So I seem to have come down the "Child Porn/FBI" ransomeware virus in a way very similar to the person here. (http://answers.yahoo.com/question/index?qid=20130429124025AALjGX2) However, unlike this person, I haven't been able to get to my anti-virus, which also happens to be Norton. The other accounts seem to be okay, and I can get to the Administrator account, bit I'm stuck as to what to do. I've done two System Restores, one from a few weeks ago and one from way back in August, both failed. Someone, help me please.

I should also note I'm on my iPhone, so please pardon any typos.

Edit: Scratch that. I am having some trouble with the other accounts on the computer. Or at least the Administrator account when booting in Safe Mode With Networking.

Have you tried an antivirus that isn't terrible? AVG? Malwarebytes?

I downloaded MB Setup off another computer and onto my flash drive and turned off my Internet. I'm worried I won't even be able to set it up on my computer though, seeing as how bad it is. Maybe in Safe Mode?

I also use the word "my" loosely. It's a computer I'm borrowing...

So far I've never encountered a virus that will successfully prevent you from installing a program from an external media when using Safe Mode with Networking. I've saved some computers by installing Malwarebytes from CD. You likely won't be able to update it, but the most recent install file build should have a fairly good set of definitions. Here (http://www.techspot.com/downloads/4844-malwarebytes-anti-malware-update.html) is a link to the most recent database, so you should be able to add that to the thumb drive to have the most recent definitions in the event that the base version can't track down your problem.

The problem is that I can't see my own desktop, so I can't even really get to my flash drive to start running the set up, even in Safe Mode.

Edit: I should further note I need an external CD drive for any options involving a CD as I'm using a netbook.

Is that something caused by the specific virus you're battling with? I wonder if there might be a specific fix particular to this virus.

Hmm, does the Run command work? Windows key+r opens up a neat little prompt where you can type in the file address from your smart drive and the programs name (plus extension of course).
What exactly do you mean by 'can't see your desktop'?

Hmm, does the Run command work? Windows key+r opens up a neat little prompt where you can type in the file address from your smart drive and the programs name (plus extension of course).
What exactly do you mean by 'can't see your desktop'?

I mean I can't access it. It's taken up by the virus and I can't click on my applications, nor can I see them. During one of my shutdowns I noticed that Spotify was up and running in the background, so I guess my computer is still somewhat functional. I'll see if the Run function works tomorrow. If not, I think I'll try this (http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware). That is, of you guys think it sounds solid.

Once again, on my iPhone. Please forgive any typos.

I've never personally had to do it, but I've heard several times about setting up a USB as a boot drive to deal with malicious software. If I can find one of my thumb drives I might set it up for just such an emergency.

HitmanPro has a fairly solid reputation, and I usually don't feel too weary about the quality of programs available on CNET. If I were you, I would probably jump straight to this option instead of trying anything else that might not work. Then install Malwarebytes (and possibly AVG, Ad Aware, etc.) and run a full system scan to make sure nothing else slipped past Norton, which is entirely possible.

Finally put my Kickstart flash drive into the infected computer. It's been 7 minutes and nothing is happening. Or, actually, let me rephrase. Something's happening, and that something is the virus not loading entirely and HitmanPro not actually opening, don't know what I should do. I obviously needed to boot from my flash drive, but maybe I shouldn't have let it start up in Saf Mode? I think I'm just going to let it sit for a bit.

Sad it's no working straight and away though.

OOOoo, Ouch, these things hurt, I absalutely hate those, the first time it happened, My Anti virus (AvG) managed to stop it, after a restart, and the second...well, lets just say that I don't take kindly to things like that. You don't attempt to hack a hacker. :smallcool:

Question for you; Can you tell us what Website you think gave it?

OOOoo, Ouch, these things hurt, I absalutely hate those, the first time it happened, My Anti virus (AvG) managed to stop it, after a restart, and the second...well, lets just say that I don't take kindly to things like that. You don't attempt to hack a hacker. :smallcool:

Question for you; Can you tell us what Website you think gave it?

Maybe 4shared? I'm not sure. What I do know, is that I have now gotten to step 9 as detailed here (http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware), but when I press the "1" key I get stuck in a loop and am repeatedly brought to that screen instead of booting normally. I feel like I'm really close. (Also, pressing "2" just does the same thing as pressing "1.")

Anyone have a fix for my latest issue? I know we're not suppose to bump, but I need help. I'm about to be gone for a week, and while IDK if a virus can do anything to a computer just sitting around dead for a week, I'd really like some help. Please. I don't like begging. :smallfrown:

If you have the program that you want to run on a flash drive and you can boot windows into "Safe Mode With Command Prompt". Then this will probably work for you.

*Insert the flash drive.

Once the command prompt appears, type the following at the prompt "E:" Then hit "enter". It should look something like this:

C:\>E:
E:\>
Then, type 'dir' then hit "enter", it should look like the following:

E:\>dir
and it will display a list of files found on the drive. Look at it, and when you see the one you want to run, type in it's name and hit enter; it will probably be a '.exe' file. For example, if you are trying to use Hitman, it will probably be called "Hitman.exe" and you would type the following and then hit "enter":

E:\>hitman.exe
This should activate the program. I hope this helps. The advantage to this approach is that it does not use the GUI and saves on system resources. This often buys you enough processor cycles to be able to execute the task you need.

[EDIT]
On a side note, this is not ransomware unless it has encrypted the contents of your computer. If it has done that, then no amount of antivirus or virus removal will help you. Most likely, this is just a plain old ordinary piece of malware that is either A) failing at spying on you or B) using the computer for mischief. Even if it is trying to make you buy something to get rid of it, without encryption it is simply malware.

Thanks a ton! I'll have to try that when I get home. By your instructions I should not boot the computer from my flash drive, correct? Also, what do you mean exactly by processor cycle?

OK, got home and am havin some problems. Namely that when I put in "E:" I get a message reading that, "The system cannot find the drive specified." I think the problem is that instea of looking like:


C:\>E:
E:

Like you said it should, it instead looks like this:


C:\Documents an Settings\Administrator>E:

I'm running XP if that makes a difference.

You haven't used DOS I guess?

The computer didn't find any USB sticks using E:\ as their drive. Either the USB port doesn't work, or the drive is using a different letter. A and B are usually reserved for diskette drives, D is usually reserved for CD/DVD drives. That means E: is the most common one, but it could be something else as well. Try F:, G: etc


The first line, the

C:\>

part, is basically the directory you're in now. The

C:>E:

line is that line + whatever you wrote, left visible so you remember which command you just tried. In your case, you started from a different directory. You can go one step up by writing 'cd..' without the quotes.

C:\Documents an Settings\Administrator>cd..
C:\Documents an Settings>cd..
C:\>cd..
C:\

It shouldn't matter though.

Writing 'dir' on C:\ produces a list that includes 'Documents and Settings'. Using dir there produces a list that includes 'Administrator'. To get "into" a folder, you type in 'cd Directoryname', e.g.

C:\>cd Documents and Settings
C:\Documents and Settings>

The 'E:' or 'A:' and so on commands change to a different drive, instead of C:\.

Your documents haven't been translated into Swahili, have they? Also, if you have a swimming pool hooked up to the computer in some way, test the alkalinity, as it might be messed up. Finally, be sure to burn all your old clothing and obtain new ones, but only wear the shirt in order to prevent the virus from being able to act on a certain decision it will make. (http://www.youtube.com/watch?v=zvfD5rnkTws)

(I would give legitimate advice if I had any.)

A bit last-resort-ish, but when I got one of these I had to:

1. Boot into safe mode,
2. Do an emergency back-up (built into the Dell firmware - not everyone has this)
3. Restore to factory state.

Nukes the virus from deep orbit, but at the cost of almost everything not backed up.