# FBI ATTENTION...locked out and Windows 8



## Raw (Dec 7, 2012)

FBI ATTENTION...locked out of one of my pcs and that one runs Windows 8 Pro.

I went to Johnnyguru.com and I suspected something was going on that was funny.
I got some strange pop-up while there and didn't catch it when it appeared, it was too fast.
Next thing I know I get this goofy FBI lock out- my pc's blocked screen.
And they claim I need to send money to someplace called MoneyPak.

How do I get into Control Panel to remove this file from start up again, BEFORE the damn machine locks while trying?


----------



## mlee49 (Dec 7, 2012)

Ever heard of Safe Mode?

I would start there.


----------



## FordGT90Concept (Dec 7, 2012)

I'd format.  Whatever you do, don't pay them a cent.


----------



## natr0n (Dec 7, 2012)

http://www.malwarebytes.org/

run in safemode


----------



## Black Panther (Dec 7, 2012)

Check this out, and run malwarebytes.


----------



## TheMailMan78 (Dec 7, 2012)

You can also run Kapersky Rescue Disk which is free. That will get any nasties that made it to your MBR. After you get her cleaned up. Back up your stuff and format. Once your reinstall everything install an anti-virus BEFORE you put back on your backed up stuff.


----------



## Norton (Dec 7, 2012)

Search FBI/Moneypak virus- I had to format and reinstall everything on a friends machine due to this damn thing. There is supposed to be a way to remove it but the format/reinstall seemed quicker after reviewing what needed to get done....

P.S> I think it blocks out safe mode too :shadedshu


----------



## TheMailMan78 (Dec 7, 2012)

Norton said:


> Search FBI/Moneypak virus- I had to format and reinstall everything on a friends machine due to this damn thing. There is supposed to be a way to remove it but the format seemed quicker after reviewing what needed to get done....
> 
> P.S> I think it blocks out safe mode too :shadedshu



Kapersky Rescue Disk next time man. It nukes the hell out of it and allows you back into the OS.


----------



## Raw (Dec 7, 2012)

mlee49 said:


> Ever heard of Safe Mode?
> 
> I would start there.



Ever hear of WIndows 8?

I can't get to safemode...

Not that I can figure out how to.


----------



## TheMailMan78 (Dec 7, 2012)

Raw said:


> Ever hear of WIndows 8?
> 
> I can't get to safemode...
> 
> Not that I can figure out how to.



Just boot from the Kapersky disk man.


----------



## FordGT90Concept (Dec 7, 2012)

I don't even try to boot into infected systems (just gives it a window to invite more malicious friends on).  I pull the drive and plug it into an uninffected system ("Take No Action" to autoplay), get the data off, then beat it with the stupid stick (full NTFS format).  I haven't met a virus this didn't work on.


----------



## Crap Daddy (Dec 7, 2012)

The bad news is that MSE which runs by default with Win 8 didn't catch the FBI.


----------



## Raw (Dec 7, 2012)

TheMailMan78 said:


> Kapersky Rescue Disk next time man. It nukes the hell out of it and allows you back into the OS.



I got this crap before on Win 7 machines, it was no problem removing it with 7.

It was some start up feature in Control Panel somewhere.

But WIn 8?
No clue...


----------



## natr0n (Dec 7, 2012)

Raw said:


> I got this crap before on Win 7 machines, it was no problem removing it with 7.
> 
> It was some start up feature in Control Panel somewhere.
> 
> ...



backup/format, go back to 7

why use an OS you cant even figure out.


----------



## TheMailMan78 (Dec 7, 2012)

Crap Daddy said:


> The bad news is that MSE which runs by default with Win 8 didn't catch the FBI.



Might be a zero day variant, with that being said he clicked on something because it installed. Java expolits normally re-route. You don't just get the "FBI" by going to a website.


----------



## Crap Daddy (Dec 7, 2012)

TheMailMan78 said:


> Might be a zero day variant, with that being said he clicked on something because it installed. Java expolits normally re-route. You don't just get the "FBI" by going to a website.



And where's UAC then? Is FBI so elusive?


----------



## Steevo (Dec 7, 2012)

Its because java sucks donkey balls and swallows.

Unless you have a "clean room" where you can isolate and clean a PC for mat and reinstall from disk.


----------



## mediasorcerer (Dec 7, 2012)

This isn't the fbi, you've got a virus.

Pull your hdrive out, place in external case and use someone elses machine to reformat or do it with install disc.


----------



## TheMailMan78 (Dec 7, 2012)

Crap Daddy said:


> And where's UAC then? Is FBI so elusive?



Normally those things screen the UAC window as "Click here to Cancel Installation" or it pops open a "pop up window" in your browser. When you click on the close icon its really giving the go ahead in the UAC. You think you are just closing a window but you are really installing something.


----------



## Easy Rhino (Dec 7, 2012)

you have no other alternative but to burn your house down and start over with a new life.


----------



## Morgoth (Dec 7, 2012)

or mybe get a bootble linux on a usb drive and use that to format ur harddrive..


----------



## Raw (Dec 7, 2012)

TheMailMan78 said:


> Might be a zero day variant, with that being said he clicked on something because it installed. Java expolits normally re-route. You don't just get the "FBI" by going to a website.



If I remember correctly I just typed johnnyguru into the address bar and it didn't start right up, it took me somewhere else so I quit IE and searched for johnnyguru and loaded it that way, through search, to the johnnyguru.com site.
I was in there for maybe 5 minutes and a popup flashed by.
Next thing I know....FBI bs.

I bought and installed the $14.00 online thing Win 8 a few weeks ago, I'm STILLLLLL waiting for my ordered backup CD.
I was supposed to be delivered in 4-8 days, per WIndows Support.
I don't even have a way to reload the system now, until the cd arrives.

Actually I called them this AM and asked about the delivery.
They said it looks like it was shipped out but thay would re-ship a different expedited CD to me.
I couldn't actually understand the guy very good as he had a real strange Indian???? accent but I did hear that much.

As I've had some time to play with Win 8 now, I really don't like it 
I think I'm just going back to good old Win 7 and forget it.
There are a few issues with 8 I don't like.
That machine runs a security camera system for my home and it's flakey.
Some days it works just fine, some days it doesn't work at all.
Everytime Win 8 updates itself it wipes out my security card drivers and I have to reload them.
Also, I see zero speed improvement anywhere using anything, and it's flat out ugly looking.
NOW, I find out I can't even get to Safe Mode????
FFSakes

Don't get me wrong, I used it daily and it almost grew on me. I also had the demo Win 8 back when it came out.
It's not a bad OS, just not to my liking.
And this issue broke the camels back for me.


----------



## Raw (Dec 7, 2012)

Easy Rhino said:


> you have no other alternative but to burn your house down and start over with a new life.



Thanks, I'll forward that to my insurance guy and my priest and see if they think that would work.


----------



## Jstn7477 (Dec 7, 2012)

My dad's work PC got this a couple months ago, MSE never found it. Avast did but was unable to remove the rootkit, but blocked it from phoning home at the least. I would love to install Avast on the computers of clients but I know I can't rely on them to re-activate the software every year (which is dumb, the program is free ffs).

Windows 8's lack of a cut to the chase method of getting to Safe Mode is dumb. Your computer has to "not be able to boot up" a few times to even get to the Advanced Startup Options menu, and even then most of the time it just rolls back all your crap that didn't even cause a problem because you overclocked too hard or installed a dodgy driver. No idea why Microsoft changed that so much and removed the F8 options for computer professionals.


----------



## X800 (Dec 7, 2012)

You can boot in to safe mode win8.Here how to http://www.howtogeek.com/107511/how-to-boot-into-safe-mode-on-windows-8-the-easy-way/


----------



## dir_d (Dec 7, 2012)

to get into safemode easy in win 8 go into msconfig and flag safemode on boot. Super simple and easy.


----------



## Drone (Dec 8, 2012)

Ransomware ...

How to get rid of it

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware


http://blog.eset.com/2012/08/20/fbi-ransomware-reveton-seeks-moneypak-payment-in-the-name-of-the-law

http://www.fbi.gov/knoxville/press-releases/2012/internet-scam-warning-reveton-ransomware

I remember it was in all summer news


----------



## Arctucas (Dec 8, 2012)

@RAW,

Did you perhaps mean to go to jonnyGURU.com (the PSU review site)?


----------



## Raw (Dec 8, 2012)

Arctucas said:


> @RAW,
> 
> Did you perhaps mean to go to jonnyGURU.com (the PSU review site)?



Yea... that's where I wanted to go.

OMG, I must have mistyped it the first attempt and I'll bet that's where I picked up this shit.
I think I may have typed joHNny or something else.


----------



## Raw (Dec 8, 2012)

dir_d said:


> to get into safemode easy in win 8 go into msconfig and flag safemode on boot. Super simple and easy.



Want to tell me how to go into msconfig when I can't go in to msconfig?
I can't go in to anything.


And shift-F8 doesn't get me in to advanced mode to allow me to get to the command line to use msconfig.

As the machine actually does get to the OS for a few seconds I can use Win key+R and get me to the command line BUT it just disappears as soon as I enter msconfig hit the enter key.
Then the FBI bs pops up.
Very aggravating.

I'm going to pull the drive and slave it elsewhere to fix it this morning.


----------



## Melvis (Dec 8, 2012)

Seen this before on a computer that came in a few weeks back, wasnt the FBI but was some police BS that said and asked the same thing. Pulled the drive out of the machine, connected it to another computer as a slave drive, then ran a scan through it (just happened to be avast). Virus gone!!

Safe mode wont work either as it also pops up in that.


----------



## Jetster (Dec 8, 2012)

shift + f8


----------



## Jetster (Dec 8, 2012)

The newegg shell shocker is Kasperski $10...For next time


----------



## Raw (Dec 9, 2012)

*Good riddance to rubbish*

Well, I finally flushed Win 8 down the toilet and went back to 7 on my Security System.

When (if ever) I get the Win 8 CD from Microsoft in the mail that I ordered I'm going to donate it to a needy family or Salvation Army.
Although I may feel guilty about doing that.


----------



## ThE_MaD_ShOt (Dec 9, 2012)

I am a needy family and can be the Salvation army if you need me to be 

Glad you got it going


----------

