login about faq

To prove you're not a spammer, email newuser.lgqa@gmail.com with the subject "Account Request" to request an account.


Has anyone been having problems with the newer variants of the FBI virus? Until a week or 2 ago it was relatively easy to remove. Just go to the startup folder in the start menu and delete "ctfmon" then search the user folders for "lsass" or files/folders with gibberish names like "slkghalsdgkhg" and delete. The new variant seems to be a bit more robust, either preventing you from logging into safe mode with networking or combined with the Zero Access virus. Can't find the .pad files also. On a few instances I've run ComboFix as well as Kaspersky's TDSS killer and SuperAntiSpyware and the FBI virus still survives.

asked Nov 13 '12 at 17:12

kanemonster's gravatar image

kanemonster
31567

edited Nov 13 '12 at 17:15


I had to remove this off a clients computer a few weeks ago; however, I was able to just start the computer in safe mode without networking and run MalwareBytes or ComboFix to remove it. I do not remember which... You might need to just backup the computer and reinstall Windows if at this point you are still not able to get the virus off the system. I will say that to remove the FBI thing it has gotten much harder since the first time I saw it over a year ago and was able to force close it from inside Windows. My suggesting would be to try "Safe Mode" and forget having networking. Or try the removal suggestion number 2 on this website http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/#options

answered Nov 13 '12 at 18:49

TheTechDude's gravatar image

TheTechDude
17.4k4195305

unfortunately safe mode w/out networking isn't an option, i work remotely

(Nov 15 '12 at 13:23) kanemonster kanemonster's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported


Join Us in the Chat Room

Tags:

×36
×16
×11

Asked: Nov 13 '12 at 17:12

Seen: 1,222 times

Last updated: Nov 15 '12 at 13:23