Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 12-07-2012, 11:41 AM   #11
Fully Optimized
 
jmacavali's Avatar
 
Join Date: Jun 2009
Posts: 4,867
Default Re: System locked by a pay me scam

Check it: For PC Virus Victims, Pay or Else - Yahoo! Finance
__________________

__________________
****************************************
Don't take life too seriously -- no one gets out alive. Plus, who wants to arrive to the hereafter in pristine condition wearing a suit and tie?
I want to slide in sideways, worn out, used up, hair a mess, clothes tattered, & screaming, "Whooo! What a ride!"
****************************************
jmacavali is offline   Reply With Quote
Old 12-07-2012, 11:49 AM   #12
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: System locked by a pay me scam

Acer's support downloads take forever to get. 16MB wireless lan driver has been going for over an hour now. Jeeze...
__________________

setishock is offline   Reply With Quote
Old 12-08-2012, 01:21 PM   #13
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: System locked by a pay me scam

I hate to tell this gal but this little 1.6 with 1 gig of ram runs better on vista.
setishock is offline   Reply With Quote
Old 01-10-2013, 11:01 PM   #14
Solid State Member
 
Join Date: Jan 2013
Location: US
Posts: 9
Default Re: System locked by a pay me scam

I stongly disagree with those who just want to format the drive and re-load the OS. Way too time consuming and for the average person it's too technical.

I've dealt with the FBI Green Dot MoneyPak threat and it's variants a few dozen times now. It's just as easy to remove as all the other scam fake security clients out there. Nothing extra fancy.

Option 1. Log into the admin account (Another Users account as only 1 is infected). Run a full AV scan or just delete the file under the infected account under the %/UserNAME/AppData folder.

Option 2. Create a secondary account with admin rights. Then same thing as in option 1. You need to run a full AV scan afterwards.

Option 3. Go to Run, Type msconfig, select the startup tab, unselect the virus file from start-up. IT will be in the same folder as shown in Option 1. Re-boot, Run full virus scan.

I have at least 10 similar other ways to kill this threat off. It's not like it's something all that harmful. It's a simple malware client that is not smart. Just run the Full AV scan at the end.

As for effecting users setting, you can use combofix.exe if need be. I have not had to use it on any of the systems I've repaired and tested the threat on.
virusslayer is offline   Reply With Quote
Old 01-11-2013, 12:03 AM   #15
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: System locked by a pay me scam

It went straight to the hostage page in normal or safe mode. Kinda hard to do it the way you suggest when you can't access anything.
setishock is offline   Reply With Quote
Old 01-11-2013, 12:54 AM   #16
Solid State Member
 
Join Date: Jan 2013
Location: US
Posts: 9
Default Re: System locked by a pay me scam

Quote:
Originally Posted by setishock View Post
It went straight to the hostage page in normal or safe mode. Kinda hard to do it the way you suggest when you can't access anything.
I have never seen this threat load before you login in safe mode. After you log in yes. The point was to choose a different user account that is not infected. XP, Vista and Win 7 all have a default admin account you can access that should not be infected. as mentioned I've dealt with this threat many times and the above has always worked for me.

You can also boot to Dos AKA comannd line if you are familiar with those commands. Rather simple, browse to the AppData Directory and delete the file that way.

If it is as you say loading in safe mode before you log into your account I can see your frustration. Command line may be your best shot. Another quick idea is to try and bring up the Task Manager right away. In all most all cases you can bring it up before the auto login compleates. It may take a few attempts and reboots to time it perfectly. From there you can either terminate the threat with this method then delete the file.
virusslayer is offline   Reply With Quote
Old 01-11-2013, 03:48 PM   #17
Solid State Member
 
Join Date: Dec 2012
Location: USA
Posts: 18
Default Re: System locked by a pay me scam

setishock,

Do I understand correctly that the laptop is running Windows 7?

Do you know whether the computer is 32-bit or 64-bit?

Do you have the Repair your computer option in the Advanced Boot Options menu? (Just let us know, and do not use it yet. This is an avenue by which we get to a Command Prompt outside of Windows.)

To find out:


Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
  • Is the Repair your computer option listed?
If you do not have the option above, do you have a Windows installation CD/DVD available?
cottonball is offline   Reply With Quote
Old 01-11-2013, 08:44 PM   #18
Solid State Member
 
Join Date: Dec 2012
Location: USA
Posts: 18
Default Re: System locked by a pay me scam

Or, is it running Vista now?

Do you know whether it is 32-bit or 64-bit?

To find out in Vista, try the following:

Press these keyboard keys in sequence: Alt Ctrl Delete

Windows Task Manager should open.
Press: New Task...

In the Create New Task prompt, where it says Open, type in: Control Panel
Click: OK

Can you get access to the Control Panel, and select System?
It will show whether it is 32 or 64 bit.
cottonball is offline   Reply With Quote
Old 01-12-2013, 01:56 AM   #19
In Runtime
 
Fujitsu_Technician's Avatar
 
Join Date: Sep 2012
Location: UK
Posts: 284
Default Re: System locked by a pay me scam

Quote:
Originally Posted by cottonball View Post
Or, is it running Vista now?

Do you know whether it is 32-bit or 64-bit?

To find out in Vista, try the following:

Press these keyboard keys in sequence: Alt Ctrl Delete

Windows Task Manager should open.
Press: New Task...

In the Create New Task prompt, where it says Open, type in: Control Panel
Click: OK

Can you get access to the Control Panel, and select System?
It will show whether it is 32 or 64 bit.
What do you have in mind?
why does it matter weather or not it is 32bit or 64bit?
is this problem still current?
has the Client done everything Suggested?
this is simple to get rid of all you have to do is follow the orignal video I put up it could not be easier.

this is malware and nothing more than scam ware I have dealt with way more tricky viruses in the past than this.

Kind Regards
Fujitsu_Technician is offline   Reply With Quote
Old 01-12-2013, 05:00 PM   #20
Solid State Member
 
Join Date: Dec 2012
Location: USA
Posts: 18
Default Re: System locked by a pay me scam

What do you have in mind?
The same as everyone else: to help the OP!

Why does it matter whether or not it is 32bit or 64bit?
There are advanced tools that run only on 32 bit systems, or only on 64 bit systems, so, you need to know which one to use.

This is simple to get rid of all you have to do is follow the orignal video I put up it could not be easier.
Like everything else in the world of computers, some things work, and some do not. The video has worked in some situations, but it has not worked in others.

That laptop is the heck of a mess, and, what else lurks in that system, is an unknown.

Just trying to provide the OP with another option, in case the ones already provided do not work.

The OP was here a couple of days ago, so he/she may come around to provide some feedback or discuss matters.
__________________

cottonball is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 12:28 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0