This post is more than 5 years old
8 Posts
0
46106
Dell Laptop invaded by scam which has locked computer
The first response did not correct the situation. After I log on with my password, the desktop appears briefly and then I get a message from supposedly the Federal Bureau of Investigation requesting $ to unlock the computer. It doesn't allow me to do anything. I've taped on F8 with no results.
I would appreciate further assistance. Thanking you in advance for your help.
iroc9555
1K Posts
1
October 16th, 2012 15:00
Hi Gloria.
I was about to post in the other thread. You do not need to open a new one just hit reply a follow the thread. Since you are here. this is my answer:
You appeared to be infected with FBI MoneyPak Ransomware, and like Ky331 said your AV is not going to get rid of it. You can follow this tutorial:
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware
Better yet if you open a topic in Bleepingcomputer: http://www.bleepingcomputer.com/forums/topic182397.html
Or in: http://spywarehammer.com/simplemachinesforum/index.php?board=10.0
to seek expert help.
iroc9555
1K Posts
1
October 16th, 2012 17:00
Dale.
My reference to an AV not able to get rid of this kind of malware was based on a reply Gloria got in another thread.
http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19471315.aspx
These ransomware change continously and most security softwares can't keep up. Also since it is most likely delivered as a trojan, it could have other surprises. Even though Bleepingcomputer has a tutorial to remove it, it is better if a specialist could take a look at Gloria's system to make sure it is really clean.
Regards.
dalem29
2 Intern
2 Intern
•
2.2K Posts
1
October 16th, 2012 17:00
Gloria did not say what if any antivirus or maleware detection programming she was using. Several weeks ago, this ransom scumware locked up my screen and wanted the $200 to take care of it. It seemed like WinPatrol was almost able to start in order to block it, but not in time.
I was able to start in Safe Mode, which revealed the desktop, then MBAM was able get rid of this variant. It also had turned off the Windows firewall and Antivir and I was able to get them restarted. Multiple scans including some online ones since then seem to indicate this pest is gone.
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
1
October 16th, 2012 17:00
I like the detailed info and tutorial at ESET, but as you mentioned these things are always changing and tend to invite other problems.
iroc9555
1K Posts
1
October 16th, 2012 18:00
BB.
What do you mean ?
This: http://kb.eset.com/esetkb/index?page=content&id=SOLN3140&actp=search&viewlocale=en_US&searchid=1350431889504
or this: http://kb.eset.com/esetkb/index?page=content&id=SOLN3035
Could you post the link to the tutorial ?
ky331
3 Apprentice
3 Apprentice
•
15.3K Posts
1
October 16th, 2012 20:00
We've had 3 or 4 people enter this thread after Gloria's opening statement... I would hope that we can be patient and wait for another response from her. I have only one basic comment/suggestion to offer her:
Gloria wrote: "After I log on with my password, the desktop appears briefly... I've tap
ed on F8 with no results".
The way I'm reading this, you waited until after you typed your password, and after the desktop appeared, to tap the F8. The F8 key needs to be pressed as soon as you turn on your PC, as the initial DeLL logo is appearing. If you wait past that screen, it's too late to enter safe mode.
Gloria333
8 Posts
0
October 18th, 2012 13:00
I appreciate this information. Have A Good Day!
Gloria333
8 Posts
0
October 18th, 2012 13:00
Thank you for this information. It was helpful. Have A Good Day!
ky331
3 Apprentice
3 Apprentice
•
15.3K Posts
0
October 18th, 2012 14:00
Gloria,
Does this mean you've solved/fixed your problem?
I realize the presence of so many "helpers" in this thread can be intimidating, and I do hope you're not just walking away from it all. If you're still interested, I'm sure we can agree on one person to assist you, until your issues are fully resolved. Or we can send you to another site, where you can start fresh again, working with a single helper.
Gloria333
8 Posts
0
October 19th, 2012 10:00
To ky331
I'm trying to get familiar with Dell's support website. Hope you receive this message. Yes, I was able to unlock by trying the power button and F8 a few times until I was successful. Thanks so much for your help. Now, I'm exploring some security software. Have A Good Day!
Gloria
twblunk
1 Message
0
January 9th, 2013 10:00
I have been infected with the FBI MoneyPak Ransonware and I have tried a couple of the "fixes" which unfortunately don't work. When I try to bring up Safe Mode, the infection still blocks my PC in all Safe Modes so I can't get to the desktop.
Any suggestions on other steps or fixes??
Tom
ky331
3 Apprentice
3 Apprentice
•
15.3K Posts
0
January 9th, 2013 12:00
Tom,
Since the infection is present even in Safe Mode, you have a very intrusive variety.
If you wish to tackle the problem yourself, try carefully following the steps indicated here: http://blog.malwarebytes.org/intelligence/2012/12/ransomware/ (to create a Kaspersky Rescue disk using another [good/clean] computer, then use it to boot-up and clean the infected system, followed by downloading/installing/running MBAM on the infected system).
If you'd prefer to have someone online "walk you through" these or other steps: Please follow the directions at http://spywarehammer.com/simplemachinesforum/index.php?topic=12262.0 to register and post the requested DDS logs at spywarehammer.com ; there are expert helpers there who can "walk you through" procedures to analyze your system, and clean-up the infection. All help provided there is FREE. If you decide to go for help there, please wait for a response, and do NOT attempt to run any other scans/removers on your own --- do exactly what they instruct you to do, no more, no less.
Either way, wishing you good luck!
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
0
May 30th, 2013 14:00
I'm not sure why there are multiple solutions to the original poster's question, but this discussion is almost six months old, so it can be closed.
If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Other members who need assistance please start your own topic in a new thread. Thanks!
The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.