FBI Moneypak Virus fix

A neighbor of mine called last night with a virus on his PC. It was the “FBI Monepak virus”. It presents you with a screen that you cant’ get past and wants you to buy a moneypak card and send them the money (it even uses your webcam to show a picture of you.) With the virus prominently displayed on the screen I could ctl-alt-delete and select Task Manager but it wouldn’t appear (apparently stuck behind the virus screen. All the sites I found suggested booting into “Safe Mode with Networking”, but I found on my neighbor’s that as soon as that logged in the computer would go into a reboot.

This was a pretty good virus. The average person would be lost and off to the shop for an expensive fix.

Here is how I cleaned it up (this is not a detailed step-by-step, reply if you have a question):

  1. Power off and restart.
  2. Hit F8 until you get the boot screen, and select “Safe mode” (not “with networking”)
  3. 2013/05/21: It happened to my neighbor again, only this time the Safe Mode doesn’t work; however, I noticed that there is now an option at that point that says “Repair computer”. Select that and you’ll get an option for “system restore” per step #4.
  4. Once in there, go to Start menu and search for “system restore”
  5. Open the “restore to earlier time” or “restore system files …” and continue until you get into the restore utility.
  6. Select a restore point from well before the virus appeared (I went back about two weeks for my neighbor’s).
  7. Restore it (this can take a loooooong time)
  8. Once restored, hopefully you’ll be able to login again.
  9. At this point, make sure your security software is properly updated (if you don’t have any download Microsoft Security Essentials and update it – it is free and has very good reviews.)
  10. Update your security software.
  11. Scan your computer (a full scan)
  12. Run windows update, preferably run CCleaner too, and I suggest using Spybot – Search and Destroy. (Be careful, some of the download sites have adds with downloads, make sure you are getting the right thing)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s