vm224 :
Redds I have the same problem using Hitman Pro.
Any idea what to do?
Here is what I did to solve it (pasting the text that I gave the client):
<snip>
FBI moneypak ransomware is described on
http://deletemalware.blogspot.com/2012/07/remove-fbi-moneypak-ransomware.html
Per the link, the ransomware screen requests $100 ransom in order to unlock the computer, however the removal steps seem easy: just boot into safe mode command prompt and type commands and problem solved, right?
Unfortunately, this virus is much worse, it demands $300, and none of the removal steps work. There is no way to boot into safe mode or get a command prompt, since the FBI warning appears no matter how it it booted.
I created a bootable CD for a virus removal tool called "hitman pro", but the program froze on the startup screen.
So I created a bootable USB stick with hitman pro, which enabled me to get into the hitman pro startup screen which gives 3 boot options (bypass, regular, and legacy)
Unfortunately, all boot options simply bring up an error screen about winload.exe failing the windows digital signature test.
At this point I needed either a recovery disk or the original windows 7 installation disk that should have come with the computer. Neither was available so I took the computer home to research more and try to find a necessary disk that supposedly would fix this.
At home, I found a way to create a windows 7 recovery disk, and I boot off it. However when I try to run the startup repair, it gives an error message: "this version of system recovery options is not compatible with the version of windows you are trying to repair"
At least I'm able to get to a DOS prompt, so I am able to replace the corrupted winload.exe with a version from the recovery disk.
However, then when I boot, I get a message that another file failed the digital signature test: ntoskrnl.exe ...so I replace that file and attempt to restart.
Same thing with two more files that are each replaced before rebooted: hal.dll and kdcom.dll
After replacing all these files, I get the following message when trying to boot: windows failed to load because the kernel is missing, or corrupt
Next I restored the 4 corrupted files that I had replaced, do more research and try to disable digital signature enforcement with the following command:
bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
It gives me the following error message: "an error occurred while attempting to reference the specified entry. the system cannot find the file specified"
I try to rebuild the bcd (boot configuration data) per
http://pcsupport.about.com/od/fixtheproblem/ht/rebuild-bcd-store-windows.htm
I exporting the installation parameters, then rebuilding the bcd with "bootrec /rebuildbcd" and this seems to work
so I again try to disable digital signature enforcement with the previously mentioned bcdedit command, but this time it gives a different error message: "the subsystem needed to support the image type is not present"
I rebuild the master boot record: BootRec.exe /fixmbr, and I also try bootrec /fixboot
I conclude the boot record is fine, but the problem is I cant get booted into hitman pro to fix the virus because of the corrupted OS files that prevent me from disabling digital signature enforcement. I can disable digital signature enforcement by hitting F8 upon boot, but that boots me into the FBI virus screen, not into hitman pro.
I don't have the option of reverting to a previous restore point because there are are no system restore points (possibly due to the virus deleting them?)
I obtained a windows 7 home premium (64 bit) installation DVD, booted off it, and when I attempt to run recovery tools like startup repair, I saw the same message as with the recovery disk ""this version of system recovery options is not compatible with the version of windows you are trying to repair", so I obtain a newer SP1 version of the win7 installation and got the same exact message, which I know is not correct.
I manage to get startup repair to run anyway by aborting from the system image restore screen! It runs for about half a minute then says "startup repair cannot repair this computer automatically"
when I click problem details, it says as problem signature 07: "NoOsInstalled"
Finally I stumbled upon a trick where I was able to copy the last backed up windows registry into the active registry. From there I was able to reboot into windows, with about a minute before the FBI warning shows up again, but through repeated reboots I was able to load malwarebytes anti-malware and run a full scan to remove the malware.
To help that it wouldn't happen again, I also disabled all programs set to autostart in the registry.
I made sure system restore was active and created a restore point. Also loaded an application called SecuBrowser which acts as a "sandbox" for the browser, so that surfing with firefox under SecuBrowser will be far less likely to progagate malware into the computer.
Facebook
Twitter
Instagram