 8 users need to run the tool with administrator rights.
            • Now it will automatically scan your complete hard disk for encrypted files, when there are encrypted files present it will automatically decrypt those without deleting the encrypted originals.
            • After the decryption check that all of the decrypted files open properly.
            • Once you have verified that the files were decrypted properly you can delete the encrypted HTML files.
            • If you have more than one hard disk or partitions with encrypted files, things get slightly more complicated. To scan and decrypt files on those other hard disks or partitions do the following:
            • While holding down the Windows key now press the R key.5198943264916-Windows_key_R_system_infor The Run Box will now appear.
            • In the Run box Type in cmd.exe and press Enter.
            • The Windows Command Line prompt should show up.
            • You first need to switch into the directory where you downloaded the decryption tool to.
            • This can be done using the cd command: cd /d <path>
            • Just replace <path> with the path you downloaded the decryption tool to. If you downloaded it to C:\Users\Administrator\Downloads for example the exact command line to type in should look like this:
              cd /d C:\Users\Administrator\Downloads
            • If you did everything right you will see that the command prompt changed slightly and now references the download directory.
            • Run the decryption tool with a list of all your drives you want the tool to scan. If you have a C:, D: and E: drive for example, run the tool like this:
              decrypt_mblblock.exe C:\ D:\ E:\
            • Please be patient and refrain from using the computer for other tasks while the tool is running


            • 3. Re: FBI Moneypak Virus-Unable to access any of my files!!

              It worked! Thank you soooooo very much! I have been trying to figure this out for days!! I really appreciate your help!!

              • 4. Re: FBI Moneypak Virus-Unable to access any of my files!!
                Vinod R

                Glad it helped.. That tool was picked up from one of the support forums elsewhere.... we are not done yet though


                Please follow below instructions :

                Backup the Data on your machine(pictures,documents etc.. ONLY.. take care what you copy do not blindly copy paste folders)

                Download the latest version of Getsusp from getsusp.mcafee.com and run on the machine ---> Zip the logs and attach in next reply

                Ensure DATA is back up-

                Download and run the latest version of Stinger tool from Stinger.mcafee.com.> run it allow it to delete all files it picks up(reason i asked to backup files)

                After a reboot- Zip and attach the Stinger_Quarntine folder and attach as next reply..



                OTHER USERS:

                This solution might be limited to this particular variant of infection. Request others to refrain from running this tool unless requested by a forum helper to do so.


                Message was edited by: vinod_r2 on 23/5/13 1:00:21 PM IST
                • 5. Re: FBI Moneypak Virus-Unable to access any of my files!!

                  Vinod, thanks for the wonderful help.

                  • 6. Re: FBI Moneypak Virus-Unable to access any of my files!!

                    Moved to the 'Top Threats' section in the hope it will help others with this particular malware.


                    Message was edited by: Ex_Brit on 23/05/13 6:48:39 EDT AM
                    • 7. Re: FBI Moneypak Virus-Unable to access any of my files!!
                      Vinod R

                      The solution must be applied only post full removal of malware file...