dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2928
share rss forum feed


08034016
Hallo lisa Aus Amerika
Premium
join:2001-08-31
Byron, GA

[Scam] RANSOMWARE

there is a scam going around spread this to everybody...............



quote:
The FBI is warning against a virus called Reveton ransomware, which can activate by clicking on a compromised web page. The scam appears to come from the FBI, complete with an FBI logo and a warning accusing the user of distributing child pornography. It then freezes the computer and demands payment of $100 or more within 72 hours.
»kstp.com/news/stories/S2896398.shtml?cat=1
--
Holocaust survivors and their family's fill this out.
»online.ushmm.org/registry/update···form.php

The Antihero

join:2002-04-09
Enola, PA

1 recommendation

One of my friends got hit with one of these recently. Fortunately, she was smart enough not to fall for it, and called me instead.

It was actually pretty easy to get around. All I had to do was start it in safe mode. Malwarebytes was then able to get rid of it.



08034016
Hallo lisa Aus Amerika
Premium
join:2001-08-31
Byron, GA

said by The Antihero:

It was actually pretty easy to get around. All I had to do was start it in safe mode. Malwarebytes was then able to get rid of it.

Glad to here this.

GroovyPhoenx

join:2006-05-22
Gloucester, ON
reply to 08034016

There's a Canadian and Russian version running around as well, the Canadian one reports to be from RCMP and one from CSIS, both using the legit logo's same type of scam though they don't ask for MoneyPak they ask for "Ucash" I've removed it from like at least 30 PC's so far more of a pain in teh ass then actually effective!


Libra
Premium
join:2003-08-06
USA
kudos:1
reply to The Antihero

I'm curious. Did you have to use safe mode with networking so that Malwarebytes could update itself, or were you able to update Malwarebytes before going into safe mode?

Sincerely, Libra



Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
reply to 08034016

I read a few days ago that police in Russia, Georgia and the Ukraine arrested 11 in a cybercrime ransomware scam much like this one.

A drop in the bucket, but at least its a start.
--
I, for one, welcome our new Computer Overlords.



Micha3615

join:2004-08-21
Mississauga, ON

1 recommendation

reply to 08034016

I had to remove this kind of ransomware a few weeks ago but it was much worse for him.

When I tried to boot in safemode with or without networking, I would be able to login but after a minute in the boot process the PC would reboot.

For him, since he didn't have any other accounts enabled I had to boot with command prompt and then enable the admin account.
After I rebooted I was able to logon in safemode with networking and install Malewarebytes with the latest definition



08034016
Hallo lisa Aus Amerika
Premium
join:2001-08-31
Byron, GA

said by Micha3615:

I had to remove this kind of ransomware a few weeks ago but it was much worse for him.

When I tried to boot in safemode with or without networking, I would be able to login but after a minute in the boot process the PC would reboot.

For him, since he didn't have any other accounts enabled I had to boot with command prompt and then enable the admin account.
After I rebooted I was able to logon in safemode with networking and install Malewarebytes with the latest definition

Interesting. thanks
--
Holocaust survivors and their family's fill this out.
»online.ushmm.org/registry/update···form.php

The Antihero

join:2002-04-09
Enola, PA
reply to Libra

said by Libra:

I'm curious. Did you have to use safe mode with networking so that Malwarebytes could update itself, or were you able to update Malwarebytes before going into safe mode?

I had to go into Safe Mode with networking. That was the only way I could log in.

Libra
Premium
join:2003-08-06
USA
kudos:1

Thank you.



Oleg
Premium
join:2003-12-08
Birmingham, AL
kudos:2
reply to 08034016

Hm. FBI virus Ver. 2?



08034016
Hallo lisa Aus Amerika
Premium
join:2001-08-31
Byron, GA

1 recommendation

said by Oleg:

Hm. FBI virus Ver. 2?

What you mean.. people that fall for this are fools because why would a goverment law enforcement agency advertise K-mart/wal-mart on a government website !!!!


Oleg
Premium
join:2003-12-08
Birmingham, AL
kudos:2

The first case of FBI virus was seen in 2012.



Trimline
Premium
join:2004-10-24
Windermere, FL
Reviews:
·ObiVoice
·Bright House
·Callcentric
·voip.ms

1 recommendation

reply to The Antihero

said by The Antihero:

said by Libra:

I'm curious. Did you have to use safe mode with networking so that Malwarebytes could update itself, or were you able to update Malwarebytes before going into safe mode?

I had to go into Safe Mode with networking. That was the only way I could log in.

Oh goodness, my friend got one of these as well. The crooks have upgraded the malware so that you could not even go in to Safe Mode with/without Networking.

I finally had to literally crash the machine via a power off, reboot and perform a rollback to a previous version of W7 via restore.

Just a warning - I have no idea how it got introduced to the machine, but run Malware Bytes once back online.

Later that day, I found notes from another victim that did make sense once booted into DOS:

Restoring to an earlier restore point did not work for me. After searching around in safe mode, I found a different implementation. A fake file – ctfmon.exe – was created in the startup directory – %AppData%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup. I knew because the modified date was earlier today. I deleted that file, and now everything is OK.

Hope none of you fall victim to this one... It's a tough one to crack.

psloss
Premium
join:2002-02-24
Lebanon, KS

said by Trimline:

Oh goodness, my friend got one of these as well. The crooks have upgraded the malware so that you could not even go in to Safe Mode with/without Networking.

What happens when you try to go into Safe Mode? Starting to hear about this, but haven't got a chance to test it yet.


Trimline
Premium
join:2004-10-24
Windermere, FL
Reviews:
·ObiVoice
·Bright House
·Callcentric
·voip.ms

said by psloss:

said by Trimline:

Oh goodness, my friend got one of these as well. The crooks have upgraded the malware so that you could not even go in to Safe Mode with/without Networking.

What happens when you try to go into Safe Mode? Starting to hear about this, but haven't got a chance to test it yet.

Using Safe Mode with or without Networking causes the PC to reboot - just about when the desktop is displayed. This was the most frustrating one by far. You can't even get in any workable mode. I had read earlier, this is the new variety as of Jan 2013.

psloss
Premium
join:2002-02-24
Lebanon, KS

said by Trimline:

Using Safe Mode with or without Networking causes the PC to reboot - just about when the desktop is displayed. This was the most frustrating one by far. You can't even get in any workable mode. I had read earlier, this is the new variety as of Jan 2013.

OK, thanks -- did you see a blue screen flash before the reboot?


Phoenix22
Death From Above
Premium
join:2001-12-11
SOG C&C Nrth
reply to 08034016

good point, duh!



Trimline
Premium
join:2004-10-24
Windermere, FL
Reviews:
·ObiVoice
·Bright House
·Callcentric
·voip.ms
reply to psloss

said by psloss:

said by Trimline:

Using Safe Mode with or without Networking causes the PC to reboot - just about when the desktop is displayed. This was the most frustrating one by far. You can't even get in any workable mode. I had read earlier, this is the new variety as of Jan 2013.

OK, thanks -- did you see a blue screen flash before the reboot?

I don't recall any blue screen, I was seeing red though....


Micha3615

join:2004-08-21
Mississauga, ON
reply to 08034016

Hi Trimline, see my post above. By default the administrator account is not enabled, if you would have done safe mode with command prompt, you could have enabled the account by using:

net user administrator /active:yes

This is what I had to do in order to login into the machine and run mwb.


PowerfulOwl

join:2013-03-04
La Mirada, CA
reply to 08034016

My computer got hit by one of those FBI virus a few months ago. I ended up reformatting my hard drive and reinstall my OS. Luckily, I backed up all my pics and videos.

What a jerk!!!! Whoever created this virus need to be locked up for a long time.