Getting rid of "FBI has locked your computer" ransomeware - Page 3 - Pirate4x4.Com : 4x4 and Off-Road Forum
 
Pirate4x4.Com : 4x4 and Off-Road Forum  

Go Back   Pirate4x4.Com : 4x4 and Off-Road Forum > Miscellaneous > General Chit-Chat
Notices

Reply
 
Share Thread Tools Display Modes
Old 09-26-2012, 05:32 AM   #51 (permalink)
Wheeler
 
5zukyard's Avatar
 
Join Date: Jul 2009
Member # 139059
Location: NEPA
Posts: 201
Actually it worked fine online. Even hit the Xhamster waiting for it to lockup, but it never did.
__________________
When in doubt...gas it!
5zukyard is offline   Reply With Quote
Old 09-26-2012, 05:40 AM   #52 (permalink)
Registered User
 
Join Date: Dec 2004
Member # 39564
Location: Colorado Springs
Posts: 59
On our Windows 7 machine, I just logged in as an admin, deleted the infected users account and data. Created a new user account and haven't had a problem since.
NakedJeeper is offline   Reply With Quote
Old 09-26-2012, 07:01 PM   #53 (permalink)
Granite Guru
 
roundhouse's Avatar
 
Join Date: Feb 2003
Member # 16751
Location: Atlanta Jawja
Posts: 900
thanks for the info, dont need it right now,but have had that or something like itin the past.
__________________
Do we really think that a government-dominated education is going to produce citizens capable of dominating their government, as the education of a truly vigilant self-governing people requires?[Alan Keyes]

For some, Freedom matters, for most, prosperity suffices.[Fred Reed]

74Bronco EFI 5spd
roundhouse is offline   Reply With Quote
Old 10-02-2012, 06:44 AM   #54 (permalink)
Zeus of the Sluice
 
CaryW's Avatar
 
Join Date: Aug 2003
Member # 22104
Location: Northeast Texas
Posts: 2,635
Quote:
Originally Posted by oldjeep View Post
The one I fixed for the neighbor would only pop up when the computer had an internet connection, when it was disconnected the computer appeared to work fine.


FWIW - the instructions here worked for removing it:
Remove the FBI MoneyPak Ransomware or the Reveton Trojan
Trying this one now since there was a nice locked up laptop sitting my desk this morning.

Looks like this one came from someone downloading Game cheats.

ughh

If this easy link doesnt work, it is getting wiped.

It is funny, the evolution of a virus killer. At first it is fun and you take it as a personal challenge to clean computer and save the data. Then you start giving the option of paying for hours of work or a quick wipe, and finally you just wipe the bitch and tell em, "It was a bad one, I had to wipe it"
__________________
It is pitch black. You are likely to be eaten by a grue.
CaryW is offline   Reply With Quote
Old 10-02-2012, 06:49 AM   #55 (permalink)
Zeus of the Sluice
 
oldjeep's Avatar
 
Join Date: Mar 2001
Member # 3511
Location: MN
Posts: 4,965
Quote:
Originally Posted by CaryW View Post
Trying this one now since there was a nice locked up laptop sitting my desk this morning.

Looks like this one came from someone downloading Game cheats.

ughh

If this easy link doesnt work, it is getting wiped.

It is funny, the evolution of a virus killer. At first it is fun and you take it as a personal challenge to clean computer and save the data. Then you start giving the option of paying for hours of work or a quick wipe, and finally you just wipe the bitch and tell em, "It was a bad one, I had to wipe it"
The other thing you might have to do is run this into your registry. It undoes the task manager disable that some variants of the virus put in place. I don't think the tool at bleeping computer fixes that part.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
__________________
Chuck P
The clowns'? Oh, yeah, the clowns. We fight them too entire armies, spilling out of Volkswagons. We do our best to fight them off, but they keep sending 'em in!
www.oldjeep.com

Last edited by oldjeep; 10-02-2012 at 06:49 AM.
oldjeep is offline   Reply With Quote
Old 10-02-2012, 07:32 AM   #56 (permalink)
Wheeler
 
5zukyard's Avatar
 
Join Date: Jul 2009
Member # 139059
Location: NEPA
Posts: 201
Quote:
Originally Posted by 5zukyard View Post
So my wife calls me at work yesterday morning, to inform me that we are in deep shit cause the FBI has locked our computer. I remembered this thread and
gathered up all the info I could to hopefully get rid of this thing. Sure enough when I got home the thing was locked up. I stared at it for a min. or three, and we got company, so I shut down the computer. This morning I figure I will get a look at it before work, so I power up, and the thing works like a champ, no Moneypak Virus. WTF? In all that I have read about this virus, I have never heard of it attacking and leaving. I'm not real computer literate, and was glad it is gone, but I am confused and think it still is in there somwhere. Just some info.
So since I am a computer caveman, could either of you guys explain this? It's been working like a dream since the 26th, but I'm still sketched out.
__________________
When in doubt...gas it!
5zukyard is offline   Reply With Quote
Old 10-02-2012, 07:33 AM   #57 (permalink)
Zeus of the Sluice
 
oldjeep's Avatar
 
Join Date: Mar 2001
Member # 3511
Location: MN
Posts: 4,965
Quote:
Originally Posted by 5zukyard View Post
So since I am a computer caveman, could either of you guys explain this? It's been working like a dream since the 26th, but I'm still sketched out.
Go to the site I linked and run the Emisoft emergency kit software that is linked there. It'll show you if you still have a problem.
__________________
Chuck P
The clowns'? Oh, yeah, the clowns. We fight them too entire armies, spilling out of Volkswagons. We do our best to fight them off, but they keep sending 'em in!
www.oldjeep.com
oldjeep is offline   Reply With Quote
Old 10-02-2012, 08:01 AM   #58 (permalink)
DRM
Super Moderator
 
DRM's Avatar
 
Join Date: Feb 2000
Member # 8
Location: Spring Hill, TN
Posts: 19,715
Blog Entries: 1
Glad to see this thread helped a few others. I finally got it cleaned and working fine - but it took a few cleanings to do, and the links don't fix all the settings (like it removing all links from the desktop).
__________________
>David
> 4x4Spot.com
>It only hurts the first time you agree with me...
>"A little nonsense now and then is cherished by the wisest men."
DRM is offline   Reply With Quote
Old 10-02-2012, 08:04 AM   #59 (permalink)
Registered User
 
F2504x4's Avatar
 
Join Date: Jan 2007
Member # 85205
Location: Always going somewhere
Posts: 655
Reposting with a couple of updates

Use this to start your recovery, but read first
This section explains how to neutralize complicated malware, i.e. when user participation is required to modify the system registry or execute a special utility, for example. If you have not found the requested information in this section please submit a request to the Kaspersky Lab Technical support.

How to remove malware belonging to the family Rootkit.
TDSSKiller.exe

How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?


Quote:
Originally Posted by F2504x4 View Post
Okay this gonna be long, but I am posting this in-case someone wants to learn how to fix there shit.. so if you do this , you might be able to recover your computer after it gets nailed. First off, UPDATE YOUR ADOBE FLASH!! most of these bugs are getting in this way via security holes, then they kill your antivirus programs and Windows Firewall...A outdated Flash is a sure fire way to get infected...which is probably how you got nailed David..

Be sure you are running the latest Java, they just diid a update do to a security hole....
Java Auto Update

Also do your Windows updates Automatically... Now on to how to be ready to fix your shit...

Do this !!!
In the future burn these to a disk and the instructions to a text file in-case you do not or cannot get internet connection...
RKILL, Malawarebytes, Kaspersky Rescue Disc Combo-Fix,TDSSKiller.exe with all the updates as well, also put the instructions to re-enable windows firewall via services in a text file
Also add these to the disc or USB

Fsecure makes a rescue disc available for free.iso file and readme. file at How To - Remove threats - Removal Tools | F-Secure
as does Panda
and bit defender.
Good place to book mark for help , I use the pro-version of their free software..
Malwarebytes Forum

Be sure to check if Windows Firewall is enabled

To verify that Windows Firewall is enabled

Click Start, and then click Control Panel.

In Control Panel, click Security Center.

If Windows Firewall shows On, you are protected.

If Windows Firewall shows OFF, it has been disabled.

If it is off and sometimes you may think it is on , but when you click out , the "bug" disables it..and this also applies if you are not getting updates in Windows as well , the bug dis-ables that as well. Base Filtering Engine is also is knocked out .
Read more here..
Base Filtering Engine (BFE) service is missing: why did it happen and how to restore it

BFE-Repair-Windows-7.reg
Firewall-Repair-Windows-7.reg
BFE-Repair-Vista.reg
Firewall-Repair-Vista.reg

Good Read on using TDSSKiller.exe

How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?

trojan virus Sirefef disabled windows defender & Micro Trend f firewall - Tech Support Guy Forums
__________________
[QUOTE=Administrator;15106961]And exactly why its better I work in the backround and not meddle what makes pirate pirate. [/QUOTE]
F2504x4 is offline   Reply With Quote
Old 10-02-2012, 08:23 AM   #60 (permalink)
Registered User
 
F2504x4's Avatar
 
Join Date: Jan 2007
Member # 85205
Location: Always going somewhere
Posts: 655
Quote:
Originally Posted by DRM View Post
Glad to see this thread helped a few others. I finally got it cleaned and working fine - but it took a few cleanings to do, and the links don't fix all the settings (like it removing all links from the desktop).
Glad to hear David.... and yes this thread can be very useful if users READ, Downloading some of the tools listed BEFORE you get infected will help the recovery. Burn them to a disk, USB drive etc....from a CLEAN computer.
__________________
[QUOTE=Administrator;15106961]And exactly why its better I work in the backround and not meddle what makes pirate pirate. [/QUOTE]
F2504x4 is offline   Reply With Quote
Old 10-02-2012, 08:23 AM   #61 (permalink)
Registered User
 
Join Date: Nov 2009
Member # 146445
Location: Nerk, Ahia
Posts: 34
Not sure how I missed this thread, but thanks for posting up about it. I also had an "easy one" I was still able to boot into safe mode. rkill and malwarebytes did the trick.

EDIT: User said it came from pornhub

Last edited by skearton; 10-02-2012 at 08:25 AM.
skearton is offline   Reply With Quote
Old 10-02-2012, 08:46 AM   #62 (permalink)
Zeus of the Sluice
 
CaryW's Avatar
 
Join Date: Aug 2003
Member # 22104
Location: Northeast Texas
Posts: 2,635
Ok, all seems well but I have one error message on startup that I need to get rid of, but I cant seem to find the command.

"There was a problem starting C:\Users/\lara\appdata\local\temp\"

How do I get rid of that?

Win7 BTW
__________________
It is pitch black. You are likely to be eaten by a grue.
CaryW is offline   Reply With Quote
Old 10-02-2012, 08:58 AM   #63 (permalink)
.
 
Join Date: May 2005
Member # 48224
Posts: 54
Quote:
Originally Posted by CaryW View Post
...It is funny, the evolution of a virus killer. At first it is fun and you take it as a personal challenge to clean computer and save the data. Then you start giving the option of paying for hours of work or a quick wipe, and finally you just wipe the bitch and tell em, "It was a bad one, I had to wipe it"
I do miss the old viruses that weren't destructive. My first exposure was the "Stoned" virus. Can't remember when, but my best guess was the late 80's. Easy enough to clean.

http://en.wikipedia.org/wiki/Stoned_(computer_virus)
FoghornLeghorn is offline   Reply With Quote
Old 10-02-2012, 09:12 AM   #64 (permalink)
Zeus of the Sluice
 
oldjeep's Avatar
 
Join Date: Mar 2001
Member # 3511
Location: MN
Posts: 4,965
Quote:
Originally Posted by CaryW View Post
Ok, all seems well but I have one error message on startup that I need to get rid of, but I cant seem to find the command.

"There was a problem starting C:\Users/\lara\appdata\local\temp\"

How do I get rid of that?

Win7 BTW

Run MSConfig from a command prompt and look at the startup tab
__________________
Chuck P
The clowns'? Oh, yeah, the clowns. We fight them too entire armies, spilling out of Volkswagons. We do our best to fight them off, but they keep sending 'em in!
www.oldjeep.com

Last edited by oldjeep; 10-02-2012 at 09:12 AM.
oldjeep is offline   Reply With Quote
Old 10-02-2012, 09:39 AM   #65 (permalink)
Registered User
 
Join Date: Sep 2008
Member # 120626
Location: Indiana
Posts: 1,710
Had this the other day on one at work. Did a complete reformat to factory config and it seems to have worked. Haven't had it pop up yet.

I checked my temp folder and it was clear, anywhere else I should be looking? I'm not as savvy as most of you it seems.
__________________
Quote:
Originally Posted by 45acp View Post
I can't blame him for that... I would much rather sit around and do bong rips than try and clean all this shit up. :thumbsup:
mechanicalmongoose20 is offline   Reply With Quote
Old 10-02-2012, 04:03 PM   #66 (permalink)
SHOOT TO THRILL!
 
300sniper's Avatar
 
Join Date: Jan 2004
Member # 26382
Location: Greenwood, Ca
Posts: 7,537
my laptop caught this last week. for a week or two before the fbi thing, when ever i'd log into my yahoo mail, ie wold kick me out and say it stopped working. logging into my yahoo mail from google chrome seemed to work fine. i am wondering if there was something in my spam folder that caused this. i deleted my spam without even going into it and never clicked on any questionable links in my email. i don't go to questionable sites.

i don't know much about this stuff but i tried messing with it in my hotel room for a couple days. i know it disabled my firewall and i can't turn it back on. it also disabled system restore. the computer would open and function in safe mode. i gave up on and was going to try again when i got home so i could research on my desk top while messing with the laptop.

of course, when i got home, the laptop fired up normal and the fbi ransom has not come back. sitting back in my hotel now and it is still working fine. i know it isn't gone though.
300sniper is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 11:22 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 ©2011, Crawlability, Inc.