Tags

, , , , , , , , , ,

MoneyPak

How many of you have heard of or read about the “United States Courts Ransomware MoneyPak Virus”? It puts a pop-up on your Desktop that totally freezes your machine. I mean you can’t do anything. Your computer is permanently stuck until you manage to get rid of this thing. This crapware purports to be from the US Government telling you that you have done something you need to pay a fine for. It tells you to go to Wal-mart or 7-Eleven and use MoneyPak to send money to a particular account and in return they will send you a key that will unfreeze your computer. Sure they will.

I just spent an entire afternoon cleaning “FBI MoneyPak Virus” off of a friend’s laptop. I dealt with Moneypak virus once before about a year ago (it’s actually a trojan) and I easily destroyed it using Hijack This software on a thumb drive. This time was different though. This new version of the Moneypak Virus is apparently capable of deflecting a BIOS directive to boot from any drive other than the hard drive so even when I tried to boot my friend’s PC with the thumb drive I still was presented with the MoneyPak image displayed on the Desktop with no way to close it in order to access anything at all on the computer.

I eventually managed to boot the thing into Safe Mode with Command Prompt as apposed to regular Safe Mode and worked my way to C:\windows\system32\restore\rstrui.exe and was able to run Windows Restore from the Command Prompt. After about three hours the PC finally re-booted into an earlier state before it had been infected. Of course I knew the virus was still on the hard drive so I re-booted into Safe Mode with Command Prompt and ran AVG from there which found and quarantined the bugs that cause the Moneypak infestation which appear to be Trojan Generic10_c.msk, Trojan-Ransom.Win32.Reveton!A2 and Gen:Variant.Symmi.17656

If you Google “FBI MoneyPak Virus” you’ll find dozens of pages claiming that Hitman Pro on a thumb drive is the way to deal with this thing and I tried that but System Restore from the Command Prompt was the only way I could find to beat it.

Advertisements