Question about FBI MoneyPak

[Norby]

Hi,
I've been reading so much about the FBI MoneyPak virus contaminating computers. You would think that with all the techs out there someone could find a way to block it. Can anyone explain why this malware is so hard to block from entering a computer.

 

[marsmimar]

Hello Norby and welcome to Seven Forums.

The FBI MonkeyPak Ransomware is a computer infection that locks you out of your computer and your applications until you pay a ransom of $100 in the form of a MoneyPak. This infection is typically installed onto a computer when the user visits a hacked web site that contains malicious scripts that exploit vulnerabilities on the computer to install the FBI Ransomware without their knowledge or permission. It is for these reasons that it is imperative that all computer users make sure their installed programs, including Windows, are up-to-date with the latest patches.

Remove the FBI MoneyPak Ransomware or the Reveton Trojan

So the biggest problem is when people fail to install the latest patches, hotfixes, etc on all their installed programs, not just Windows. No anti-malware program is going to be 100% effective 100% of the time (if there was such a thing we'd all be using it.) If someone is running an outdated Java, Adobe Flash, Adobe or Foxit Reader, etc they are contributing to their own infection. By the time an anti-malware program might detect that the user has accessed a hacked web site containing the malicious scripts, the damage has already been done.

 

[Layback Bear]

Here is another little possibility. Using Torrents. When downloading using such programs the things you download come in little pieces for different computers all over the world. The infection comes in little pieces (without a complete signature) and sneaks by the security. Once in the system it is put back together and presto your infected.
The infection looks like this to a security program
xoxoxox and when a security programs sees that it stops it. When it is sent xo and from another computer is sent xo ect. the security program lets the xo in your system where the get put back together as xoxoxol and presto you are infected. Also many users of Torrents set their computer for smooth downloading and bypass their firewall and security programs and many don't even know they have done so. Many people don't do the basics and expect their security programs to do everything.
They open what ever email they receive. They don't scan programs when downloaded, they just install them. The list goes on and on. Here is a Microsoft site to get started on learning about being more secure.
Their are many this is just one.
Resources | Microsoft Safety & Security Center

 

[cottonball]

A "Drive-by" through a website where malware is planted is a way of getting infected. The download happens without a person's knowledge...

 

[gied]

There is another issue.
Although all FBI Moneypak shares about the same text and design, it is completely different parasites in many cases.
There are like 10 families of it, where several are more dominant. So, there is lots of work to detect such parasites in time.

 

[MarkBearD]

P'O'd I just got this virus last night.
FWIW they are now asking for $300.00 and it disables the safe mode option.
I am uncertain if I will be able to even get a command prompt, and don't really have the "voodoo" to use commands. I may just replace the OS completely by putting a New Drive in and reinstalling the OS from a restore drive.
If I'm not command prompt savy what are my other options?

 

[SIW2]

Might be a good idea to use Firefox with NoScript add on in future.

A bootable antimalware of some kind may be the answer.

There are several available for free download:

 

[SIW2]

Dr.Web CureIt! — download free anti-virus! Cure viruses, Best free anti-virus scanner!

Download Avira AntiVir Rescue System | Official Website

 

[MarkBearD]

I found this
"Processes
%WINDIR%\system32\0_0u_l.exe
%APPDATA%\jork_0_typ_col.exe
%TEMP%\0_0u_l.exe
%Temp%\[RANDOM].exe
tpl_0_c.exe
%StartupFolder%\ch810.exe
DLLs
%StartupFolder%\wpbt0.dll
Other Files
%StartupFolder%\ctfmon.lnk
WARNING.txt
V.class
Registry Keys
%AppData%\vsdsrv32.exe
cconf.txt.enc"

but am uncertain if I know how to get to the directories in command prompt

 

[Golden]

Don't attempt manual removal - use the links SiW provided

 

[HAVOC]

I fixed this on my computer by booting from the Windows CD and choosing Repair and restoring to an earlier time. Choosing any safe mode would just cause the computer to reboot. I had an error the restore didn't work but upon reboot it infact did work. I then used other programs to delete any leftover files. There were alot in the Temp file.

I was on google looking at pictures of Toyota Tacoma's and I got this (I think it had to do with Java so I no longer have it installed).

 

[MarkBearD]

After great wailing and gnashing of teeth I managed to get my guest profile changed to an admin profile. then went to another pc and downloaded malware of different types. not sure which one got it but I'm now on my pc and it is seeming to be ok. I will take it to a friend who has more voodoo than I do and have him ops check everything
Malware Bytes
Hitman and
Spybot
between the three I seem to have cleaned up the problem

 

[Layback Bear]

This is a free scan that works well for me.

Free Online Virus Scanner | ESET