Computer Attacked

[Searcher7]

I was looking up a wrestler via Google image links when some malicious
software took over my system. (Which is why I'm writing this from the
library).

Now when my system is connected to the internet the only page that
will display is a mock FBI page attempting to extort money from me via
"Moneypack". And I'm unable to get to my desktop, right click, or even
use my keyboard keys outside of numbers and letters.

I have AVG for all the good that did, and would appreciate advice on
how to correct my problem.

Can someone recommend a free anti-Malware app I can download onto my
flash drive at the library and install on my home pc?

I'm not sure I can do this, but just in case does anyone have the step-
by-step instructions for system restore? (I have WIndows XP).

Thanks.

Darren Harris
Staten Island, New York.

 

[Bruce Hagen]

I was looking up a wrestler via Google image links when some malicious
software took over my system. (Which is why I'm writing this from the
library).

Now when my system is connected to the internet the only page that
will display is a mock FBI page attempting to extort money from me via
"Moneypack". And I'm unable to get to my desktop, right click, or even
use my keyboard keys outside of numbers and letters.

I have AVG for all the good that did, and would appreciate advice on
how to correct my problem.

Can someone recommend a free anti-Malware app I can download onto my
flash drive at the library and install on my home pc?

I'm not sure I can do this, but just in case does anyone have the step-
by-step instructions for system restore? (I have WIndows XP).

Thanks.

Darren Harris
Staten Island, New York.

Download the free version of this tool. Check for updates first and then
run a full scan.

Malwarebytes Anti-Malware
http://www.malwarebytes.org/products/malwarebytes_free

 

[Paul]

I was looking up a wrestler via Google image links when some malicious
software took over my system. (Which is why I'm writing this from the
library).

Now when my system is connected to the internet the only page that
will display is a mock FBI page attempting to extort money from me via
"Moneypack". And I'm unable to get to my desktop, right click, or even
use my keyboard keys outside of numbers and letters.

I have AVG for all the good that did, and would appreciate advice on
how to correct my problem.

Can someone recommend a free anti-Malware app I can download onto my
flash drive at the library and install on my home pc?

I'm not sure I can do this, but just in case does anyone have the step-
by-step instructions for system restore? (I have WIndows XP).

Thanks.

Darren Harris
Staten Island, New York.

System Restore is not guaranteed to fix anything.

A well-designed malware, especially one expecting to extort money
from you, will attack the restore points as one of the things
on it's "to-do" list.

A full backup would be the thing to restore from.

Or, a clean install.

Depending on the outcome of MalwareBytes.

It's pretty recent, so good procedures may be harder to find.

http://www.bleepingcomputer.com/forums/topic458412.html

This was a guided help session, where the helper on the
other end, was reviewing the tool output.

http://forums.majorgeeks.com/showthread.php?s=1608955ac05bfd78a8cceab25249ff55&p=1750340#post1750340

Their "first step" includes this README.

http://forums.majorgeeks.com/showthread.php?t=35407

As you can see, MalwareBytes is on their tool list.
Some of the other tools, are for their personal guided help.
Note the "Step 4: Toggle System Restore", which flushed all
the restore points, the backup copies of the registry in
there, and so on. Step 4, is because of the known
infection of SR by malware.

http://forums.majorgeeks.com/showthread.php?t=139313

"We only toggle System Restore *after* you are clean because
keeping even infected restore points around while we are
fixing things may prove useful if something goes wrong during
the process. An infected restore point could be better than
none at all!"

HTH,
Paul

 

[Paul]

I found specific instructions for removing W32/Reveton here.
The first step, is to disable the part that takes control.
Apparently a soft link in the Startup folder.
Then, regular AV software can be used to clean up afterwards.

http://www.f-secure.com/v-descs/trojan_w32_reveton.shtml

Paul

 

[Yousuf Khan]

I was looking up a wrestler via Google image links when some malicious
software took over my system. (Which is why I'm writing this from the
library).

Now when my system is connected to the internet the only page that
will display is a mock FBI page attempting to extort money from me via
"Moneypack". And I'm unable to get to my desktop, right click, or even
use my keyboard keys outside of numbers and letters.

I have AVG for all the good that did, and would appreciate advice on
how to correct my problem.

Can someone recommend a free anti-Malware app I can download onto my
flash drive at the library and install on my home pc?

I'm not sure I can do this, but just in case does anyone have the step-
by-step instructions for system restore? (I have WIndows XP).

Thanks.

Darren Harris
Staten Island, New York.

Yes, this is a new piece of malware that's been getting a lot of
attention lately. The malware will usually have the name of various law
enforcement agencies throughout the world attached to it, like the FBI,
RCMP, etc.

Metropolitan Police malware warning issued – beware the ransomware
attack! | Naked Security
http://nakedsecurity.sophos.com/2012/02/13/metropolitan-police-malware-warning/

Best thing is to simply keep your anti-virus uptodate. In the meantime,
you should run an anti-virus scan from an offline virus scanner. Most
antivirus software come in standalone versions that run outside of
Windows through a separate boot CD.

Yousuf Khan

 

[Flasherly]

I was looking up a wrestler via Google image links when some malicious
software took over my system. (Which is why I'm writing this from the
library).

Now when my system is connected to the internet the only page that
will display is a mock FBI page attempting to extort money from me via
"Moneypack". And I'm unable to get to my desktop, right click, or even
use my keyboard keys outside of numbers and letters.

I have AVG for all the good that did, and would appreciate advice on
how to correct my problem.

Can someone recommend a free anti-Malware app I can download onto my
flash drive at the library and install on my home pc?

I'm not sure I can do this, but just in case does anyone have the step-
by-step instructions for system restore? (I have WIndows XP).

Thanks.

Darren Harris
Staten Island, New York.

Welcome, conceptually, to backups.

 

[Red Cloud]

Yes, this is a new piece of malware that's been getting a lot of
attention lately. The malware will usually have the name of various law
enforcement agencies throughout the world attached to it, like the FBI,
RCMP, etc.

Metropolitan Police malware warning issued – beware the ransomware
attack! | Naked Securityhttp://nakedsecurity.sophos.com/2012/02/13/metropolitan-police-malwar...

Best thing is to simply keep your anti-virus uptodate. In the meantime,
you should run an anti-virus scan from an offline virus scanner. Most
antivirus software come in standalone versions that run outside of
Windows through a separate boot CD.

        Yousuf Khan

I don't use anti-virus thing it's slow down the speed. I rather
reinstall OS again.

 

[Flasherly]

I don't use anti-virus thing it's slow down the speed. I rather
reinstall OS again.

Pain. . .you have elected The Walk of The Path of Pain, Red Cloud.

MS says, and I quote verbatim [note the 'rules'] -- 'Periodically do
blow it off, Red Cloud, start from scratch, that's it Chief Ataboy,
and reinstall [the OS] ..hmmmm.. about every six months.'

You cannot yet see. Allow me.

These words do not have steel in them;- They are written to flow in
the wind just before the storm;- That, all shall see;- For, when Angry
Bird descends from High Wind Mountain, The Tribe forms into the Grand
Teepee, where none stand outside before Angry Bird to hear his angry
words;- Words all Creatures below Sky must know to come in, so that
what Angry Bird opens are clear before The Tribe walks new paths;-
And, that all words with no steel be known, it is thus so they have
fallen before his truth to been carried away.

Shake your bootie Red Cloud and do a little Ghost Dance for when Peter
stood tall before men, while he was young and strong;- A cat couldn't
scratch it.

 

[glee]

I was looking up a wrestler via Google image links when some malicious
software took over my system. (Which is why I'm writing this from the
library).

Now when my system is connected to the internet the only page that
will display is a mock FBI page attempting to extort money from me via
"Moneypack". And I'm unable to get to my desktop, right click, or even
use my keyboard keys outside of numbers and letters.

I have AVG for all the good that did, and would appreciate advice on
how to correct my problem.

Can someone recommend a free anti-Malware app I can download onto my
flash drive at the library and install on my home pc?

I'm not sure I can do this, but just in case does anyone have the
step-
by-step instructions for system restore? (I have WIndows XP).

Follow the Automated Removal Instructions exactly, here:
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

 

[(PeteCresswell)]

Per Red Cloud:

I don't use anti-virus thing it's slow down the speed. I rather
reinstall OS again.

Try Avast. I'm a borderline lunatic when it comes to response
time and find Avast tb no problem on my regular PC.

On my netbook, it gets in the way a little when the device is
first booted as it downloads the latest updates - and taxes the
pitiful little Atom processor. But even I can live with that.

As far as running bare goes, what about the time between your PC
getting infected with malware and your discovering the infection?

Lotta Bad Things can be done by the malware perpetrators during
that time. Your address book can be harvested, making you a PITA
to anybody unfortunate enough to be in it. Keystroke monitors
can harvest your UserIDs/Passwords... and so-on...

 

[Mike Easter]

Yousuf Khan

I don't use anti-virus thing it's slow down the speed. I rather
reinstall OS again.

Posted via GG googlegroups and verizon broadband using XP and Firefox12.

By 'anti-virus thing' I will assume that you mean a realtime AV agent
which does usurp some resources from your system.

Presuming that your hardware resources are so limited that they have a
hard time running XP + the least demanding of the real-time AV ware
without a troublesome performance hit...

Further presuming that your past experience has been to keep good
backups and that you have indeed been infected in the past and solved
your problem by reinstalling your OS...

You could 'get by' with a strategy like that if you regularly practice
safe hex online with browser security and that you regularly use some
standalone malware detection software.

That strategy creates a insecurity vulnerability that makes me wonder
whether you are using the right OS for your limited hardware -- and your
message was cross-posted to an XP group and a hardware group.

That is, if your hardware resources are so scant that your performance
is impacted severely by realtime AV + XP + your choice of browser, maybe
you should reexamine which realtime AV you have used/tried in the past
or which browser you are using or even whether you should consider a
different OS which is not XP which would not require the use of XP +
realtime AV in addition to a browser.

There are some linux distros which need less resources than XP + AV agent.

Or you could upgrade your hardware.

 

[GMAN]

I don't use anti-virus thing it's slow down the speed. I rather
reinstall OS again.

Pain. . .you have elected The Walk of The Path of Pain, Red Cloud.

MS says, and I quote verbatim [note the 'rules'] -- 'Periodically do
blow it off, Red Cloud, start from scratch, that's it Chief Ataboy,
and reinstall [the OS] ..hmmmm.. about every six months.'

You cannot yet see. Allow me.

These words do not have steel in them;- They are written to flow in
the wind just before the storm;- That, all shall see;- For, when Angry
Bird descends from High Wind Mountain, The Tribe forms into the Grand
Teepee, where none stand outside before Angry Bird to hear his angry
words;- Words all Creatures below Sky must know to come in, so that
what Angry Bird opens are clear before The Tribe walks new paths;-
And, that all words with no steel be known, it is thus so they have
fallen before his truth to been carried away.

Shake your bootie Red Cloud and do a little Ghost Dance for when Peter
stood tall before men, while he was young and strong;- A cat couldn't
scratch it.

WTF are you talking about????

 

[(PeteCresswell)]

Per Red Cloud:

I don't use anti-virus thing it's slow down the speed. I rather
reinstall OS again.

FWIW, sometimes I have occasion to use somebody's laptop which is
has anti-virus turned off for the reason you state.

It's the slowest thing I have ever used. Absolutely maddening. I
visualize a heaving mass of malware underneath.

I've told him... but his response is "Well, what should I
do....".

I restrict my replies to the effect of "Buy a new laptop and
don't turn anti-virus off...".... because the only action I can
think of is a total rebuild of the system or a restore via
whatever imaging utility came with the laptop.

Either way, he probably has no clue where his data is and would
lose all sorts of things he doesn't want lose.

Also either way, there's no way in the world I'd want to commit
to such a time and responsibility sink.

 

[Flasherly]

WTF are you talking about????

Why sweat the small stuff, since you did good and followed protocol
and didn't compromise integrity by restoring exclusion links. ...The
want to know, though, is oecumenic to inspirations;- to a certain
point, of course, tried inevitably by what needs suffice for want.

-
Between the idea
And the reality
Between the motion
And the act
Falls the Shadow
-T. S. Eliot, The Hollow Men

 

[GMAN]

Why sweat the small stuff, since you did good and followed protocol
and didn't compromise integrity by restoring exclusion links. ...The
want to know, though, is oecumenic to inspirations;- to a certain
point, of course, tried inevitably by what needs suffice for want.

-
Between the idea
And the reality
Between the motion
And the act
Falls the Shadow
-T. S. Eliot, The Hollow Men

Is english a second language to you??? Just asking.

 

[Flasherly]

On Jul 7, 12:02 pm, (e-mail address removed) (GMAN) wrote:

Why sweat the small stuff, since you did good and followed protocol
and didn't compromise integrity by restoring exclusion links. ...The
want to know, though, is oecumenic to inspirations;- to a certain
point, of course, tried inevitably by what needs suffice for want.

-
Between the idea
And the reality
Between the motion
And the act
Falls the Shadow
-T. S. Eliot, The Hollow Men

Is english a second language to you??? Just asking.[/QUOTE]

Third or fourth, if you prefer;- Matter of sincerity employed in the
observation of others for formulating a communicative device into a
query or motivation desire beyond what aspects words lack, either
transitively in the geographic demagoguery of languages of limited
familiarity;- personally, I should think a decade or two living abroad
well might qualify by salient aspects, each culture respectively
commands upon an acumen the individual, as it were, is capable of
manifesting.

All very much a metaphysical approach directly quantify, if you must,
as well in limited practise objectified no less conclusively than
foresight given vestige optical nerves at the back of the head for
when a reticence third eye might be evolutionarily placed. Aspects,
facets of shifting focus no less empirically axiomatic than any
individual consciousness rightfully ought expect.

In retrospect, I suppose I could say, antics that transgressed
differently from a vantage of private or public regions, between
myself and a Vietnamese woman I lived with for a couple years --
neither she nor I being able to speak more than a few dozen words of
our respective languages -- literally were quite illuminating;- all
aside from certain belief systems, among matters which impart an
aurora to spirits capable of discerning or evincing phenomena.

Might I close to recommend Weiner for much more of an elegant ingress
into entropy theory, meaning, intent and breakdown on an impart of
communication skills. Some cite the man for the Father of Computers,
although he's also known to descend to amazing descriptive levels
capable of conveying pure fascination as a gift to mundane minds of
the laity.

http://en.wikipedia.org/wiki/Norbert_Wiener

 

[Searcher7]

In message <[email protected]>, David H.

From: "J. P. Gilliver (John)" <[email protected]>

In message <[email protected]>, David H.
[]
LOL - YOU will be the object of Identity Theft.  Prevention is
better  then cure and restoring an image or reinstalling the OS is
reactive and  not proactive and leaves you vulnerable to data and
monetary theft  where restoring an image or reinstalling the OS willNOT help.
Nor does the above post.

???

Sure, he's been a silly boy, and got into a situation he shouldn't have.
But we've mostly been closer to that situation than we'd admit, and just
laughing at him and telling him what he _should_ have been doing doesn't
help him _now_. That's all I meant.
--

How have I been a "silly boy"?

I have AVG and Malwarebytes on my system, for all the good that's done
me. No Firewall outside of what came with Windows XP. I also have
Avast! which is un-installed. (And I can't update these apps for
obvious reasons).

Ok. Yesterday I did manually run Malwarebytes Anti-Malware on my PC.
Once for my "C" and "D" drives while my 500G external backup drive was
disconnected, and again on that external drive after I reconnected it.
And then once more with all drives connected. (This took about 5 hours
in total).

The one thing that this has taught me is that an app can miss
something the first time you run it, but then pick it up when you run
it again. Nevertheless, none of this corrected my problem.

So even though I have AVG running on my system I opened it up and did
a full system scan under "High Priority", which took over three hours.

This found some issues including viruses and trojan horses, as well as
a lot of tracking cookies. (Two objects couldn't be quarantined or
deleted). But still didn't address my problem.

And yes, re-installing XP, which I do periodically, would have been
quicker. Nevertheless, I'm still going to first try some of what is
said here.

Thye problem with using a pc at the New York Public Library is that so
many basic functions of the OS that you take for granted are turned
off on these PCs. If I download an app I can't be sure I really have
it until I get home. I can't even copy the text in this thread and put
it on my flash drive. (Or edit text already on my flash drive).

Thanks.

Darren Harris
Staten Island, New York.

 

[glee]

How have I been a "silly boy"?

I have AVG and Malwarebytes on my system, for all the good that's done
me. No Firewall outside of what came with Windows XP. I also have
Avast! which is un-installed. (And I can't update these apps for
obvious reasons).

Ok. Yesterday I did manually run Malwarebytes Anti-Malware on my PC.
Once for my "C" and "D" drives while my 500G external backup drive was
disconnected, and again on that external drive after I reconnected it.
And then once more with all drives connected. (This took about 5 hours
in total).

The one thing that this has taught me is that an app can miss
something the first time you run it, but then pick it up when you run
it again. Nevertheless, none of this corrected my problem.

So even though I have AVG running on my system I opened it up and did
a full system scan under "High Priority", which took over three hours.

This found some issues including viruses and trojan horses, as well as
a lot of tracking cookies. (Two objects couldn't be quarantined or
deleted). But still didn't address my problem.

And yes, re-installing XP, which I do periodically, would have been
quicker. Nevertheless, I'm still going to first try some of what is
said here.

Thye problem with using a pc at the New York Public Library is that so
many basic functions of the OS that you take for granted are turned
off on these PCs. If I download an app I can't be sure I really have
it until I get home. I can't even copy the text in this thread and put
it on my flash drive. (Or edit text already on my flash drive).

Thanks.

I posted a link to instructions for removal of this ransomware malware,
about 12 hours ago:
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

 

[Searcher7]

I posted a link to instructions for removal of this ransomware malware,
about 12 hours ago:http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ra...

--
Glen Ventura
MS MVP  Oct. 2002 - Sept. 2009
CompTIA A+- Hide quoted text -

- Show quoted text -

Yes, I tried saving that entire page along with downloading the
Emsisoft Emergency Kit. I'll know if I got it when I return home.

BTW. Here are some of the result of my previous AVG scan:
http://i290.photobucket.com/albums/ll257/Statenislander/Computer/AVGInfected.jpg
http://i290.photobucket.com/albums/ll257/Statenislander/Computer/AVGLocked.jpg

Thanks.

Darren Harris
Staten Island, New York.

 

[Paul]

Yes, I tried saving that entire page along with downloading the
Emsisoft Emergency Kit. I'll know if I got it when I return home.

BTW. Here are some of the result of my previous AVG scan:
http://i290.photobucket.com/albums/ll257/Statenislander/Computer/AVGInfected.jpg
http://i290.photobucket.com/albums/ll257/Statenislander/Computer/AVGLocked.jpg

Thanks.

Darren Harris
Staten Island, New York.

If I do a search on "generic28.bvlh", it still seems to be leading me
in the direction of W32/Reveton. And one poster here offers the same
advice, of looking for the .lnk in Startup that launches it on boot.

http://forums.avg.com/gb-en/avg-forums?sec=thread&act=show&id=211354

Paul