System locked by a pay me scam

Acer's support downloads take forever to get. 16MB wireless lan driver has been going for over an hour now. Jeeze...
 
I stongly disagree with those who just want to format the drive and re-load the OS. Way too time consuming and for the average person it's too technical.

I've dealt with the FBI Green Dot MoneyPak threat and it's variants a few dozen times now. It's just as easy to remove as all the other scam fake security clients out there. Nothing extra fancy.

Option 1. Log into the admin account (Another Users account as only 1 is infected). Run a full AV scan or just delete the file under the infected account under the %/UserNAME/AppData folder.

Option 2. Create a secondary account with admin rights. Then same thing as in option 1. You need to run a full AV scan afterwards.

Option 3. Go to Run, Type msconfig, select the startup tab, unselect the virus file from start-up. IT will be in the same folder as shown in Option 1. Re-boot, Run full virus scan.

I have at least 10 similar other ways to kill this threat off. It's not like it's something all that harmful. It's a simple malware client that is not smart. Just run the Full AV scan at the end.

As for effecting users setting, you can use combofix.exe if need be. I have not had to use it on any of the systems I've repaired and tested the threat on.
 
It went straight to the hostage page in normal or safe mode. Kinda hard to do it the way you suggest when you can't access anything.
 
It went straight to the hostage page in normal or safe mode. Kinda hard to do it the way you suggest when you can't access anything.

I have never seen this threat load before you login in safe mode. After you log in yes. The point was to choose a different user account that is not infected. XP, Vista and Win 7 all have a default admin account you can access that should not be infected. as mentioned I've dealt with this threat many times and the above has always worked for me.

You can also boot to Dos AKA comannd line if you are familiar with those commands. Rather simple, browse to the AppData Directory and delete the file that way.

If it is as you say loading in safe mode before you log into your account I can see your frustration. Command line may be your best shot. Another quick idea is to try and bring up the Task Manager right away. In all most all cases you can bring it up before the auto login compleates. It may take a few attempts and reboots to time it perfectly. From there you can either terminate the threat with this method then delete the file.
 
setishock,

Do I understand correctly that the laptop is running Windows 7?

Do you know whether the computer is 32-bit or 64-bit?

Do you have the Repair your computer option in the Advanced Boot Options menu? (Just let us know, and do not use it yet. This is an avenue by which we get to a Command Prompt outside of Windows.)

To find out:


Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
  • Is the Repair your computer option listed?
If you do not have the option above, do you have a Windows installation CD/DVD available?
 
Or, is it running Vista now?

Do you know whether it is 32-bit or 64-bit?

To find out in Vista, try the following:

Press these keyboard keys in sequence: Alt Ctrl Delete

Windows Task Manager should open.
Press: New Task...

In the Create New Task prompt, where it says Open, type in: Control Panel
Click: OK

Can you get access to the Control Panel, and select System?
It will show whether it is 32 or 64 bit.
 
Last edited:
Or, is it running Vista now?

Do you know whether it is 32-bit or 64-bit?

To find out in Vista, try the following:

Press these keyboard keys in sequence: Alt Ctrl Delete

Windows Task Manager should open.
Press: New Task...

In the Create New Task prompt, where it says Open, type in: Control Panel
Click: OK

Can you get access to the Control Panel, and select System?
It will show whether it is 32 or 64 bit.

What do you have in mind?
why does it matter weather or not it is 32bit or 64bit?
is this problem still current?
has the Client done everything Suggested?
this is simple to get rid of all you have to do is follow the orignal video I put up it could not be easier.

this is malware and nothing more than scam ware I have dealt with way more tricky viruses in the past than this.

Kind Regards
 
What do you have in mind?
The same as everyone else: to help the OP!

Why does it matter whether or not it is 32bit or 64bit?
There are advanced tools that run only on 32 bit systems, or only on 64 bit systems, so, you need to know which one to use.

This is simple to get rid of all you have to do is follow the orignal video I put up it could not be easier.
Like everything else in the world of computers, some things work, and some do not. The video has worked in some situations, but it has not worked in others.

That laptop is the heck of a mess, and, what else lurks in that system, is an unknown.

Just trying to provide the OP with another option, in case the ones already provided do not work.

The OP was here a couple of days ago, so he/she may come around to provide some feedback or discuss matters. :thumb:
 
Back
Top Bottom