Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Co-worker came across a rather nasty virus.. A little help?
New Posts  All Forums:Forum Nav:

Co-worker came across a rather nasty virus.. A little help?

post #1 of 21
Thread Starter 
So co-worker of mine, with absolutely no computer knowledge(yet is in charge of computer issues) seems to have come across the FBI money pack virus..

Now problem is is this one has managed to disable safe mode as well. So in short, I need something like TRK, or Kaspersky's removal disk that works offline to remove it.

Any thoughts on ones that work offline? Please and thank you.
It is RYZEN!
(9 items)
 
   
CPUMotherboardGraphicsRAM
1700x ASUS Crosshair Hero VI ASUS Strix 1080 OC Corsair LPX  
Hard DriveHard DriveCoolingOS
Samsung 850 pro WD Blue Kraken x61 Windows 10 
Case
Cooler Master Mastercase Maker 5 
CPUMotherboardGraphicsRAM
i5 6600k asus z170-ar asus gtx 970 direct cu II 16 GB corsair ddr4 3000mhz 
Hard DriveOptical DriveCoolingPower
samsung 840 120gb Lg Super-Multi Corsair H105 Corsair cx750m 
Case
Fractal Design Define R4 
  hide details  
Reply
It is RYZEN!
(9 items)
 
   
CPUMotherboardGraphicsRAM
1700x ASUS Crosshair Hero VI ASUS Strix 1080 OC Corsair LPX  
Hard DriveHard DriveCoolingOS
Samsung 850 pro WD Blue Kraken x61 Windows 10 
Case
Cooler Master Mastercase Maker 5 
CPUMotherboardGraphicsRAM
i5 6600k asus z170-ar asus gtx 970 direct cu II 16 GB corsair ddr4 3000mhz 
Hard DriveOptical DriveCoolingPower
samsung 840 120gb Lg Super-Multi Corsair H105 Corsair cx750m 
Case
Fractal Design Define R4 
  hide details  
Reply
post #2 of 21
Grab the Kaspersky Rescue Disk and then run the Windows Unlocker program through the Terminal. Reboot and run MBAM.

http://support.kaspersky.com/8005?vs=s88446#s88446

http://support.kaspersky.com/4162
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
post #3 of 21
Thread Starter 
So the main question i have is does this work 100% without internet connection.. because it has to be done in a government facility where he is not allowed to connect.
It is RYZEN!
(9 items)
 
   
CPUMotherboardGraphicsRAM
1700x ASUS Crosshair Hero VI ASUS Strix 1080 OC Corsair LPX  
Hard DriveHard DriveCoolingOS
Samsung 850 pro WD Blue Kraken x61 Windows 10 
Case
Cooler Master Mastercase Maker 5 
CPUMotherboardGraphicsRAM
i5 6600k asus z170-ar asus gtx 970 direct cu II 16 GB corsair ddr4 3000mhz 
Hard DriveOptical DriveCoolingPower
samsung 840 120gb Lg Super-Multi Corsair H105 Corsair cx750m 
Case
Fractal Design Define R4 
  hide details  
Reply
It is RYZEN!
(9 items)
 
   
CPUMotherboardGraphicsRAM
1700x ASUS Crosshair Hero VI ASUS Strix 1080 OC Corsair LPX  
Hard DriveHard DriveCoolingOS
Samsung 850 pro WD Blue Kraken x61 Windows 10 
Case
Cooler Master Mastercase Maker 5 
CPUMotherboardGraphicsRAM
i5 6600k asus z170-ar asus gtx 970 direct cu II 16 GB corsair ddr4 3000mhz 
Hard DriveOptical DriveCoolingPower
samsung 840 120gb Lg Super-Multi Corsair H105 Corsair cx750m 
Case
Fractal Design Define R4 
  hide details  
Reply
post #4 of 21
Thread Starter 
Seems the AVG rescue CD works fine for removal without internet connection available, Does anyone know how successful it is at removing the MoneyPAK viruses?
It is RYZEN!
(9 items)
 
   
CPUMotherboardGraphicsRAM
1700x ASUS Crosshair Hero VI ASUS Strix 1080 OC Corsair LPX  
Hard DriveHard DriveCoolingOS
Samsung 850 pro WD Blue Kraken x61 Windows 10 
Case
Cooler Master Mastercase Maker 5 
CPUMotherboardGraphicsRAM
i5 6600k asus z170-ar asus gtx 970 direct cu II 16 GB corsair ddr4 3000mhz 
Hard DriveOptical DriveCoolingPower
samsung 840 120gb Lg Super-Multi Corsair H105 Corsair cx750m 
Case
Fractal Design Define R4 
  hide details  
Reply
It is RYZEN!
(9 items)
 
   
CPUMotherboardGraphicsRAM
1700x ASUS Crosshair Hero VI ASUS Strix 1080 OC Corsair LPX  
Hard DriveHard DriveCoolingOS
Samsung 850 pro WD Blue Kraken x61 Windows 10 
Case
Cooler Master Mastercase Maker 5 
CPUMotherboardGraphicsRAM
i5 6600k asus z170-ar asus gtx 970 direct cu II 16 GB corsair ddr4 3000mhz 
Hard DriveOptical DriveCoolingPower
samsung 840 120gb Lg Super-Multi Corsair H105 Corsair cx750m 
Case
Fractal Design Define R4 
  hide details  
Reply
post #5 of 21
Quote:
Originally Posted by Oozypunk View Post

So the main question i have is does this work 100% without internet connection.. because it has to be done in a government facility where he is not allowed to connect.

Nothing is 100%, but the Rescue Disk will at least get him to a point where he can get to the desktop.

Nevermind the fact that if he's not allowed to connect to the internet, he should not have picked up this bug in the first place.
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
post #6 of 21
Thread Starter 
I 100% agree that he is stupid for picking it up in the first place but what choice do i have when talking back to someone who wants it done, no lip. I guess ill test my old Handy dandy TRK and AVG and after that finally try kas.
It is RYZEN!
(9 items)
 
   
CPUMotherboardGraphicsRAM
1700x ASUS Crosshair Hero VI ASUS Strix 1080 OC Corsair LPX  
Hard DriveHard DriveCoolingOS
Samsung 850 pro WD Blue Kraken x61 Windows 10 
Case
Cooler Master Mastercase Maker 5 
CPUMotherboardGraphicsRAM
i5 6600k asus z170-ar asus gtx 970 direct cu II 16 GB corsair ddr4 3000mhz 
Hard DriveOptical DriveCoolingPower
samsung 840 120gb Lg Super-Multi Corsair H105 Corsair cx750m 
Case
Fractal Design Define R4 
  hide details  
Reply
It is RYZEN!
(9 items)
 
   
CPUMotherboardGraphicsRAM
1700x ASUS Crosshair Hero VI ASUS Strix 1080 OC Corsair LPX  
Hard DriveHard DriveCoolingOS
Samsung 850 pro WD Blue Kraken x61 Windows 10 
Case
Cooler Master Mastercase Maker 5 
CPUMotherboardGraphicsRAM
i5 6600k asus z170-ar asus gtx 970 direct cu II 16 GB corsair ddr4 3000mhz 
Hard DriveOptical DriveCoolingPower
samsung 840 120gb Lg Super-Multi Corsair H105 Corsair cx750m 
Case
Fractal Design Define R4 
  hide details  
Reply
post #7 of 21
Hirens boot CD and portable apps with clam win, McAfee stinger, spybot and tdds killer
   
Office Special
(8 items)
 
CPUMotherboardGraphicsRAM
Intel Core i7-4790K Gigabyte Z97MX - Gaming 5 Gigabyte GeForce GTX 970 G1 Gaming Corsair Vengeance 8GB 1600MHz 
Hard DriveCoolingOSMonitor
Samsung 840 EVO 120GB Corsair H50 Windows 8.1 64-bit ASUS VH238H 
KeyboardPowerCaseMouse
SteelSeries 6G Corsair Professional HX650W Fractal Design Define Mini SteelSeries Ikari Laser 
CPUMotherboardGraphicsRAM
Intel Core i5-2410M Lenovo NVIDIA GeForce GT 555M 1GB GDDR5 Samsung 8GB 1333MHz CL9 
Hard DriveOptical DriveCoolingOS
RunCore 30GB mSATA SSD + Western Digital Caviar... LG BD-ROM / DVD RW Cooler Master NotePal U2 Windows 7 Home Premium 
MonitorPowerCase
15.6" 1366x768 Delta 120W IdeaPad Y570 
  hide details  
Reply
   
Office Special
(8 items)
 
CPUMotherboardGraphicsRAM
Intel Core i7-4790K Gigabyte Z97MX - Gaming 5 Gigabyte GeForce GTX 970 G1 Gaming Corsair Vengeance 8GB 1600MHz 
Hard DriveCoolingOSMonitor
Samsung 840 EVO 120GB Corsair H50 Windows 8.1 64-bit ASUS VH238H 
KeyboardPowerCaseMouse
SteelSeries 6G Corsair Professional HX650W Fractal Design Define Mini SteelSeries Ikari Laser 
CPUMotherboardGraphicsRAM
Intel Core i5-2410M Lenovo NVIDIA GeForce GT 555M 1GB GDDR5 Samsung 8GB 1333MHz CL9 
Hard DriveOptical DriveCoolingOS
RunCore 30GB mSATA SSD + Western Digital Caviar... LG BD-ROM / DVD RW Cooler Master NotePal U2 Windows 7 Home Premium 
MonitorPowerCase
15.6" 1366x768 Delta 120W IdeaPad Y570 
  hide details  
Reply
post #8 of 21
Quote:
Originally Posted by Oozypunk View Post

I 100% agree that he is stupid for picking it up in the first place but what choice do i have when talking back to someone who wants it done, no lip. I guess ill test my old Handy dandy TRK and AVG and after that finally try kas.

I've dealt with the "send us money lolzzz" malware many times and I have had really good luck with the KRD/WindowsUnlocker. Do that first or you'll be there all day waiting for a scan to complete.
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
post #9 of 21
Thread Starter 
Quote:
Originally Posted by Oedipus View Post

I've dealt with the "send us money lolzzz" malware many times and I have had really good luck with the KRD/WindowsUnlocker. Do that first or you'll be there all day waiting for a scan to complete.

Thanks for the help ill tell him to run through your steps. and ill burn a copy of KRD here in a little bit, will let you know how it all goes tomorrow.
It is RYZEN!
(9 items)
 
   
CPUMotherboardGraphicsRAM
1700x ASUS Crosshair Hero VI ASUS Strix 1080 OC Corsair LPX  
Hard DriveHard DriveCoolingOS
Samsung 850 pro WD Blue Kraken x61 Windows 10 
Case
Cooler Master Mastercase Maker 5 
CPUMotherboardGraphicsRAM
i5 6600k asus z170-ar asus gtx 970 direct cu II 16 GB corsair ddr4 3000mhz 
Hard DriveOptical DriveCoolingPower
samsung 840 120gb Lg Super-Multi Corsair H105 Corsair cx750m 
Case
Fractal Design Define R4 
  hide details  
Reply
It is RYZEN!
(9 items)
 
   
CPUMotherboardGraphicsRAM
1700x ASUS Crosshair Hero VI ASUS Strix 1080 OC Corsair LPX  
Hard DriveHard DriveCoolingOS
Samsung 850 pro WD Blue Kraken x61 Windows 10 
Case
Cooler Master Mastercase Maker 5 
CPUMotherboardGraphicsRAM
i5 6600k asus z170-ar asus gtx 970 direct cu II 16 GB corsair ddr4 3000mhz 
Hard DriveOptical DriveCoolingPower
samsung 840 120gb Lg Super-Multi Corsair H105 Corsair cx750m 
Case
Fractal Design Define R4 
  hide details  
Reply
post #10 of 21
First of all he and you should not be attempting to remove this from a gov computer. What you should be doing is what you have to take training for each and every year.

Disconnect the system from the network and contract CERT!!!

Adn since your at Scott you should know dam good and well what you should be doing! If not explain the situation to your ISSO.
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Co-worker came across a rather nasty virus.. A little help?