Has anyone been having problems with the newer variants of the FBI virus? Until a week or 2 ago it was relatively easy to remove. Just go to the startup folder in the start menu and delete "ctfmon" then search the user folders for "lsass" or files/folders with gibberish names like "slkghalsdgkhg" and delete. The new variant seems to be a bit more robust, either preventing you from logging into safe mode with networking or combined with the Zero Access virus. Can't find the .pad files also. On a few instances I've run ComboFix as well as Kaspersky's TDSS killer and SuperAntiSpyware and the FBI virus still survives.
Answer by TheTechDude · Nov 13, 2012 at 08:49 PM
I had to remove this off a clients computer a few weeks ago; however, I was able to just start the computer in safe mode without networking and run MalwareBytes or ComboFix to remove it. I do not remember which... You might need to just backup the computer and reinstall Windows if at this point you are still not able to get the virus off the system. I will say that to remove the FBI thing it has gotten much harder since the first time I saw it over a year ago and was able to force close it from inside Windows. My suggesting would be to try "Safe Mode" and forget having networking. Or try the removal suggestion number 2 on this website http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/#options