Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Question about FBI MoneyPak

03 Feb 2013   #1
Norby

windows 7
 
 
Question about FBI MoneyPak

Hi,
I've been reading so much about the FBI MoneyPak virus contaminating computers. You would think that with all the techs out there someone could find a way to block it. Can anyone explain why this malware is so hard to block from entering a computer.


My System SpecsSystem Spec
.

03 Feb 2013   #2
marsmimar

Microsoft Community Contributor Award Recipient

Win 7 Pro 64-bit
 
 

Hello Norby and welcome to Seven Forums.

The FBI MonkeyPak Ransomware is a computer infection that locks you out of your computer and your applications until you pay a ransom of $100 in the form of a MoneyPak. This infection is typically installed onto a computer when the user visits a hacked web site that contains malicious scripts that exploit vulnerabilities on the computer to install the FBI Ransomware without their knowledge or permission. It is for these reasons that it is imperative that all computer users make sure their installed programs, including Windows, are up-to-date with the latest patches.

Remove the FBI MoneyPak Ransomware or the Reveton Trojan

So the biggest problem is when people fail to install the latest patches, hotfixes, etc on all their installed programs, not just Windows. No anti-malware program is going to be 100% effective 100% of the time (if there was such a thing we'd all be using it.) If someone is running an outdated Java, Adobe Flash, Adobe or Foxit Reader, etc they are contributing to their own infection. By the time an anti-malware program might detect that the user has accessed a hacked web site containing the malicious scripts, the damage has already been done.
My System SpecsSystem Spec
03 Feb 2013   #3
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Here is another little possibility. Using Torrents. When downloading using such programs the things you download come in little pieces for different computers all over the world. The infection comes in little pieces (without a complete signature) and sneaks by the security. Once in the system it is put back together and presto your infected.
The infection looks like this to a security program
xoxoxox and when a security programs sees that it stops it. When it is sent xo and from another computer is sent xo ect. the security program lets the xo in your system where the get put back together as xoxoxol and presto you are infected. Also many users of Torrents set their computer for smooth downloading and bypass their firewall and security programs and many don't even know they have done so. Many people don't do the basics and expect their security programs to do everything.
They open what ever email they receive. They don't scan programs when downloaded, they just install them. The list goes on and on. Here is a Microsoft site to get started on learning about being more secure.
Their are many this is just one.
Resources | Microsoft Safety & Security Center
My System SpecsSystem Spec
.


03 Feb 2013   #4
cottonball

Windows 7 Home Premium
 
 

A "Drive-by" through a website where malware is planted is a way of getting infected. The download happens without a person's knowledge...
My System SpecsSystem Spec
04 Feb 2013   #5
gied

Windows 7 64 / Windows 8 64
 
 

There is another issue.
Although all FBI Moneypak shares about the same text and design, it is completely different parasites in many cases.
There are like 10 families of it, where several are more dominant. So, there is lots of work to detect such parasites in time.
My System SpecsSystem Spec
12 May 2013   #6
MarkBearD

Wondows 7
 
 

P'O'd I just got this virus last night.
FWIW they are now asking for $300.00 and it disables the safe mode option.
I am uncertain if I will be able to even get a command prompt, and don't really have the "voodoo" to use commands. I may just replace the OS completely by putting a New Drive in and reinstalling the OS from a restore drive.
If I'm not command prompt savy what are my other options?
My System SpecsSystem Spec
12 May 2013   #7
SIW2

Microsoft Community Contributor Award Recipient

Vista x64 / 7 X64
 
 

Might be a good idea to use Firefox with NoScript add on in future.

A bootable antimalware of some kind may be the answer.

There are several available for free download:
My System SpecsSystem Spec
12 May 2013   #8
SIW2

Microsoft Community Contributor Award Recipient

Vista x64 / 7 X64
 
 

My System SpecsSystem Spec
12 May 2013   #9
MarkBearD

Wondows 7
 
 

I found this
"Processes
%WINDIR%\system32\0_0u_l.exe
%APPDATA%\jork_0_typ_col.exe
%TEMP%\0_0u_l.exe
%Temp%\[RANDOM].exe
tpl_0_c.exe
%StartupFolder%\ch810.exe
DLLs
%StartupFolder%\wpbt0.dll
Other Files
%StartupFolder%\ctfmon.lnk
WARNING.txt
V.class
Registry Keys
%AppData%\vsdsrv32.exe
cconf.txt.enc"

but am uncertain if I know how to get to the directories in command prompt
My System SpecsSystem Spec
12 May 2013   #10
Golden

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64
 
 

Don't attempt manual removal - use the links SiW provided
My System SpecsSystem Spec
Reply

 Question about FBI MoneyPak




Thread Tools





Similar help and support threads
Thread Forum
Question about ISO's
This may sound like a dumb question, but is an ISO of Windows 7 with sp1 that you download from a website the exact same thing as a Windows 7 disk that you'd buy in the box at a store? If not, what is the difference?
General Discussion
Thermal Paste Question..(Noobish Question)
Hey guys, I recently purchased Corsair H40 that came with pre applied thermal paste. Before I placed the H40 sink on my processor, I applied a thin layer on the on the processor with Cooler Master thermal paste. So essentially I mixed the H40 pre applied thermal paste with the Cooler Master thermal...
PC Custom Builds and Overclocking
How to get rid of MoneyPak ransomware infection
My husband's user account has been taken over by the FBI-MoneyPak virus and is currently unusable. The other two accounts on the computer are password-protected (his isn't) and seem OK for now. I ran Windows Security Essentials and Malwarebytes scans from my account and they detected nothing. How...
System Security
Answer Question, Ask Question.
First (hope you get the reference): In a world where a piano is a weapon, not a musical instrument, on what does Scott Joplin play "The Maple Leaf Rag"?
Chillout Room
Logitech 5.1 surround question and soundcard question IDT and Realtek
So my situation is unique lol i have a Dell inspiron n5010 laptop running Windows 7 ultimate 64 bit the soundcard for this is either IDT 92HD79B1, v.6.10.0.6267, A01 or A03 i dont know what the default one mine came with is. Documentation i hope that helps ^ and the attatchment i...
Sound & Audio
A little question...
Couple of minutes ago my windows freeze,again,while browsing the internet One of you guys told me to stop all the runnig services,but I'm a little scared of what could happen next. So,could you guys help me again,please? Thank you.
General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:40.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App