• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos0

Problem with FBI Moneypak Virus

I also I have this problem. It quite annoying. Can you please help. It looks exactly like that screenshot. I've ran Power Eraser but it didn't find anything.

[edit: Clarified subject.]

Replies

Kudos0

Re: Problem with FBI Moneypak Virus

I also I have this problem. It quite annoying. Can you please help. It looks exactly like that screenshot. I've ran Power Eraser but it didn't find anything.

[edit: Clarified subject.]

Kudos0

Re: Problem with FBI Moneypak Virus

What is your  Security Software installed??

Quads

Kudos0

Re: Problem with FBI Moneypak Virus

At the moment it is the free version of AVG but I ordered Norton Anti-Virus and it should come by mail on July 3rd.

Kudos0

Re: Problem with FBI Moneypak Virus

This is Norton products forum and you have AVG installed,

So I will not be removing it AVG has thir own forum for their products

Quads

Kudos0

Re: Problem with FBI Moneypak Virus

Its on there temporarily because my one year subcription of Norton ran out I had get a new copy. I will be uninstalling it and use Norton Anti-Virus.

Kudos2

Re: Problem with FBI Moneypak Virus

because users can say that (on offence)  but logs doin't show Norton or Symantec I can't do it.

The other one, I had recently actually was I did most of the work, until I figured out it was a illegal / cracked version.

For users reading this forum from whereever,   To break the FBI ransomware  find an entry that looks similar to this (due to system setups, user accounts the full path differs.

Find 

StartupFolder: [PATH].programs\startup\ctfmon.lnk - c:\windows\system32\rundll32.exe pointing to [Path]\Temp\wpbt0.dll,FQ10 (or FQ11)

Take that entry and tthe Ransom should be broken so that on a restart it doesn't load,  you still have to clean up the rest.

Quads

Kudos0

Re: Problem with FBI Moneypak Virus

Ok, I found the ctfmon file as a shortcut in the startup folder.  Now what?  Do I delete it to the recycle bin?

Kudos0

Re: Problem with FBI Moneypak Virus

Thanks for the info.

Once we get the file removed to stop the Ransom from restarting, what else needs to be cleaned up.

Thanks

Kudos0

Re: Problem with FBI Moneypak Virus

OK so my dumb question is why can a computer get this kind of crap on it if I had a fully paid for licensed installed and updated version of norton on it?

And what elese do I need to remove to get rid of this thing?

John

Kudos0

Re: Problem with FBI Moneypak Virus

FRST can be used to break it, so it won't run on the next Windows load.

OTL can break it after having it break it in Safe Mode.

Quads

Kudos0

Re: Problem with FBI Moneypak Virus

You were asked a question about why a fully paid for Norton antivirus installation hasn't picked up this virus and eliminated it.  I can see that this goes all the way back to July of this year and Norton still can't detect this virius.  What's up and don't get pissed off or ignore my question?  We are having big troubles with this one and a lot of people are scared so please do something to fix Norton anti virius so it can detect this virius and eliminate it.  thank you

Kudos0

Re: Problem with FBI Moneypak Virus

People who followed instructions and do as I ask, plus also don't run tools that are adavanced, have no problem and are grateful  etc. as I remove all of the infection(s). It is that simple,  don't bother thinking you know better screwing your system then hope malware removal peopel can repair.

Just had one on another forum run the tools, stuffed things and in the end got told to wipe the drive and start again.

As to why Norton has not picked up one variant, it is just that simple,  there is more than one variant of FBI moneypak (US), and also includes French, German, UK, Spanish, Canadian,............... and now even an Irish one.

So it is not hard it figure out why, if you can't understand, OK, just leave it to people who do.

There could also be cases where Norton is not allowed to remove a variant due to the Winlogon mod in the registry

 Something looks familiar about his username above.

Quads

Kudos0

Re: Problem with FBI Moneypak Virus

Moved to its own thread for better exposure.
Tony Weiss | Norton Forums Global Community Manager | Symantec Corporation

Replies are locked for this thread.