SpyWare BeWare! ASAP
March 29, 2017, 05:58:00 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: [1]   Go Down
  Print  
Author Topic: FBI MoneyPak, Ransomware virus removal  (Read 5671 times)
0 Members and 1 Guest are viewing this topic.
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« on: December 01, 2011, 08:56:06 AM »

FBI MoneyPak, Ransomware virus removal

For Vista, W7 and W8: (You'll need a usb flash drive)

1. Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

2. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

[1]Restart the computer.
[2]As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
[3]Use the arrow keys to select the Repair your computer menu item.
[4]Select US as the keyboard language settings, and then click Next.
[5]Select the operating system you want to repair, and then click Next.
[6]Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: HERE

 
To enter System Recovery Options by using Windows installation disc:

[1]Insert the installation disc.
[2]Restart your computer.
[3]If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
[4]Click Repair your computer.
[5]Select US as the keyboard language settings, and then click Next.
[6]Select the operating system you want to repair, and then click Next.
[7]Select your user account and click Next.

3. On the System Recovery Options menu you will get the following options:

*Startup Repair
*System Restore
*Windows Complete PC Restore
*Windows Memory Diagnostic Tool
*Command Prompt


Select Command Prompt

Once in the Command Prompt:

[1]In the command window type in notepad and press Enter.
[2]The notepad opens. Under File menu select Open.
[3]Select "Computer" and find your flash drive letter and close the notepad.
[4]In the command window type e:\frst (for x64 bit version type e:\frst64)  and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[5]The tool will start to run.
[6]When the tool opens click Yes to disclaimer.
[7]Press Scan button.
[8]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For XP and XP Pro:

These methods may help remove this malware: (XP is a little harder to work on)

This will work if you have a good system restore point and can get to the Command prompt: (If it doesn't work the first time keep trying...you may be able to get it)

Step 1: Use F8 to Boot to SafeMode With Command Prompt or Command Prompt
Step 2: Type the word "explorer" in black screen > enter
Step 3: Then Navigate to:
Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
Win Vista/Seven: C:\windows\system32\rstrui.exe and press Enter (double click rstrui.exe)
Step 4: Restore Computer to Date you know you were virus free
Step 5: See if it boots up normally.....post on the forum so we can ensure the computer's clean

Here's a little trick that may work:
You need to select the “Safe Mode with Command Prompt” option and then hit the Enter key. This will boot the computer with minimal drivers, and no startup programs will run except cmd.exe.

<=====><=====><=====><=====><=====><=====>

Use Kaspersky Rescue Disk and Unlocker:

  • Download Kaspersky Rescue Disk (iso)

  • Burn it to a cd or dvd, if you need a program to burn an ISO...use Active@ ISO Burner

  • Kaspersky Unlocker can also be loaded on to a USB flashdrive:
    http://support.kaspersky.com/8092

  • The Kaspersky Disk also has a Registry Editor that can be used to delete or modify the registry entries responsible for the hijack if Unlocker doesn't work.
    If you need guidance please ask.

  • Kaspersky WindowsUnlocker to fight ransom malware Tutorial

  • Configure your computer to boot from CD/DVD
  • Note : If you do not know how to set your computer to boot from CD/DVD follow the steps HERE

  • Once you have the cd/DVD created, boot the computer up using it
  • Press any key to enter the menu
  • Select your language
  • Press 1 to accept the End User License Agreement

  • Select Kaspersky Rescue Disk. Graphic Mode

  • Click on the Start button located in the left bottom corner of the screen

  • Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Metropolitan Police Virus



    Note: If you can't find Kaspersky WindowsUnlocker, go to Terminal instead > type > windowsunlocker > choose 1 - Unlock Windows > Enter

  • When it's done, click on the Start button and start Kaspersky Rescue Disk utility

  • Click on My Update Center tab and press Start to download the latest update

  • Next, select the Object Scan tab

  • Put a check next to C:\ and any other local drives

  • Then click Start Objects Scan

  • Quarantine any malware found

  • Restart your computer and see if it boots up normally

<=====><=====><=====><=====><=====><=====>

Sometimes HitmanPro.Kickstart will work:
http://www.bleepingcomputer.com/virus-removal/remove-computer-crime-intellectual-property-section

Good Luck.....MrC
Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
Pages: [1]   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!