• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

Kudos1

FBI MoneyPak Virus

Help,

My home computer has just been infected with the FBI greendot MoneyPak virus.  The virus is demanding $200.

My system is a Dell XPS Gen 4 running Windows XP.

I have Norton 360 on it.

The system is locked up.  Where do I go from here?

Thanks,

Replies

Kudos0

Re: FBI MoneyPak Virus

I too have this flipping problem now.

My system's a custom make on an ASUS Q4 motherboard and it's running Windows Vista, 32 bit.

I've had Norton 360 running, but it looked like it let this one right thru.   My user account is pretty much locked up and the only way I can get out of it is to log out and flip to another user (thank goodness I made a 2nd on my computer!).

Help is needed as a full scan by Norton 360 found 3 viruses, and it said it removed those, but that did nothing.  ESET Rogue (http://kb.eset.com/esetkb/index?page=content&id=SOLN3035) hasn't worked either so far, so please offer solutions if you know this one!!

Thanks in advance.

Kudos0

Re: FBI MoneyPak Virus

JimKo

If you restart the PC and use F8 and select Safe Mode with Networking does the PoliceAlert load??

Quads

Kudos1

Re: FBI MoneyPak Virus

WBg99

with the second account 

Disable Norton for say 30 minutes

Download OTL http://www.bleepingcomputer.com/download/otl/

Start OTL,  

Click the Scan All Users checkbox.

Change file age to 60 days

Press the 

An OTL.txt  and extras.txt will be created.

Quads

Kudos0

Re: FBI MoneyPak Virus

Okay, I found this on another site as a method.

For Vista, you restart and go with Safe mode with command prompt.

Once there ( and it says you only have seconds before the virus blocks you), you type Explorer

Then with the prompt saying "C:windowssystem32", you type rstrui.exe and hit Enter

That takes you to System Restore where you can go back a few days to a safe point and use the restore point.   Afterwards, a restart and going back to normal mode should take you back to normal conditions.   At least  it did for me and I'd share the link to that page, but unfortunately, I saved it as a favorite and that was wiped out in the system restore.

Good luck!

Kudos0

Re: FBI MoneyPak Virus

Thanks for the reply Quads and even with a system restore, should that be something I'd still want to do, downloading the OTL?

Kudos0

Re: FBI MoneyPak Virus

Users

Do not ask for help and then do your own thing as it screws the system and helpers around.

the PoliceAlert ransomware is now appearing with Zeroaccess and either the MaSS or Pihar partition as a triple hit.

Quads

Kudos2

Re: FBI MoneyPak Virus


WBg99 wrote:

Thanks for the reply Quads and even with a system restore, should that be something I'd still want to do, downloading the OTL?


Do what you like as you are doing your own thing.

Users doing their own thing, I don't touch their system(s), so I am not touching yours

Quads

Kudos1

Re: FBI MoneyPak Virus

WBg99

Don't bother PMing me, you have instead of waiting done your own thing,

I do not touch systems where users have made or changed things since from changing the System, deleting things, (including now my Windows doesn't boot) using advanced programs etc.

Good Luck.

Quads

Accepted Solution
Kudos2

Re: FBI MoneyPak Virus

My problem has been solved.  The computer has been running normally for the last 24 hours.

As my computer was powering up, I used F8 to enter Safe Mode. 

From there I used System Restore to restore my system to 45 days ago.

I was then able to use Malwarebytes Anti-Malware software to remove the virus.  That makes two times that this software has removed a virus that Norton 360 allowed to come thru.

Over the last two days I have done multiple scans with Microsoft Security Essentials.  This software uncovered another hidden virus. 

The latest Norton 360 scans have come up clean as well, but for this virus, I am not sure how excited I should be about this.

Kudos2

Re: FBI MoneyPak Virus

Moved to own thread for better exposure.
Mohanakrishnan G | Norton Forums Administrator | Symantec Corporation
Kudos1

Re: FBI MoneyPak Virus

Ifrst, I am very dissapointed in My Norton 360 "protection".  For the second time a virus has hijacked my system and my No1 virus program let it get through.  Sigh!

Today I had an attack on my laptop.  The black screen with the FBI "Your computer has been locked!" came on.  Yes, it's intimidating and worrrisome.  It locks you out and you cannot do anything about it.

First thing I did was push my off button and hold.  I think this is interpreted by my laptop (toshiba satellite) as a fast shutdown and the next time it comes up it does so with a "would you like to restart windows normally?" 

I disconected my wifi and and made made sure to start windows normally.  I did not go to Internet Explorer as it seems this is where the virus lives.  My desktop came up normally and I chose to run Malawarebytes that I have on my desktop for this type of cases.  It wanted to update, so I enabled the internet and opened IE.  THe black FBI screen was there again blocking me.  I powered down the same way and restarted in windows normally without WIFI and Internet.

I ran Malaware bytes and it found 3 files infected with a Trojan. I deleted the files and restarted.  All works fine now.

I believe my laptop will go to a restore point when I push and hold my power button. 

Again, I wonder and feel dissapointment when for the second time my Norton (expensive) virus protection is not able to protect me from this well known, (since jan 2012) trojan.  Where are all the technical guys?  Too busy counting the money?

Hope this helps someone.  And yes, I did my own thing and just for the record, I believe the discussion about "since you did your own thing, I now will be a brat and won't help you. Is way out of line!

Thanks.

Malaware bytes is free, very free and I used the free version.

Kudos2

Re: FBI MoneyPak Virus

This FBI virus is very simple to remove. These are the options below. I used safe mode with network #4.

Removal Options

  1. Malware Removal Software – Scan and remove malware
  2. Manual Removal – Remove associated files
  3. System Restore – Restore PC to a date and time before infection (includes different access options)
  4. Safe Mode With Networking – Manually remove files and/or scan and remove malware (reset proxy settings if needed)
  5. Flash Drive Option – Load Antivirus (AM) software to a flash drive, scan and remove malware
  6. Optical CD-R Option – Scan and remove malware
  7. Slave Hard Disk Drive Option – Scan, detect, and remove malware

Here's more manual info too.

1. Open Windows Start Menu and type %appdata% into the search field, press Enter.

2. Navigate to: Microsoft\Windows\Start Menu\Programs\Startup

3. Remove ctfmon (ctfmon.lnk if in dos) – this is what’s calling the virus on start up. This is not ctfmon.exe.

4. Open Windows Start Menu and type %userprofile% into the search field and press enter.

5. Navigate to: Appdata\Local\Temp
6. Remove rool0_pk.exe

7.Remove [random].mof file
8. Remove V.class

The virus can have names other than “rool0_pk.exe” but it should appear similar, there may also be 2 files, 1 being a .mof. Removing the .exe file will fix FBI Moneypak. The class file uses a java vulnerability to install the virus, removal of V.class is done for safe measure.

Kudos0

Re: FBI MoneyPak Virus

You should be worried. Not a single Nortyon product detects or removes the threat you've experienced. You did the right thing by using Malwarebytes, a FREE program from Microsoft that removes it. Did you know if you have malwarebytes already on your computer and install aNorton product, you asr asked to disable it because Norton coflicts with it. It doews, I twested it.

Kudos0

Re: FBI MoneyPak Virus

Hello, I just got this virus on my laptop.  It is an Acer and pretty old.  I can't get it to go to safe mode.

Kudos0

Re: FBI MoneyPak Virus


marcywink wrote:

Hello, I just got this virus on my laptop.  It is an Acer and pretty old.  I can't get it to go to safe mode.


You need your own thread

Areyou saying you can't get the system to load safe mode, or are you saying you can't or don't get the Ransomware loading in safe mode.

Quads

Kudos0

Re: FBI MoneyPak Virus

OH BOY!!!!

Hi ..... Yesterday while I was on the Internet., thru Internet Explorer on my Laptop Windows 7 . What I NOW KNOW Thanks to my Cell. Is the. FBI MONEY PAC VIRUS !!! : (

I'm so NOT Computer literate. I'm a. Single mom of 4 and on a Tight budget . My daughter was able to Wipe the Laptop . Now every where I look on HOW to UNINSURED this Virus there is a large Fee. !!!

So I found ya'll! I read all of your posts n replies ! Quads you gave great info!!! I followed your steps carefully! Went to http://www.bleepingcomputer.com/download/otl/ clicked OTL Download. N brought me to Reimage ........ I hit download and the Terms n Agreement Box comes up.

I know it isn't free but NO where do I. See a Price.

So I. Stopped it. My Norton expired it is 70 $ Thru 139 . Too much money as my job just informed me of. Our hours being cut.

The Real FBI Site talks ALOT OF THIS SCAM! Reveton they named it. Said VERY difficult to get rid of as its "Installed" n even if you break through its Always in Background?? Not sure what that means. They advise getting a PRO to un install

I filed the Complaint as advised as well. But I think I should consider our Laptop a Loss and save for another. : (

I FEEL sooooo bad for ALL the people who got this thing and worse for people who paid because afraid and no one to tell them its a scam. Elderly especially.

Why can't they the REAL FBI STOP THIS? 1st report was 9-9-12 geez! Bad guys smarter than FBI is scary!

So bummed out in WI. : (

Niecee
Niecee
Kudos0

Re: FBI MoneyPak Virus

Wow! Free? Thank you! : )
Niecee
Kudos0

Re: FBI MoneyPak Virus

Mine won't go there either. I bought it a year ago. I. Shut it down then restart n it. Just SKIPS that page n other 2 when restarting. Straight to Sing in page. : (

I gave up. I feel really bad for my kids tho with home work n stuff. So I'll try a Llayway. For another b4 Christmas .

I hope your Acer works for you!
Niecee
Kudos0

Re: FBI MoneyPak Virus

I have no idea what you are talking about, and you are doing your own thing including using OTL anyway.

Good Luck

Quads

Kudos0

Re: FBI MoneyPak Virus

Ugh....... I'm new. Those 2 comments I wrote I THOUGHT I was commenting on other useers Posts. : (

Yes I look stupid n am embarrassed Mr. Quads n Thanks. For good Luck
Niecee
Kudos0

Re: FBI MoneyPak Virus

Niecee
Kudos0

Re: FBI MoneyPak Virus

We I trun it on it doesn't I don't see it run anything to give me the opportunity to us F8 function. The first thing it ask is "Enter primary HDD user password.  Once I type that in the screen is blank until it comes up with my password to log on to windows. Of course once I do that it goes straight to the FBI virus page. 

My other computer runs the progam you talk about when it is shut down improperly so I know what I should see to use the F8 function.   I was also told by a family member who heard about it on the radio that the more I mess with it the worse it gets. Is that true?

Kudos0

Re: FBI MoneyPak Virus

Sorry for being late for your post!

After reading all these replies, I haven't found some valuable details that were offered on the Internet by some security researchers some weeks ago. According to 2-spyware, you can use these two ways to disable FBI Moneypak virus:

* Try to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program and remove FBI Moneypak threat.

*   Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.

If these two methods won't help for you, I would also recommend this flash drive method, given on dieviren.de and losvirus.es:

1. Take another machine and use it to download anti-malware program. 

2. Update the program and put into the USB drive or simple CD.

3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.

4. Reboot computer infected with FBI virus once more and run a full system scan.

Good luck!

Kudos0

Re: FBI MoneyPak Virus

Well Done JacobWolfe!  Picked up this virus, ran complete scan 3 times to no avail.  Can't tell you how disappointed I am that Norton did not prevent this nor remove it !!!!!   And then they want another $99 to help you get rid of it.  Followed your manual instructions (which were very easy to follow by the way) and Shazam!  Virus is gone!  Also got rid of the  teamviewer.dll  error that was showing up.  Thanks!

Kudos0

Re: FBI MoneyPak Virus

http://www.fixpcyourself.com/how-to-unlock-computer-from-fbi-moneypak-virus/

this is the site i've used to remove it on my neighbors pc and just now i've used it to remove the moneypak virus from my fathers' sony vaio laptop. in searching for this site, i came across this thread. as long as you follow the instructions to the T, it'll get rid of the virus. 

Kudos0

Re: FBI MoneyPak Virus

This Video helps me to fix this virus - FBI Moneypak Virus / Malware Ransom Lock Removal

Kudos1

Re: FBI MoneyPak Virus

"Simple" my butt. No one in their right mind will tackle it themselves.  This ransomware/malware/virus/whatever is kicking a_ _  around the industry.  For one thing it has been around since at least last July and STILL not solved by the big boys. A large reason is that the thing uses a random number generator and keeps redefining itself so yesterday's fixes are no good today.  If you think you cleaned your own machine and got rid of the !@#$%^ you are probably wrong and soon to be hit again.  Real FBI facilities around the country have been briefed on it and not because their name is used. 

In my own case a Symantec technician failed on the first try to clean it.  Then an hour later a Symantec technician and his supervisor spent the entire night (midnight thru 5AM) going over my machine and finally beat the @#$%^& into submission. That was a week ago and  I would not even at this point want to guarantee it is gone. DO NOT try this at home.

Best bet is to stay to h away from any site that is not trusted and known reputable.  Keep your anti-virus updated daily and then cross your fingers.

Kudos0

Re: FBI MoneyPak Virus

I like this

"Then an hour later a Symantec technician and his supervisor spent the entire night (midnight thru 5AM) going over my machine and finally beat the @#$%^& into submission."

 

It wouldn't take all night to beat it, (my steps 1 to 3,) they probably did my Step 4 also to check the rest of the system, like I do with infected systems.

 

Hey that creates a new slogan

 

"Now Symantec Techs copy Quads"  hahahahaha

 

Quads

Kudos1

Re: FBI MoneyPak Virus

Hello,

My first post at Norton!

I think this official video from Norton on the FBI Moneypak Virus Removal should help.

http://www.youtube.com/watch?v=_dKBXeoLIFo

Warm Regards,

Dilip

Replies are locked for this thread.