I've managed to catch a very nasty virus on my lap top.

KevinP73 · 05-14-2013, 04:09 PM

So I've managed to catch the "moneyPak/FBI" virus on my lap top. Everything I've read says to boot in safe mode but running XP all I get is the MS BSOD. I've got the original XP disc and I guess I have to set my BIOS to boot from cd.
My hesitation is I've never done something like this and am very concerned about losing some/all of the my data. Is there anything I should do in advance to keep from losing anything?
Moral and Technical advice Invited and Welcomed.

AFC-911 · 05-14-2013, 04:14 PM

If you can get to safe mode and follow the rest of the instructions, it's easy enough to remove (I know from experience)...

That said, I don't know how should deal with the Blue Screen of Death. Good luck.

Radioactive · 05-14-2013, 04:14 PM

Some of the latest virus's are hard to remove. If you get a boot sector virus or root kit type of virus it is very hard to remove even in safe mode.

I use a live cd (a bootable cd that has virus removal tools)

Do you have another computer?

KevinP73 · 05-14-2013, 04:24 PM

Quote:

Originally Posted by Radioactive

Some of the latest virus's are hard to remove. If you get a boot sector virus or root kit type of virus it is very hard to remove even in safe mode.

I use a live cd (a bootable cd that has virus removal tools)

Do you have another computer?

Yes I've got a clean system I'm working from.

cruisin · 05-14-2013, 04:35 PM

If it's the virus that says your system is locked until you pay a fee to some site, Spy Hunter from the Enigma Software Group is very effective at getting rid of it. You will have to find a way to boot up in safe mode though. Once you've gotten into safe mode, get on the Internet and search for Spy Hunter or google the name of the virus warning crap and look for fixes.

Hitting the F8 key during start up will generally get you into safe mode options. Be sure to choose the option "with networking" so you have access to the net.

KevinP73 · 05-14-2013, 04:45 PM

If I hit the F8 key during boot up it will give me the option of four ways to proceed.
Boot Normal
Boot to last known good settings
Safe Mode with Network
Safe mode without network
No matter which I choose (with or without network) I'll see a bunch of code scroll up the screen and then I get a blue screen with text telling me Windows has encountered a problem and has shut down to avoid causing any damage to my system.
I've been told this is normal for XP Professional.

Radioactive · 05-14-2013, 04:46 PM

safe mode with networking

KevinP73 · 05-14-2013, 05:13 PM

BSOD every time.

dafischer · 05-14-2013, 06:24 PM

Just go to WalMart, buy the MoneyPak, and send them the code. Everything will then be okay.

Nahh, just kidding. I had the same thing occur, and called the guy we use for computer repair and such. It took him about an hour to get rid of it, and it did some other nasty stuff, like screwing with the the registry. It took him a while to get everything back to normal, but it was $100 well spent. Everything that I was able to find about the Malware(using the laptop) said that the best idea would be to call a pro to remove it. It turned out to be the best idea.

Radioactive · 05-14-2013, 06:29 PM

Download a boot cd

Burning Hiren’s BootCD | HBCD Fan & Discussion Platform

Flieger · Flieger's Garage

I got rid of a rogue antivirus last year with spyware doctor. I broke down and paid for a year subscription. The free tools I tried wouldn't get rid of it and it only took a few minutes with the spyware doctor so it was worth it in my book.

I hope you have backed up your files.

Even with the virus gone there still were lingering problems that a local computer guy fixed (for a fee of course).

I have Vista, though. I was able to boot into SM with network and go online. I had to use IE, though because the virus was blocking Firefox even in Safe Mode.

Radioactive · 05-14-2013, 07:06 PM

After you download and burn the boot cd, boot the computer from the cd.

Plug in a usb drive, copy all of your files off of the laptop before you attempt to fix.

KevinP73 · 05-14-2013, 07:52 PM

Quote:

Originally Posted by Radioactive

After you download and burn the boot cd, boot the computer from the cd.

Plug in a usb drive, copy all of your files off of the laptop before you attempt to fix.

No love, it wouldn't boot to anything except the hd

KevinP73 · 05-14-2013, 08:24 PM

Fixed it !! My sister brought over a Norton disc that we booted from and ran the virus checker. It found 131 suspicious entries in the registry and cleaned them out.
It's running fine again.
Thanks for all the suggestions.

Z-man · Z-man's Garage

I hate these hackers who earn a 'living' by exploiting others through computer viruses and malware. Imagine if these folks actually did productive and helpful things instead of this?

My work lappy got hit with the FBI / Moneypak virus. They reloaded my profile and got me back.

If you are able to get into safemode, one way to get around this virus is to use a system restore from a time prior to the virus hitting your machine. (You should have your system automatically back itsealf up at least weekly). If may not get rid of all components of the virus, but it will get you going.

-Z-man.

Radioactive · 05-15-2013, 05:45 AM

The nastiest malware virus I have found, had created its own partition on the hard drive. No matter what software you used to clean and remove the virus, it would reload itself from the hidden partition it had created on the hard drive. I finally found the small hidden partion with a linux live cd, and removed it, re wrote the boot code.

It was by far the most challenging virus I have ever had to remove.

If I had formatted and reloaded windows the virus would have still been there.

A930Rocket · 05-15-2013, 08:24 PM

My wife and daughter were watching a Neflix movie when a picture was taken of them on her laptop last night. Then a notice came up that her computer was locked because of porn and she needed to pay a fine.

My son fixed it by going back a fre days to restore it. Seems to be working ok now.

azasadny · azasadny's Garage

Paying for software to "fix" this stuff is just as bad as paying the hackers who extorting $ from you in the 1st place...

flipper35 · flipper35's Garage

Most times with these they are tied to your user profile and if you log in under a different one you can run your Malwarebytes or other software to clean them if safe mode doesn't work

We use keep a copy of Malwarebytes on our computers. Had that FBI one once and it was gone after a "quick scan".