Question

Posted

I offered to fix one of my teacher's daughter's laptops and she has this virus (don't worry link is safe): http://blog.yoocare.com/computer-locked-by-fbi-moneypak-virus-asking-to-pay-200-fine-to-unlock/

Along with a ton of other viruses/malware/crapware/etc. She is running Windows 7 and has a ton of personal data on it (so she says). I'm doing the job tomorrow. I'm here to tell my plan of attack and take suggestions.

1. [b]I'm going to boot into safe mode with networking and remove those registry entries as shown in the tutorial in the link above. [/b]
--I'll take 2 Advil before doing this... :argh:

2. [b]I'm going to remove the crapware[/b]
--So I can get some f***ing work done. It's slowing down her machine and clogging up the computer. I will use:
* Revo Uninstaller
* CCleaner

3. [b]Go ham on the malware[/b]
- Get all the other crap off. I will use:
* Malwarebytes
* Spybot
* Install MSE when all is said and done. (It's my antivirus of choice)

4. [b]General System maintenance[/b]
* Update Drivers
* Update Programs
* Do Windows Updates

What Do ya think?

Share this post


Link to post
Share on other sites

85 answers to this question

  • 0

Posted

First thing I'd do is take the drive out of the laptop, connect it to a clean system and scan it with AV and malware products. That will remove the files that are running at boot.
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

You could always backup all the important files and put on a fresh copy of Win 7. Extract the key beforehand obviously.

Might be quicker and less of a headache that way.
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

your post title makes no sense. you havent seen any viruses yet except the fbi scam one, that doesnt mean there are lots of them. I was expecting a screenshot with a massive number of alerts.
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

ugh.... find a decent spare system.... scan the files all of them..make sure the client's files (music,movies,pics,docs) are clean.. then if the files are clean backup the important ones only... then.... nuke the install and start fresh.
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

Nuke it from orbit.
3 people like this

Share this post


Link to post
Share on other sites
  • 0

Posted

Kaspersky Emergency Boot Disk is your friend, will rid you of boot viruses, and most likely many more (had to tackle one recently).

[url="http://support.kaspersky.com/viruses/rescuedisk"]http://support.kaspe...uses/rescuedisk[/url]
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='Astra.Xtreme' timestamp='1353433186' post='595336656']
You could always backup all the important files and put on a fresh copy of Win 7. Extract the key beforehand obviously.

Might be quicker and less of a headache that way.
[/quote]

This isn't a corporate machine with a nice image of everything, it's a home PC. That's a last resort.

As I've said before in other places...do the job right, don't just wipe and install. That's a waste of your time, and their time.

Share this post


Link to post
Share on other sites
  • 0

Posted

Better save off those nude photos first... :shiftyninja: :woot:
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

Shane you're wrong... it may take 10 or more hours to clean it, when a fresh install is just under 1 hour on even a very very slow system. I'd rather do that.
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

Teach her a lesson -- wipe it clean and Install Windows 8 !
3 people like this

Share this post


Link to post
Share on other sites
  • 0

Posted

To remove this crap use OTL, post logs on their forum or Bleeping Computer forum, they will make script for OTL and remove this crap. On so heavy infected machine it is extreme difficult to get rid malware completely using only scanners on demand . OTL is best solution ;)

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='Audioboxer' timestamp='1353433526' post='595336686']
Kaspersky Emergency Boot Disk is your friend, will rid you of boot viruses, and most likely many more (had to tackle one recently).

[url="http://support.kaspersky.com/viruses/rescuedisk"]http://support.kaspe...uses/rescuedisk[/url]
[/quote]
+1. Had to fix someones computer with a similar virus the other day (without wiping it), nothing would work in standard boot and attempting to boot safe mode of any kind just caused a reboot loop. Kaspersky Emergency Boot Disk cleaned the worst of it off.

Share this post


Link to post
Share on other sites
  • 0

Posted

If time is of the essence; a backup of user data and a wipe is the way to go.

I can re-install Windows and most of the apps they use in less time to clean it. Difference is that with a re-install I know that the machine is 100% clean.

I also create an image of their C:\ drive with gimagex just in case they find something missing once I return the PC to the user.
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='Semtex' timestamp='1353433902' post='595336724']
To remove this crap use OTL, post logs on their forum or Bleeping Computer forum, they will make script for OTL and remove this crap. On so heavy infected machine it is extreme difficult to get rid malware completely using only scanners on demand . OTL is best solution ;)
[/quote]what is OTL, I google it and I get a bunch of different crap
I've been hearing people mention it a few times lately yet i have no idea what it is

Share this post


Link to post
Share on other sites
  • 0

Posted

If a system is heavily infected i would always recommend backing up important files then doing a full reinstall. Salvaging the current installation may sound like a good plan but truthfully, it'll only result in more grief long term.
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='Soldiers33' timestamp='1353433346' post='595336674']
your post title makes no sense. you havent seen any viruses yet except the fbi scam one, that doesnt mean there are lots of them. I was expecting a screenshot with a massive number of alerts.
[/quote]

I have never seen a more infected computer in my life---it means I have never seen a computer this dirty. :p It's an attention grabber.

[quote name='remixedcat' timestamp='1353433696' post='595336710']
Shane you're wrong... it may take 10 or more hours to clean it, when a fresh install is just under 1 hour on even a very very slow system. I'd rather do that.
[/quote]

I was thinking about grabbing all her stuff with a Kubuntu live CD and pushing f11 or whatever it is to restore from the recovery partition. I just invited him to my house so I'll have more time to play with it. He was just going to bring it on campus.

[quote name='Hum' timestamp='1353433767' post='595336714'] Teach her a lesson -- wipe it clean and Install Windows 8 ! [/quote]

LOL! I was just thinking that.
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

I'd boot from a Linux Live CD/USB and delete the "App Data/ Temp" and "App Data/Microsoft/Windows/ Temporary Internet" files as well. While in the live disc you can also delete some of those pesky copy.exe and Bron.tok.xxx files that may be distributed in the documents, pictures and music folders. Also booting in safe mode and running combofix may be helpful but be careful using that one.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='remixedcat' timestamp='1353433696' post='595336710']
Shane you're wrong... it may take 10 or more hours to clean it, when a fresh install is just under 1 hour on even a very very slow system. I'd rather do that.
[/quote]

10 hours? What in the world are you doing with these systems?

I recently had a system that I worked on for a client. It had 6 drives with a total of around 4TB worth of storage that was mostly used. Someone had been doing some naughty things on that system.

It had a rootkit, and several other infections. I had the system clean and back in the clients hands within 3 hours...


What would you be doing that takes 10 hours? I've never had a single system clean take me more than about 4 hours...the one above was one of the longest clean jobs I've ever had.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='Brando212' timestamp='1353434115' post='595336736']
what is OTL, I google it and I get a bunch of different crap
I've been hearing people mention it a few times lately yet i have no idea what it is
[/quote]

It is small app which list all files, registry entries, apps etc. in Your system, skilled guy will find malware entries, prepare script, User need to Ctr. C Ctrl. V this script into OTL window and confirm, OTL will do rest, after this You will get new log, You need to show this again on forum, if something stays in system You will get new script. It is 100% safe, OTL is used instead Combofix, CBfix is danger and suppose be used only if there is no other way to clean system.

Scripts for OTL and Combofix suppose be created by User with experience in system security, otherwise system can be damaged. :)

Share this post


Link to post
Share on other sites
  • 0

Posted

Take a look at this guide: http://www.techrumors.org/topic/65-how-to-remove-the-fbi-moneypak-ransomware-or-the-reveton-trojan/
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='Shane Nokes' timestamp='1353434552' post='595336772']
10 hours? What in the world are you doing with these systems?
[/quote]

She's a 13 year old girl. 'nuff said.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='Tyler R.' timestamp='1353434873' post='595336796']
She's a 13 year old girl. 'nuff said.
[/quote]

Ah. I hadn't realized she was 13. I'm not saying that being a girl makes a difference (it doesn't), but at 13 oftentimes you haven't had the time to figure out how to work on these things as effectively.

That's just a matter of practice. :)
2 people like this

Share this post


Link to post
Share on other sites
  • 0

Posted

run combofix on it... should help as well.. do it first and after that, you proceed with your plan

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='Hum' timestamp='1353433767' post='595336714']
Teach her a lesson -- wipe it clean and Install Windows 8 !
[/quote]

HAHAHAHA!

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='Shane Nokes' timestamp='1353435074' post='595336814']
Ah. I hadn't realized she was 13. Not say that being a girl makes a difference (it doesn't), but at 13 oftentimes you haven't had the time to figure out how to work on these things as effectively.

That's just a matter of practice. :)
[/quote]

Yeah her dad said she was into facebook, downloading music from shady sources (some of the sites he listed I never heard of and I'm not about to go on them) , sharing things with her friends and she's probably getting curious around this time. All of these things throw a huge red flag in my head and are a recipe for infection. I'm actually surprised she doesn't have anything worse.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.