FBI Investigation Moneypak virus - Hardware & Software

Howdy. I am having a bit of trouble. Earlier today, my computer locked up and a window showed telling me the government had locked my computer and I had to pay $200 via moneypak to open it again. I immedietly knew this was bullshit and looked it up. Sure enough, it's a fairly widespread and popular scam.There are plenty of guides on how to manually remove it, but the thing is, when I go to remove the files the guide tells me to, they just aren't there. and I have made sure that I am showing hidden files. Eventually my computer booted without being locked out and I started an avg scan. The avg scan did not detect anything. Then I did a spyhunter scan, It detected everything, but wanted me to buy the software to remove it. I am now scanning with malwarebytes. It is almost at the end of the scan and still hasn't found anything. What do I do? I don't want to get off my computer until this is fixed, I need to change all my passwords asap when this thing is removed, it might have a keylogger in it. If anyone has experienced this virus before and knows how to deal with it, please do tell. I am at a dead end here.

Given how little success you've had with a standard anti-virus/malware scan I'd say that this is a rootkit infection, I've never really dealt with any rootkit infections in the past, but I'd recommend trying a scan with the following (Please only use one at a time and be sure to remove the previous one fully before trying the next): [url]http://support.kaspersky.com/faq/?qid=208283363[/url] [url]http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx[/url]

Are you showing hidden files or also showing hidden protected operating system files?

What this is, is a botnet that you have to pay. Most people are idiots and don't know anything about computers so they pay the fee. Running AVG will do nothing its most likely FUD{fully undetected} Here you go [url]http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/[/url] Also might want to check your msconfig out. [url]http://www.ehow.com/how_6927541_msconfig.html[/url]

I did find the virus with malwarebytes. I removed it, and I used CCleaner and cleaned all temp files and the registry. But now I have another problem, my computer just goes to a black screen after I log on, I need to open the task manager and start explorer.exe manually. In CCleaner, on startup, I disabled these because I think these have something to do with the virus: HKCU:Run.....veanm...."C:\Windows\System32\rundll32.exe" "C:\Users\Duskling\AppData\Roaming\veanm.dll",String_Type HKCU:Run.....dscmic....rundll32.exe "C:\Users\Duskling\AppData\Roaming\dscmic.dll",IDrawText If these are genuine windows things, please let me know, but they may be infected. Even though malwarebytes says that the virus is gone I can't help but feel like I am not safe.

[QUOTE=Duskling;38288206]I can't help but feel like I am not safe.[/QUOTE] Then reformat and reinstall. About the black screen, have you tried to see if it happens under Safe Mode? You can also try running in an admin cmd: "sfc /scannow", which should validate some of the system files in the chance that the virus fucked with your explorer.exe.

I'd just do a format and reinstall if you still feel unsafe. If there was a keylogger involved anywhere you may only realize it in a few weeks which would be bad given how long it would take to recover/change passwords,etc. Better to spend an hour or 2 reinstalling windows now, than to spend a few days/weeks and possibly quite a bit of money on restoring things if it is worse.

[url]http://www.surfright.nl/en/[/url] Try the hitman pro trial, I found it to be effective at removing some things malware bytes doesn't pickup

I wouldn't do a format, I just have too much stuff that I would have to set up again. This morning, avg picked up SMBHelper.exe, and I sent it to the vault. Scanning again now. I already changed all my passwords.

Sounds kinda like the Ukash virus if you ask me. Glad you removed it, But keep this in mind for the next time it happens. I also recommend you clean you registry for missing RunOnce programs.