FBI moneypak

Well, I just went a few rounds with FBI Moneypak.

Unlike the previous encounters when it could be eliminated via Safe Mode, this version not only required a Kaspersky CD to create an runtime environment outside of Windows, but I threw everything else at it.

That included Malwarebytes, ComboFix, and the AVG which was on the PC. All said and done ComboFix plucked a program called "RadioRage", and out of the three versions of Java installed, only two were licensed to Oracle. Also, as usual with some viruses, it managed to knock out explorer.exe at startup after removal.

The grand finale was having to edit the registry to knock out the .dll errors which cropped up at startup.

These guys are persistent, I'll give 'em that...

:mad

 

I would recommend on going to the malware forums too make sure its clean.Never had and most likely never will i have no idea what you guys are downloading to get this virus.

 

Encountered the safe mode resistant one a while back at work. Totally resisted persecution, so I formated it. Not my PC, just one at work. I suspect church pron. :-D

 

Church pron?

What do they wear priestly collars while tapping that as...er...nun?

 

Aww Tisk tisk mod making a boo boo double posting.:-D

 

The client visits sites outside of the US in the EU for starters, and I say "how did you do this?" to pretty much every customer. Most likely the "in" was the unlicensed version of Java, or a poison webpage.

Between MalwareBytes, and ComboFix it's coming up clean.

Also, here's a great tool to check up on processes:

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

:major

There's also a complete suite available:

http://technet.microsoft.com/en-us/sysinternals/bb842062

 

If you don't know, I am not going to tell you... :-D:-D

It actually is a term I came up with, due to real life experience. Just my personal experience, but the people who seem to get the most virus problems where I am at, are the outspoken Christian folk, who just use their computer to check their emails and such..

 

I know how to clean virus's off system i normally scan first and see if my AVG,Malwarebytes,Advanced SystemCare,or CCleaner will remove it.95% of the time they will remove The Virus or malware off of my system.I am very rarely seen on the malware forums.

If i can not get them programs to remove the file then i do it my self.I will go threw F8 safe mode then search the whole system even hidden files.And then remove and then go threw the tedious task of going threw the registry which can take up to an hour of my time to search all files.

This is all so how i remove files that i don't use any more remove them completely.

I go to tons a web pages a day like 100 or more and still do not get any issues.Main reason my AVG Pro will block any incoming virus traffic and it lets me know be cause of the sweet firewall.And my AVG Bar on the Firefox Blocks a good amount all so.

If people would learn to set there scanners to do a full scan every night or when sleeping then they would not have a problem.

 

Nope. Forum software fail. It normally prevents double posting.

 

Was not your fault most likely MG server was running extremely slow all day yesterday.

 

I've had a couple of double postings too, one that has caught me a couple of times is a jump from editing a post to new reply which if nothing is changed ends up looking like a double post, think it's been my fault but not sure. 2-3 over 5 years so no biggie.

 

Ran into a new version of Moneypack this week. Not only does it freeze the screen, it also plays a verbal announcement to the effect of "Our computer has been locked. Please send $300 via Moneypack to immediately unlock it."

Although this may sound evil, the client who brought it in for service spoke very little English and had no clue what the announcement was saying. :-D

 

Haha verbal announcement? Never come across that I must say, loud ads yeah.

Our computers finally talk to us and they ask for some cash, figures:-D

 

Wouldn't have caught me either I don't have $300, the jokes on them:-D

What happened to buying an unlock program for $20-$30? You can get a used laptop for $300 or new netbook:-D I'd prolly stretch to eighty bucks, if they had one of my family membersroflmao

 

Sure, sometimes I have too much fun.

The choice of the amount is interesting, it basically gives you the choice between a new laptop or paying the ransom to have yours released, very similar to how dodgy technicians or any repairmen for that matter operate. There has been many a time where I've weighed up the repair cost vs the new cost so it's easy to empathise with people who choose to pay up.

I still have many computer users who will not listen to basic surfing or downloading practices so I'm hesitant to imagine their reaction to a full scam.

I admit I haven't seen this virus in the UK, found a nice read here-

http://www.forbes.com/sites/davidwi...-the-insidious-fbi-moneypak-ransomware-virus/

 

This version was more advanced than any I have seen before.

I restarted, went into Safe Mode, and it promptly logged me out of Safe Mode :mad

I think that the unlicensed Java update was probably the "in", but I can't be 100% sure. Just goes to show it pays not only to update it legit, but make sure you remove older versions...

 

I have seen stuff about it but still have not got this virus.

I would like to take a crack at it.What i mean is look into it's programing to see where it is coming from.

 

The one I dealt with would not let me into safe mode. Nuked the hard drive. I don't get paid to do a whole lot of scanning and stuff for most of the computers. Actually, I think I swapped out hard drives, may still have the infected drive. Might be fun to play around with one day when I get bored.

 

I like the a-hats that get a mean Ransom-ware virus, believe it, then crap themselves and ring the Federal Police, and send me a copy of the virus! Why would I want their virus, F.F.S.!rolleyes .LOL

 

Actually, and this may be coincidental, I found three versions of Java. Two were from Oracle, one was not. During the "cleansing" process, there were a boatload of what were described as Java objects.

One thing I do know is that fake Java was definitely like inviting Dracula in for dinner, and dessert...

 

Safe mode doesn't work? That's why I have a Linux boot disc. Let's see how you like another operating system.

 

That's actually how I pulled it off, booting an alternate operating system environment other than Windows.

There is also a Kaspersky .iso over in the malware forums. It boots it's own OS, and downloads updates to the virus database as well. I liked it so much I added it to my arsenal.

 

Very interesting. I will have to check that out. Sounds like an easy way to take care of the problems at work.