Need help to remove a &$^"%£ Trojan!

[KasinoKing]

Suddenly today my Laptop threw up a screen saying I had "violated the law of Great Britain" by viewing illegal sites - and demanding I pay £100 to unlock it!

Obviously a complete scam - but a very efficient malware as it has totally locked my computer and I can do anything on it.
(How it got past my anti-virus is another issue!)

For full details of what I'm talking about - please see this thread about it on a forum I found while Googling for a solution:

You do not have permission to view link Log in or register now.

I've tried installing & running Trojan Killer and Malwarebytes as suggested on that forum - but neither worked.
I'm off to bed now - but hopefully some computer experts out there will have made a useful suggestion by the morning!
(Hopefully not like some of the "useful" comments in that thread - like completely re-format your hard drive!)

KK

 

[wanda5]

You do not have permission to view link Log in or register now.

 

[Kotsy1]

that's a good one kasino king.

Found this. Hope it helps.

You do not have permission to view link Log in or register now.

 

[Balthazar]

This is a Ransomware aka Moneypak. Here's how to remove it:

You do not have permission to view link Log in or register now.

Edit: oops, other members were faster than me.

 

[dinahbrand]

Good suggestions above and I hope they work. If not my my question would be if this is blocking you completely from doing anything else? If so then you will have a hard time removing it even in safe mode.

There are two more severe options you can use if nothing else works. The first would be a rollback to the last time your computer was working properly. If you can access your SYSTEMS TOOL, usually located in the accessories folder, then go to System Restore. It will show you restore points that you can click on and roll your system back to before it was attacked. If this is successful then you will no longer see this attack but you should still do a full system scan and if possible delete this from your registry.

The last thing you can do is to roll your computer back to when you first purchased it but you will lose everything. If you can save your files to a CD or DVD then do so. But I advise people when going this route that it is best to just ditch everything. You need to completely shut your casino down. Then after you turn it on you should immediately start tapping F12, F11, or F8 but it depends on your model.

Those are usually the keys for most computers. If possible you can do a Google of "how to restore my _____ to factory settings". Just insert the name of your brand and you will get the exact key. You will get a screen asking what you want to do. Scroll down to where it says restore to factory settings. Hit enter and sit back because it will take some time.

Here is a link for a DELL that may explain better if you want to go that route

You do not have permission to view link Log in or register now.

When finished your computer will be the same as when you first purchased it. Unfortunately you will have to reinstall all software and updates. Good luck

 

[anniemac]

KK, Got nothing for you except that I had one of these in an old computer I had and it ate the dang thing. Had to completely delete the harddrive and start over.

Now to relevant stuff, day before yesterday something started on my new computer, blue screen type problem. It was like it was beginning to start something bad. Anyway before it could get worse, I had to reset my computer back to the factory settings to get rid of it. When I did that, all was just fine and haven't had any problems. Luckily my computer is really new and there was nothing on it to lose. My Norton didn't pick it up, whatever it was.

 

[dinahbrand]

something started on my new computer, blue screen type problem

In the olden days we use to call that the blue screen of death and back then it could be. Sometimes it could be caused by a simple software issue but it can also be a serious attack disguising itself.

Years ago I had a Windows 95 computer get hit with that. I can't begin to describe the headache I went through back then to fix it and it was caused by a worm. This is why System Recovery and the easy ability to restore to factory settings is now a standard. I vowed to never let that happen again and it hasn't.

I also spend my time helping people for free to repair computers that have been attacked and teaching them how to maintain their computers. In some ways it is my own personal revenge.

 

[Westland Bowl]

Just a comment that I use BOTH an anti-virus and firewall software. I use Vipre.

 

[Redbush54]

Norton never catches anything from my experiences. I use Avast Free and have never had a problem.

 

[dinahbrand]

I use Avast Free and have never had a problem.

The free version of Avast with your Firewall is better than Norton and McAfee. Just my personal view.

Add a free version of Hijackthis, CC Cleaner, Malwarebytes or Spybot for occasional scanning and most people have great protection for free.

 

[Petrer10]

live security platinum virus, malware

hello

the best is:Recovery, Reinstalling.
everything else is not 100 percent good.
i am surfing on the net and bam, no internet, no antivirus program,no administrator rights from this:live security platinum.
I have everything important stored on a usb-stick.

 

[KasinoKing]

Thanks to everyone for the replies & suggestions!

Those first 3 suggested sites weren't terribly helpful to be honest; they basically just said find the effected files using regedit and delete it - probably simple if you have any sort of IT experience, but not much use to a PC Pleb!

Anyway I think I may have finally got rid of this infernal virus using Malwarebytes (after running it 3 times & manually deleting just 1 item from my registry)... I'm just running it for a 4th time (but in normal node now, not safe mode) - 2 hours ran = not long to go...

Here's another thing I don't understand about software; The first time I ran Malwarebytes it found load of "suspicious" files and them deleted them ALL.
But after a re-boot I ran it again and it found LOADS more dodgy stuff! Why doesn't it find & delete all the crap with just 1 run through?

Cheers!
KK

 

[dillos]

just for curiosity which antivirus uses when you catch this virus?

 

[wanda5]

Thanks to everyone for the replies & suggestions!

Those first 3 suggested sites weren't terribly helpful to be honest; they basically just said find the effected files using regedit and delete it - probably simple if you have any sort of IT experience, but not much use to a PC Pleb!

Anyway I think I may have finally got rid of this infernal virus using Malwarebytes (after running it 3 times & manually deleting just 1 item from my registry)... I'm just running it for a 4th time (but in normal node now, not safe mode) - 2 hours ran = not long to go...

Here's another thing I don't understand about software; The first time I ran Malwarebytes it found load of "suspicious" files and them deleted them ALL.
But after a re-boot I ran it again and it found LOADS more dodgy stuff! Why doesn't it find & delete all the crap with just 1 run through?

Cheers!
KK

KK regedit is a lot easier than you think....you really need to try to make sure you get every part of the bug out of your system...you can check by going to regedit...just to make sure...if you are too scared to delete something important there used to be a site called computer cops that are happy to help for free...let me see if I can find them. You dont want a lingering bug.

 

[wanda5]

ok forget what I said before...this should walk you through it step by step...youtube saves the day for me when ever I have to fix anything around the house so I gave it a shot and VIOLA!

 

[KasinoKing]

just for curiosity which antivirus uses when you catch this virus?

Avira Professional.
Not happy that it didn't block it.
To be fair though - been using this for about 3 or 4 years with no problems whatsoever - and it's MILES better than the Norton crap I used before.

KK

 

[kc83]

Virus

I am using AVG 2012 free edition and never any problems, if you even try to open anything dodgy, it prompts you,and anything else,including e-mails containing viruses etc,it has stopped me from opening. I am not a computer expert but AVG has worked for me for many years with no problems.

Just have to install new free version each year.

 

[vinylweatherman]

It seems the manual removal is different on each of the links, but the first one seems to be the simplest, and I fully understand it because of something that happened to my old Win 98 PC. The "malware" in that case came from Microsoft! a dodgy update that caused the OS to crash the instant Windows booted because it corrupted the key "explorer" process, or "shell" that windows operates with. I had a book about advanced Windows tweaks, and fixed it by changing the "shell" to a legacy version, which gave me access to the files so that I could fix the corrupted .DLL

It seems this virus switched the normal "explorer" OS "shell" to it's own, so that the OS booted into the ransom message, rather than the normal desktop. The link just describes the process of manually editing the registry to revert to the usual "explorer" shell, and then delete the file that contained the malware. I strongly suspect that the next step would be to IMMEDIATELY run a suite of malware programs, as it could still have added something that would get it reinstalled on next reboot.

The other links are more complex, but are much the same, finding and removing dodgy registry entries. So long as you take a backup first, the worst case scenario is that you end up back where you started by having to revert to the infected registry you started with.

The final problem is finding out how it slipped past security in the first place, as it could happen again until anti virus software learns how to detect it.

If faced with reinstalling the OS, unless actually deleted, you can get your data back by removing the hard drive and using another PC to access it via a USB drive bay. Copy the data off it, then put it back in the PC. You can then reinstall the OS without fear of losing everything.

If you know any teenagers, they should be able to walk you through the procedure, even do it for you (for a fee probably).

My nephew is building an entire PC, and has gotten wind of my exploits earlier this year at Lucky Nugget, and has asked for a high end GPU for his birthday. I got my youngest niece a new laptop (and one for myself too), and my oldest niece has presented a case to me for a laptop for university.

I have found through experience that altering the registry is not as scary as Microsoft would have you believe. Your world does not end just because you screw up, and in many cases it can simply repair itself the next time you run the software.

System Restore is also not as good as Microsoft make out, it has limitations as it only takes a snapshot of critical files and settings, not the entire OS and suite of installed softwares.

 

[ksech]

Also, keep in mind...with System restore...

It allows you to resume using your computer, BUT the virus/trojan is STILL on your computer. You have to remove it or you will still encounter problems.

I've been using the free version of AVG for a few years now and have been quite satisfied with it. Have it set to do automatic updates, have never had to reinstall it. I keep anything important backed up on flash drives (I just bought a bunch of 8g flash drives for $6/ea at Staples right before school started).

 

[KasinoKing]

Thanks again for all the replies

Seems I have got rid of the virus now (fingers crossed) by using Malwarebytes. BTW, the full system scan I did yesterday took well over 6 hours to run - maybe much more as I wasn't checking it that frequently...

The other links are more complex, but are much the same, finding and removing dodgy registry entries. So long as you take a backup first, the worst case scenario is that you end up back where you started by having to revert to the infected registry you started with.

As a matter of interest (for future reference) how exactly do you take a back-up copy of your registry?

Thanks!
KK

 

[vinylweatherman]

Thanks again for all the replies

Seems I have got rid of the virus now (fingers crossed) by using Malwarebytes. BTW, the full system scan I did yesterday took well over 6 hours to run - maybe much more as I wasn't checking it that frequently...



As a matter of interest (for future reference) how exactly do you take a back-up copy of your registry?

Thanks!
KK

It's an automated function that should be happening in the background. Many anti malware programs also ask "do you want to create a backup" before fixing anything. Where the registry is so corrupt the OS can't launch, it should prompt you to restore the "last known good copy".

This should all be part of System Restore, but if this fails, you may have to figure out how to manually dig out an old copy of the registry from the archives. Regedit can also export a copy of the registry, and I have done this from a Windows 98 environment. I also modified a registry compression script so that I could launch it from Autoexec.bat . It first writes the regisrty to a text file, and then rebuilds the registry using "import". It gets rid of spaces, and can clean up some corrupt entries.

Unfortunately, I have never tried this with XP, since it comes with System Restore.

 

[P.V.]

I got one of these today asking for $200.00, directing me to local store to purchase a prepaid card or something to enter. FBI MoneyPac Ransom Virus was the name.

I went into not safe mode but safe mode with networking. Once inside searched for the system restore link, restored to the recommended point.

After that bye bye MoneyPac!

 

[Mousey]

Where are you folks picking up this Moneypak thing? infected emails? drive by on websites? clicking a link on a website? It might help the rest of us be a little more cautious.

 

[rena35]

i had a similar experience with a virus this morning.Thanking my lucky stars for system restore.

 

[dinahbrand]

Glad everything turned out well. Occasionally scanning with Malwarebytes and Spybot can save a lot of headaches. Also CC Cleaner is quick and good for a daily wiping. All are free and all can be downloaded from cnet.com which has a good record of clean downloads.

 

[P.V.]

Where are you folks picking up this Moneypak thing? infected emails? drive by on websites? clicking a link on a website? It might help the rest of us be a little more cautious.

I watch a lot of how to fix things around the house yourself videos. Clicked on the video, it starting playing and then came the virus notice. It's a very easy infection to get.

 

[anniemac]

My SO niece posted today that she was on FB and suddenly her computer took a picture and up popped a window tell her that her computer had been hijacked and that she had to pay $200 to get it unlocked.

Now that's scary that they can take photos of you, besides the fact that they are holding your computer for ransom.

Gave her all the info I had picked up here about getting rid of it but that's just really creepy that someone could be out there with the ability to take photos of you without your knowledge or permission.

 

[vinylweatherman]

My SO niece posted today that she was on FB and suddenly her computer took a picture and up popped a window tell her that her computer had been hijacked and that she had to pay $200 to get it unlocked.

Now that's scary that they can take photos of you, besides the fact that they are holding your computer for ransom.

Gave her all the info I had picked up here about getting rid of it but that's just really creepy that someone could be out there with the ability to take photos of you without your knowledge or permission.

Creepy, but true, and not only take a picture, but listen in. Malware can take control of the camera and microphone, just as legit software like Skype can. The only sure way to avoid this is to unplug such devices when not in use, but this is not an option for modern laptops. Best imagine that if your laptop is on, and connected to the internet, everyone can see what you are wearing and doing. I expect for the most part it is done to scare the victim into doing what is asked, which in this case is paying $200.

If they have access to the camera, they will see the two fingered salute preceeding the removal of their malware without payment of the $200, maybe even the guy in the background with a large electronic "box of tricks" and wearing his FBI jacket