Ransomware FBI moneypak

[Donald]

I am looking to help someone to get rid of this ransomware. Will Malwarebyres take care of it 100% or do I need to do manual steps? I see some search results from Google, but want to make sure I use a reasonable approach, and not install another virus along the way.

 

[Rand]

restart in safe mode with network support

(hit f8-f8-f8 continuously after bios screen and before windows logo)

run malwarebytes .. should fix er up.


http://www.fixpcyourself.com/how-to-unlock-computer-from-fbi-moneypak-virus/

gives a decent writeup on it.

 

[Donald]

I was thinking of pulling the HD and doing it from another (working) PC. That should do it I assume?

 

[SrDriver]

Run SuperAntiSpyware portable edition from a thumb drive.

See the following web site.
Link To SuperAntiSpyware Portable

After you get it cleaned up. Do a search for the free Norton DNS Server and change your DNS settings.

Change the account that you use daily to a non-admin account and I recommend Google Chrome as a web browser which can help prevent future infections with it's sandbox feature.

A lot of people this week are getting hit with this.

 

[2004tdigls]

what antivirus program are you running now??

 

[Donald]

Its not my computer, but I think he is running ESET as I suggested it.

I never seem to get a virus. Only other people.

 

[Donald]

Any idea how people are getting this ransomware??

 

[SrDriver]

It is caused by visiting a web site that has been infected. Called a drive by infection. They are more common with Windows but too Mac versions have surfaced.

Norton offers a free DNS service (Norton DNS) free for home users. You can find it by searching. Follow the instructions for setup.

Sandbox feature of Google Chrome can help + not using an administrator account for everyday use.

Making sure that you check windows updates, keep anti-virus current and install the free WOT Extension for you browser with help too.

Doing a periodic backup to an external USB hard drive is a + too.

 

[ahoier]

I've seen them.....usually they are "injected" into ads on sites, you'd never even knew.....it's the advertisers themselves not checking what kind of ads their clients are inserting.....


They typically are loaded with Javascript and will "mimmick" a Windows Explorer template, stating "Your computer is infected! Click here to Fix All Errors" as it proceeds to "fake" (act like it's scanning your computer) and detecting 100s of "viruses" - but in all actuality, there are NO viruses on the PC.....but the "software" that was just loaded when the user clicked "YES" to the User Account Control Prompt, "are you sure you want to run FBI Moneypak?"


Then there's usually a gimmick.....to "Fix" the "detected" files....you must "register" (I.e.: pay the ransom....money, CC, bank card.....) the product.


Apparantly a lot of suckers fall for it.....likely mooching off the elderly, teeneragers, and novice users.


But yes, between MalwareBytes, SUPERAntiSpyware, and Spybot S&D (in that order......and NOT all at the same time......) you should be all cleaned up....