I also I have this problem. It quite annoying. Can you please help. It looks exactly like that screenshot. I've ran Power Eraser but it didn't find anything.
[edit: Clarified subject.]
What is your Security Software installed??
At the moment it is the free version of AVG but I ordered Norton Anti-Virus and it should come by mail on July 3rd.
This is Norton products forum and you have AVG installed,
So I will not be removing it AVG has thir own forum for their products
Its on there temporarily because my one year subcription of Norton ran out I had get a new copy. I will be uninstalling it and use Norton Anti-Virus.
because users can say that (on offence) but logs doin't show Norton or Symantec I can't do it.
The other one, I had recently actually was I did most of the work, until I figured out it was a illegal / cracked version.
For users reading this forum from whereever, To break the FBI ransomware find an entry that looks similar to this (due to system setups, user accounts the full path differs.
StartupFolder: [PATH].programs\startup\ctfmon.lnk - c:\windows\system32\rundll32.exe pointing to [Path]\Temp\wpbt0.dll,FQ10 (or FQ11)
Take that entry and tthe Ransom should be broken so that on a restart it doesn't load, you still have to clean up the rest.
Ok, I found the ctfmon file as a shortcut in the startup folder. Now what? Do I delete it to the recycle bin?
Thanks for the info.
Once we get the file removed to stop the Ransom from restarting, what else needs to be cleaned up.
OK so my dumb question is why can a computer get this kind of crap on it if I had a fully paid for licensed installed and updated version of norton on it?
And what elese do I need to remove to get rid of this thing?
FRST can be used to break it, so it won't run on the next Windows load.
OTL can break it after having it break it in Safe Mode.
You were asked a question about why a fully paid for Norton antivirus installation hasn't picked up this virus and eliminated it. I can see that this goes all the way back to July of this year and Norton still can't detect this virius. What's up and don't get pissed off or ignore my question? We are having big troubles with this one and a lot of people are scared so please do something to fix Norton anti virius so it can detect this virius and eliminate it. thank you
People who followed instructions and do as I ask, plus also don't run tools that are adavanced, have no problem and are grateful etc. as I remove all of the infection(s). It is that simple, don't bother thinking you know better screwing your system then hope malware removal peopel can repair.
Just had one on another forum run the tools, stuffed things and in the end got told to wipe the drive and start again.
As to why Norton has not picked up one variant, it is just that simple, there is more than one variant of FBI moneypak (US), and also includes French, German, UK, Spanish, Canadian,............... and now even an Irish one.
So it is not hard it figure out why, if you can't understand, OK, just leave it to people who do.
There could also be cases where Norton is not allowed to remove a variant due to the Winlogon mod in the registry
Something looks familiar about his username above.
There are currently 15 users online.