FBI Moneypak Ransomware Virus

[Gomar]

got hit by it. System locked, nothing worked. Lots of info on the net, and it did what the sites say.
So, I re-booted the PC, checked all start-up files, saw a new .exe file, disabled and deleted it, rebooted, and PC works fine since. I didnt do any of the safe-mode tricks stated on the web either.

This site looks good:
http://www.americanpendulum.com/

but are there still remaining virus files?

 

[scaarbelly]

The free Malwarebytes gets rid of the traces of it.

 

[evilsofa]

This site looks good:
http://www.americanpendulum.com/

No, it doesn't.

"SpyHunter’s free scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware suite to remove the malware threats."

I find it kind of weird that a political site is trying so hard to sell a mediocre antimalware product. Look at this page, and the very strange orange SpyHunter ad at the bottom.

bleepingcomputer.com is a very trustworthy site that's been around for many years that specializes in tutorials and advice on how to remove malware. They have a tutorial for FBI Moneypak. Do that.

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

 

[evilsofa]

To further clarify why I tend to be suspicious of sites with malware removal tutorials: a common malware tactic is for the malware author to make sites with tutorials to remove the original malware that explain that the customer must buy something - often a fake antimalware that is itself malware. You see a lot of these crap sites when doing web searches on the name of a malware.

 

[hawk82]

Read this thread, run the tools suggested, and if nothing further comes up, you should be all set.

 

[YeOldeStonecat]

Yup..it's an easy one to clean up, even manually..without tools. Seeing tons of them lately in our area.

 

[timreichhart]

That tutorial on bleepingcomputer.com for this virus suggested to use Emsisoft Emergency Kit do not use it because it does not work I had to fix an computer for an customer had this virus what I had to do was download combofix onto an cd-r then restart the computer in safe mood then ran combofix to remove this virus. After combofix was done and virus removed restart windows into regular windows and downloaded spybot,malwarebyes, MSE then did full scan with these tools to make sure this virus was gone and it was gone.

No, it doesn't.

"SpyHunter’s free scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware suite to remove the malware threats."

I find it kind of weird that a political site is trying so hard to sell a mediocre antimalware product. Look at this page, and the very strange orange SpyHunter ad at the bottom.

bleepingcomputer.com is a very trustworthy site that's been around for many years that specializes in tutorials and advice on how to remove malware. They have a tutorial for FBI Moneypak. Do that.

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

 

[dashpuppy]

Yup..it's an easy one to clean up, even manually..without tools. Seeing tons of them lately in our area.

Untangle not stopping it ?

 

[YeOldeStonecat]

Untangle not stopping it ?

I have not seen it at any client we have behind Untangle....have seen TONS of it from home users and various smaller businesses.
The randonly named .EXEs site inside of <user profile>\application data or all users\application data...run from a default entry in the registry /RUN. Just gotta get to those 2 locations to stop it.