×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Ransomeware back again

Ransomeware back again

Ransomeware back again

(OP)
Hi! Long time no see...hope everyone is well and happy here.
Listen, pros, I had gotten this Ransomware a few month ago where they hijacking your PC and asking to buy Moneupack and pay them $300...
So we took it to the professional and he fixed it for $200.
He had also suggested to create a user who isn't an admin and loging as non-admin user so virus will have no easy way in...
Few month passed by and today husband saw it again, however he rebooted and virus was gone, he went and checked bank account balance and we went to work.
I am worry that coming back home we will find it hanging in there.
Are we going to have to spend $200 every once in a while now?


PC's story. Daughter used to download music on that PC. She is in college for 2 years now. Has her o0wn laptop, not using that PC anymore.
Since it is on second floor we are not going there at all unless we are checking bank accounts. Only stupid thing my husband does is going talking to his classmates from Russia. Odnoklassniki.com. I had heard it can be the reason.

Please, advise...

RE: Ransomeware back again

So long as your users visit sites that can host this stuff you are at risk of acquiring infections.

You can remove it yourself, although the work involved can sometimes make the $200 appear cheap.

Malwarebytes is the best program for removal that I have found.

Ed Fair
Give the wrong symptoms, get the wrong solutions.

RE: Ransomeware back again

In my experience, MBAM does NOT remove that malware. Here are two videos that show alternate ways of getting rid of it. And $200 is too expensive for malware removal UNLESS they did a complete backup of your computer, reloaded windows and all applications and put all your data back. As stated, risky sites or behaviors will net you something. I have a customer who has gotten MoneyPak malware 4 times.

Try first: System Restore method http://www.youtube.com/watch?v=cuctc1_g0as

Other method
https://www.youtube.com/watch?v=HdP1auHhGtQ

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares."

RE: Ransomeware back again

The US-Computer Readiness Team (US-CERT) has issued this warning about this ransomware.

James P. Cottingham
I'm number 1,229!
I'm number 1,229!

RE: Ransomeware back again

Same answer given for two different questions - very efficient.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares."

RE: Ransomeware back again

I'm either efficient or cheap. smile

James P. Cottingham
I'm number 1,229!
I'm number 1,229!

RE: Ransomeware back again

From the original post it sounded like it was a case of FBI Moneypak rather than Cryptolocker. Two different approaches are required. If it had been Crypto in the first case there probably wouldn't have been a $200 local fix.

Ed Fair
Give the wrong symptoms, get the wrong solutions.

RE: Ransomeware back again

I pretty much thought that the same removal method could be used to cure both malwares, however with the crypto version, your data might be lost whereas, with the original, it's just your PC that is hosed.

$200 will never replace your data unless you have a good backup scheme and it just needs to be retrieved. Tape backup is looking better all of a sudden again because it's OFFline. Any type of backup that is incremental but doesn't store previous restorable versions would be very at risk for this.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares."

RE: Ransomeware back again

Fortunately, no Crypto yet. Been through 2 FBI, 1 Homeland Security, and 1 NSA moneypak, 1 each on customer's machines. Same malware, just a different screen. MBAM cleaned all. Had MSE running on 1 of the FBI versions at the same time as MBAM was running (forgot to shut it off) and it was funny watching MBAM find and mark it and MSE wipe it out, real time. Other FBI was cleared as an external drive and it found stuff across 2 runs.

Only way I've found to get customers to do backups is to automate it.

Ed Fair
Give the wrong symptoms, get the wrong solutions.

RE: Ransomeware back again

Quote:

Only way I've found to get customers to do backups is to automate it.
That's what I had to do for the office and my wife. For the office I set up a NAS. For my wife I bought a big, inexpensive external hard drive. She plugs it in at night and off it goes while we sleep.

James P. Cottingham
I'm number 1,229!
I'm number 1,229!

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close