A neighbor of mine called last night with a virus on his PC. It was the “FBI Monepak virus”. It presents you with a screen that you cant’ get past and wants you to buy a moneypak card and send them the money (it even uses your webcam to show a picture of you.) With the virus prominently displayed on the screen I could ctl-alt-delete and select Task Manager but it wouldn’t appear (apparently stuck behind the virus screen. All the sites I found suggested booting into “Safe Mode with Networking”, but I found on my neighbor’s that as soon as that logged in the computer would go into a reboot.
This was a pretty good virus. The average person would be lost and off to the shop for an expensive fix.
Here is how I cleaned it up (this is not a detailed step-by-step, reply if you have a question):
- Power off and restart.
- Hit F8 until you get the boot screen, and select “Safe mode” (not “with networking”)
- 2013/05/21: It happened to my neighbor again, only this time the Safe Mode doesn’t work; however, I noticed that there is now an option at that point that says “Repair computer”. Select that and you’ll get an option for “system restore” per step #4.
- Once in there, go to Start menu and search for “system restore”
- Open the “restore to earlier time” or “restore system files …” and continue until you get into the restore utility.
- Select a restore point from well before the virus appeared (I went back about two weeks for my neighbor’s).
- Restore it (this can take a loooooong time)
- Once restored, hopefully you’ll be able to login again.
- At this point, make sure your security software is properly updated (if you don’t have any download Microsoft Security Essentials and update it – it is free and has very good reviews.)
- Update your security software.
- Scan your computer (a full scan)
- Run windows update, preferably run CCleaner too, and I suggest using Spybot – Search and Destroy. (Be careful, some of the download sites have adds with downloads, make sure you are getting the right thing)