How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask Steve Herrod Your Own Question

Steve Herrod
Steve Herrod, Computer Support Specialist
Category: Computer
Satisfied Customers: 3289
Experience:  Microsoft and Apple Certified IT Engineer - 13 years experience with home users as well as small, medium and large businesses
65126503
Type Your Computer Question Here...
Steve Herrod is online now
A new question is answered every 9 seconds

Im getting a message on my computer when I log on claiming

This answer was rated:

I'm getting a message on my computer when I log on claiming to be a government site and telling me that as a first time offender in violation of a copyright infringement or child pornography violation and that if I purchase a prepaid charge card in the amount of $500 and follow instructions, said violation will not be reported to the FBI.
I know it's a scam because I don't download anything off the internet, especially porn and if I am in violation of anything and it's truly a government agency requesting payment of a firstime fine, wouldn't it already be on file?
The biggest problem I have is the fact that I cannot log on to my own computer without this message popping up and my anti-spyware program attempting to block an attempt access my computer.
First off, am I mistaken about this being a scam (which I doubt) and two, how do I block their access to my computer seeing as my firewall has been breached?

Steve Herrod :

Hi, I'll be happy to help with this issue

Steve Herrod :

firstly to reassure you, yes - this is a scam

Steve Herrod :

and there are several variants of similar scams doing the rounds

Steve Herrod :

what we will need to do is to try and boot into your account using Safe Mode with Networking

Steve Herrod :

and from there, download, install and run Malware Bytes

Customer:

I thought so. Do I have any options that you know of other than wiping my hard drive, to remove their program that is denying me access to my computer/

Steve Herrod :

are you on a different computer right now?

Customer:

NO, I'm on the same computer, but don't have admin privleges. I have MalewareBytes already installed and have run it. It isn't showing any malicious activity.

Steve Herrod :

thanks - is that with a full MalwareBytes scan?

Customer:

yes it was

Steve Herrod :

ok - we will need to reboot and login to your account via Safe Mode

Steve Herrod :

and then delete some files from there

Steve Herrod :

I can list the files/instructions here and then you can give that a try?

Customer:

If I reboot in safe mode, will I have admin privleges. Sorry, I'm not very computer literate , but I know that I set up the admin acct. so the kids wouldn't be able to access certain programs, etc.

Steve Herrod :

Yes, you'll have admin privileges

Steve Herrod :

and able to run explorer etc

Customer:

If you can list them, that'd be great.

Steve Herrod :

ok - I'll start listing them below

Steve Herrod :

1. Restart the computer and tap F8 to display the Windows boot menu

Steve Herrod :

2. Choose Safe Mode

Steve Herrod :

3. Login with your normal user account

Steve Herrod :

4. Open Windows Start Menu and type %appdata% into the search field and press Enter.

Steve Herrod :

5. Navigate to: Microsoft\Windows\Start Menu\Programs\Startup

Steve Herrod :

6. Remove ctfmon

Steve Herrod :

7. Open Windows Start Menu and type %userprofile% into the search field and press enter.

Steve Herrod :

8. Navigate to: Appdata\Local\Temp

Steve Herrod :

9. Remove rool0_pk.exe

Steve Herrod :

10. Remove [random].mof file

Steve Herrod :

11. Remove V.class

Steve Herrod :

Just in case:

Steve Herrod :

The virus files may have names other than “rool0_pk.exe” but file names should appear similar with the same style of markup. There may also be 2 files, 1 being a .mof file. Removing the .exe file will fix FBI Moneypak. The class file uses a java vulnerability to install the virus and removal of V.class is done for safe measure.

Steve Herrod :

If for some reason any files or folders aren't visible

Steve Herrod :

you may need to choose the option to display hidden folders

Steve Herrod :

Like this:

Steve Herrod :


    • Access the Window’s start menu

    • In the search bar type “folder options



[IMAGE][SRC][/SRC][ALT][/ALT][WIDTH]214.7826086956522[/WIDTH][HEIGHT]100[/HEIGHT][STYLE][/STYLE][/IMAGE]




    • Press Enter or Click the Folder Options folder in the query

    • Select the “View” tab

    • Under “Hidden files and folders” select the radio button which says “Show hidden files, folders, and drives



[IMAGE][SRC][/SRC][ALT][/ALT][WIDTH]82.25469728601253[/WIDTH][HEIGHT]100[/HEIGHT][STYLE][/STYLE][/IMAGE]



  • Click the Apply button on the bottom of the window, then click OK

Steve Herrod :

Once those steps have been followed, then the virus should be removed and restarting the machine should let you access the account again normally

Customer:

Thanks for your help. I'll be sure to give you excelent feedback. Thanks again, my wife and I were both freaking out over this.

Steve Herrod :

no problem - happy to help

Customer:

Awesome service, thanks again

Steve Herrod and 3 other Computer Specialists are ready to help you