My nephew's computer (no fault of his own I am sure...right) got attacked by the FBI MoneyPak ransomware virus. It has been a tough one to get off the computer...came across this site that has been very helpful! Anyone here know much about this "ransomeware"? Any advice/input in removing this from his computer? I started working on it last night and haven't been able to check it out yet today. Hoping it is all good but you never know...
Yeah its a *****. Best way to get rid of it is to try to get into his account or another admin account under safe mode and remove it manually from the many places it hides. Its annoying for sure.
Yeah its a *****. Best way to get rid of it is to try to get into his account or another admin account under safe mode and remove it manually from the many places it hides. Its annoying for sure.
That is one of the problems since his account is the only one on there...and it blocked even safe mode. I was able to download the above linked info onto a USB drive, start the computer using the USB drive and run the Anvisoft rescue software. The funny thing is that Anvisoft scan showed no infections but the "repair" scan (registry scan) found a "hijacked" issue. I clicked fix and it said the problem was repaired. I ran out of time at that point but did start the computer into safe mode and was allowed to do so. I just didn't have time to do anything else yet...
That is one of the problems since his account is the only one on there...and it blocked even safe mode. I was able to download the above linked info onto a USB drive, start the computer using the USB drive and run the Anvisoft rescue software. The funny thing is that Anvisoft scan showed no infections but the "repair" scan (registry scan) found a "hijacked" issue. I clicked fix and it said the problem was repaired. I ran out of time at that point but did start the computer into safe mode and was allowed to do so. I just didn't have time to do anything else yet...
This is why its a great idea to have a couple accounts. One to let the average joe use for whatever (without admin) and one to unscrew it that has admin rights.
This is why its a great idea to have a couple accounts. One to let the average joe use for whatever (without admin) and one to unscrew it that has admin rights.
If someone has an account that does not have administrative rights can they download/install programs even though they are not admins?
Some programs dont need admin rights which is how these buggers get in. But a majority of legit software wont install without admin rights.
They need admin rights to modify system files and the registry. If it doesn't need admin rights, the only thing it can do is eat files you own. It can't do anything to the system.
They say that English surnames came from what you did with your life. I'm so glad my last name isn't Dickinson.
They need admin rights to modify system files and the registry. If it doesn't need admin rights, the only thing it can do is eat files you own. It can't do anything to the system.
Correct, which is why its great to have a separate account with admin rights that you only use to install things, not to abuse. My personal favorite malware is the ones that hide your documents and various other user specific files so it errors out when you log in. Great stuff.
I tried to reinstall the OS (from a partition...CDs did not come with the computer) and the repair function shuts down almost immediately. Not sure if this is a result of the ransomeware or not? I hate not being able to work on it during the day as it is like a puzzle that I keep wanting to work on to see what I can come up with.
Most of the time when I encounter this infection Malwarebytes takes care of it for me.
I will boot into safe mode and run a full system scan, once finished I will let it remove what it found and have it restart to finish fixing the problem. Once restart is done I install CCleaner and remove temp files and clean out the registry. 9 times out of 10 that takes care of most of the problem.
Since you can't get to safe mode I would go the USB route you have already tried with security software
Most of the time when I encounter this infection Malwarebytes takes care of it for me.
I will boot into safe mode and run a full system scan, once finished I will let it remove what it found and have it restart to finish fixing the problem. Once restart is done I install CCleaner and remove temp files and clean out the registry. 9 times out of 10 that takes care of most of the problem.
Since you can't get to safe mode I would go the USB route you have already tried with security software
Yeah...that is what I usually do as well. I will boot into safe mode this evening and install and run Malwarebytes. I do use CCleaner as well...and might run two or three other programs just to be safe!
Boot in safe mode and do a windows restore to a prev date prior to having the virus... has worked for every virus I've ever had. Will not impact saved documents since then... make sure and run a virus scan after you're up and running again. Good luck.
LinkBack URL
About LinkBacks
Reply With Quote
Originally Posted by bos 
Bookmarks