Sunday, 14 July 2013

Remove FBI moneypack Virus

             The FBI virus, also referred to as the FBI Moneypak virus, Citadel Reveton, and more are terms for ransomware we discovered in 2012 that cyber criminals use in attempt to disguise themselves as the FBI. The FBI virus utilizes Trojan horses (Trojan.Ransomlock.R, reveton) in order to lock computer systems (Your PC is blocked). The FBI virus applies a variety of unethical tactics, including social engineering in attempt to persuade unsuspecting victims to pay an unnecessary fine by making fraudulent claims that the computer has been involved in illegal activity (cyber crime) (downloaded or distributed copyrighted material or viewed child pornography, etc.) and demands a penalty fine of $100, $200, $300, or more to be paid in order to unlock the computer system within the allotted time of 48 to 72 hours by use of Moneypak cards (REloadit virus, Ultimate Game Card Virus, Ukash Virus). The FBI Moneypak ransomware virus also states on the fake FBI screen that you (the computer owner) may see jail time if the fine is not paid in time.

FBI Anti-Piracy MoneyPak Ransomware screen shot

             The Ransomware will block your computer screen in the normal mode until you pay the money. However, you can access your computer in safe mode. Here are the few techniques to remove these Ransomware.


Step 1 : Boot your computer in Safe mode with networking

Step 2 : Download and install Hitman pro. You can download HitmanPro from the below link
Download Hitman pro
             
              You need not to buy or register the product. You can use the trial version to remove this Ransomware. You can see the the Ransomeware threat which is detected in scan.
                              
               You can also download and install Malwarebytes to remove this trojanvirus.
Download Malwarebytes

                Run Rkill on your computer  Download Rkill

                Also Run TDSSKILLER on your computer
Download Tdsskiller

Remove the temporary files both temp and %temp%.

               After running the scan you can boot your computer in normal and check. In case the FBI virus still blocks your computer access, you need to remove the registry entries for this associated with this Ransomware.

Step 3 : To open Registry editor, press Windows+R and type regedit and press OK.

To remove this Trojan entry please find below the registry entries and remove suspected registry key. You can find AdobeARM in these registry keys. Please remove the Adobe ARM Registry entry only from the listed registry locations by pressing Delete option from your keyboard.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

 Step 4 : Open a Run option and type %appdata%,  please remove the the any suspected notepads.

                If the AdobeARM registry keys is removed, your computer will be almost unlocked and you can run any virus scan and boot your computer in normal mode.

                In case the virus is still blocks your computer you need to perform system restore.
Follow the below steps to perform system restore. 

1. Launch your PC into Safe Mode with Command Prompt. During the start, keep pressing F8 key till the Advanced Windows Options Menu shows up and then use the arrow key on the keyboard to highlight the Safe Mode with Command Prompt option and then press Enter.

Image

Make sure you login your computer with administrative privileges. (login as admin)

2. Once the Command Prompt appears you only have few seconds to type “explorer” and hit Enter. If you fail to do so within 2-3 seconds, the ransomware virus will not allow you to type anymore.


Image

3. Once Windows Explorer shows up browse to:

Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
Win Vista/Seven: C:\windows\system32\rstrui.exe and press Enter








Image


4. Follow all steps to restore or recover your computer system to an earlier time and date (restore point), before infection.

Image

Once the system restore process complete, run anti virus scans which are mentioned above to continue work on your computer. 


Hope I saved money for you.

Help us to improve


No comments:

Post a Comment