cfourkays
asked on
Moneypak Removal
Dell laptop B130 with W-7 installed.
Get FBI warning on boot.
I've removed a number of them but this on is different, for me.
I can't get to Safe Mode. From the F8 display, each selection, Safe Mode, with Networking,
with Command Prompt gives me a quick peek at the Home page and goes into the warning.
I can access from a CD. UBCD4WIN but there's nothing on there to help.
Tried to Restore from the CD but no restore points.
I don't have the DVD that was used to install W-7 on this original XP but it's a legit install.
Pete
Get FBI warning on boot.
I've removed a number of them but this on is different, for me.
I can't get to Safe Mode. From the F8 display, each selection, Safe Mode, with Networking,
with Command Prompt gives me a quick peek at the Home page and goes into the warning.
I can access from a CD. UBCD4WIN but there's nothing on there to help.
Tried to Restore from the CD but no restore points.
I don't have the DVD that was used to install W-7 on this original XP but it's a legit install.
Pete
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@cfourkays,
Based on your past history, I'm sure you've tried all of the steps shown by 'Grinler' - right?
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware
I've burned the Emisoft Emergency Kit to both USB and CD and have been carrying it around in my tool kit for a few weeks now.
Try creating a Bootable CD or USB stick and see if that helps you get back to a bootable system:
http://www.emsisoft.com/en/software/eek/
Based on your past history, I'm sure you've tried all of the steps shown by 'Grinler' - right?
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware
I've burned the Emisoft Emergency Kit to both USB and CD and have been carrying it around in my tool kit for a few weeks now.
Try creating a Bootable CD or USB stick and see if that helps you get back to a bootable system:
http://www.emsisoft.com/en/software/eek/
ASKER
Hey there, n2fc. When I click on Repair, starts to load then stops.
Also tried a System Restore using the Registry Restore Wizard on the UBCD but there's none there.
younghv, one of the problems with getting old is temporary memory loss.
You must be suffering from it since we both worked this type problem before.
https://www.experts-exchange.com/questions/27820159/FBI-Moneypak-Malware.html
This is rather embarrassing.
I'm taking the drive out tomorrow and will post back.
Pete
Also tried a System Restore using the Registry Restore Wizard on the UBCD but there's none there.
younghv, one of the problems with getting old is temporary memory loss.
You must be suffering from it since we both worked this type problem before.
https://www.experts-exchange.com/questions/27820159/FBI-Moneypak-Malware.html
This is rather embarrassing.
I'm taking the drive out tomorrow and will post back.
Pete
Hey Pete -
You're right my <Admin Edit> mind isn't the well-oiled machine it once was...or maybe I've over-oiled it through the years (if you know what I mean).
I would sure like to know what variant of this stuff your customers are finding down there, that link I posted from BP has been working up here.
I'll monitor this to see what else you come up with on your slave scan.
Have you tried any of the other Boot CD's (i.e., http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline?SignedIn=1)?
Hang tough,
Vic
You're right my <Admin Edit> mind isn't the well-oiled machine it once was...or maybe I've over-oiled it through the years (if you know what I mean).
I would sure like to know what variant of this stuff your customers are finding down there, that link I posted from BP has been working up here.
I'll monitor this to see what else you come up with on your slave scan.
Have you tried any of the other Boot CD's (i.e., http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline?SignedIn=1)?
Hang tough,
Vic
ASKER
Just got prodded by automod. 3 day warning.
I'm running Malwarebytes full scan on the affected drive, slaved to a wotk PC.
Any other cleaners I can use before I put the drive back in?
I'm running Malwarebytes full scan on the affected drive, slaved to a wotk PC.
Any other cleaners I can use before I put the drive back in?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Whew!
TDSSKiller while slaved took out something I forgot to record but then allowed me to boot.
After booting, Malwarebytes took out:
"Backdoor.IRCBot, Trojan.oAcess"
and a couple more misc.
Thanks n2fc and younghv
TDSSKiller while slaved took out something I forgot to record but then allowed me to boot.
After booting, Malwarebytes took out:
"Backdoor.IRCBot, Trojan.oAcess"
and a couple more misc.
Thanks n2fc and younghv
ASKER
Always get an answer or find a solution since 2003.
Hey Pete -
Thanks for the comments and really glad you worked through this one.
Vic
Thanks for the comments and really glad you worked through this one.
Vic
Restart the PC
Press F8 on bootup
Select REPAIR YOUR COMPUTER
Click on REPAIR
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Can you get to this screen?
If yes
Select System restore
If you have restore point before you were infected, restore it
You should then be able to get to SAFE MODE & do normal AV recovery steps...