Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Ransomeware back again

Status
Not open for further replies.

Sentrif

Technical User
May 17, 2011
13
US
Hi! Long time no see...hope everyone is well and happy here.
Listen, pros, I had gotten this Ransomware a few month ago where they hijacking your PC and asking to buy Moneupack and pay them $300...
So we took it to the professional and he fixed it for $200.
He had also suggested to create a user who isn't an admin and loging as non-admin user so virus will have no easy way in...
Few month passed by and today husband saw it again, however he rebooted and virus was gone, he went and checked bank account balance and we went to work.
I am worry that coming back home we will find it hanging in there.
Are we going to have to spend $200 every once in a while now?


PC's story. Daughter used to download music on that PC. She is in college for 2 years now. Has her o0wn laptop, not using that PC anymore.
Since it is on second floor we are not going there at all unless we are checking bank accounts. Only stupid thing my husband does is going talking to his classmates from Russia. Odnoklassniki.com. I had heard it can be the reason.

Please, advise...
 
So long as your users visit sites that can host this stuff you are at risk of acquiring infections.

You can remove it yourself, although the work involved can sometimes make the $200 appear cheap.

Malwarebytes is the best program for removal that I have found.

Ed Fair
Give the wrong symptoms, get the wrong solutions.
 
In my experience, MBAM does NOT remove that malware. Here are two videos that show alternate ways of getting rid of it. And $200 is too expensive for malware removal UNLESS they did a complete backup of your computer, reloaded windows and all applications and put all your data back. As stated, risky sites or behaviors will net you something. I have a customer who has gotten MoneyPak malware 4 times.

Try first: System Restore method
Other method

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.
 
The US-Computer Readiness Team (US-CERT) has issued this warning about this ransomware.


James P. Cottingham
I'm number 1,229!
I'm number 1,229!
 
Same answer given for two different questions - very efficient.


"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.
 
I'm either efficient or cheap. :)


James P. Cottingham
I'm number 1,229!
I'm number 1,229!
 
From the original post it sounded like it was a case of FBI Moneypak rather than Cryptolocker. Two different approaches are required. If it had been Crypto in the first case there probably wouldn't have been a $200 local fix.

Ed Fair
Give the wrong symptoms, get the wrong solutions.
 
I pretty much thought that the same removal method could be used to cure both malwares, however with the crypto version, your data might be lost whereas, with the original, it's just your PC that is hosed.

$200 will never replace your data unless you have a good backup scheme and it just needs to be retrieved. Tape backup is looking better all of a sudden again because it's OFFline. Any type of backup that is incremental but doesn't store previous restorable versions would be very at risk for this.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.
 
Fortunately, no Crypto yet. Been through 2 FBI, 1 Homeland Security, and 1 NSA moneypak, 1 each on customer's machines. Same malware, just a different screen. MBAM cleaned all. Had MSE running on 1 of the FBI versions at the same time as MBAM was running (forgot to shut it off) and it was funny watching MBAM find and mark it and MSE wipe it out, real time. Other FBI was cleared as an external drive and it found stuff across 2 runs.

Only way I've found to get customers to do backups is to automate it.

Ed Fair
Give the wrong symptoms, get the wrong solutions.
 
Only way I've found to get customers to do backups is to automate it.
That's what I had to do for the office and my wife. For the office I set up a NAS. For my wife I bought a big, inexpensive external hard drive. She plugs it in at night and off it goes while we sleep.


James P. Cottingham
I'm number 1,229!
I'm number 1,229!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top