Hi,
I've been reading so much about the FBI MoneyPak virus contaminating computers. You would think that with all the techs out there someone could find a way to block it. Can anyone explain why this malware is so hard to block from entering a computer.
Hello Norby and welcome to Seven Forums.
The FBI MonkeyPak Ransomware is a computer infection that locks you out of your computer and your applications until you pay a ransom of $100 in the form of a MoneyPak. This infection is typically installed onto a computer when the user visits a hacked web site that contains malicious scripts that exploit vulnerabilities on the computer to install the FBI Ransomware without their knowledge or permission. It is for these reasons that it is imperative that all computer users make sure their installed programs, including Windows, are up-to-date with the latest patches.
Remove the FBI MoneyPak Ransomware or the Reveton Trojan
So the biggest problem is when people fail to install the latest patches, hotfixes, etc on all their installed programs, not just Windows. No anti-malware program is going to be 100% effective 100% of the time (if there was such a thing we'd all be using it.) If someone is running an outdated Java, Adobe Flash, Adobe or Foxit Reader, etc they are contributing to their own infection. By the time an anti-malware program might detect that the user has accessed a hacked web site containing the malicious scripts, the damage has already been done.
Here is another little possibility. Using Torrents. When downloading using such programs the things you download come in little pieces for different computers all over the world. The infection comes in little pieces (without a complete signature) and sneaks by the security. Once in the system it is put back together and presto your infected.
The infection looks like this to a security program
xoxoxox and when a security programs sees that it stops it. When it is sent xo and from another computer is sent xo ect. the security program lets the xo in your system where the get put back together as xoxoxol and presto you are infected. Also many users of Torrents set their computer for smooth downloading and bypass their firewall and security programs and many don't even know they have done so. Many people don't do the basics and expect their security programs to do everything.
They open what ever email they receive. They don't scan programs when downloaded, they just install them. The list goes on and on. Here is a Microsoft site to get started on learning about being more secure.
Their are many this is just one.
Resources | Microsoft Safety & Security Center
A "Drive-by" through a website where malware is planted is a way of getting infected. The download happens without a person's knowledge...
There is another issue.
Although all FBI Moneypak shares about the same text and design, it is completely different parasites in many cases.
There are like 10 families of it, where several are more dominant. So, there is lots of work to detect such parasites in time.
P'O'd I just got this virus last night.
FWIW they are now asking for $300.00 and it disables the safe mode option.
I am uncertain if I will be able to even get a command prompt, and don't really have the "voodoo" to use commands. I may just replace the OS completely by putting a New Drive in and reinstalling the OS from a restore drive.
If I'm not command prompt savy what are my other options?
Might be a good idea to use Firefox with NoScript add on in future.
A bootable antimalware of some kind may be the answer.
There are several available for free download:
I found this
"Processes
%WINDIR%\system32\0_0u_l.exe
%APPDATA%\jork_0_typ_col.exe
%TEMP%\0_0u_l.exe
%Temp%\[RANDOM].exe
tpl_0_c.exe
%StartupFolder%\ch810.exe
DLLs
%StartupFolder%\wpbt0.dll
Other Files
%StartupFolder%\ctfmon.lnk
WARNING.txt
V.class
Registry Keys
%AppData%\vsdsrv32.exe
cconf.txt.enc"
but am uncertain if I know how to get to the directories in command prompt
Quote