jstephenson

Thanks for your replies to my questions, they were very helpful. I was just about to suggest this thread be closed and was then going to offer the appropriate thanks...but something very weird just happened and before I consider this closed, I'm wondering if it was/is related... I was browsing the Internet like normal and then suddenly lost Internet connectivity. The broadand connection from my ISP was up, and my other computer worked fine, just not the previously infected computer. I did NOT go to any malicious or obvioulsy unscrupulous sites, only espn.com, cnn.com, and youtube.com, etc. When I noticed this oddity, I imediately shutdown the computer. I admit I did not update Java yet as was suggested earlier but I had planned on doing it tonight. Could I have experienced the beginnings of a re-infection? Do you think the hackers that got me the first time are just trying to re-hit the same machine? Can they even do that? I dont want to necessarily assume this oddity is realted to the prior FBI Moneypack ransomware, but I dont want discount it either, especially since I have not yet corrected the possible entry point (outdated Java). Im a bit afraid to even turn the computer back on to see if the reboot would somehow fix the connectivity issues. Any thoughts on what to do now? Thanks Again

Thank you so much for your help! I will un-install the Java 6 Update 30, update Java, un-install Adobe Reader, and install Foxit Reader as you suggest. I will also perfom the cleanup you outlined. Before we close this close this thread though, I'd be very grateful if you could answer some of my more general questions below. Any information or insight would be greatly appreciated! How worried should I be about other ramifications stemming from this FBI Moneypak breach? Is there anything in particular I should keep an eye out for in the near future? Aside from trying to trick users into sending money via Moneypak, in your experience, is there anything else the authors/distributors of FBI Moneypakl were trying to accomplish? How likely is it that hackers had the ability to steal critical information or documents from my computer? I have tax returns, credit card info, mortgge applications, personal files, social security numbers, etc. on my computer. I think I would like to re-format the entire hard drive, just to be safe. Is this overkill? If not, do you have a recommended step by step site for reinstalling Windows 7? Also, before I would re-format, I would want to put all personal files (pictures, documents, etc) onto an external USB drive. Would I would copy the ransoware onto the USB drive and risk re-exposing my computer after the re-format? Do you think the FBI Moneypak came in because of the Java or Adobe Reader being out of date? Or, what is the most likely source of the breach? Thanks Again!

Attached are the results of the AdwCleaner delete, below are the results of the Security Check. Thanks to review and advise next steps. Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.60.0.1800 Java™ 6 Update 30 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` AdwCleanerS1.txt

I ran AdwCleaner, attached is the log. From what I could tell, nothing looked like something I need/want to keep. But, if you feel otherwise, thanks to let me know. Thanks to review and advise next steps. AdwCleanerR1.txt

I ran ComboFix, attached is the log. Thanks to review and advise next steps. ComboFix.txt

I ran the FRST fix, attached is the log. Also, I installed and ran MBAR. The first scan uncovered two (2) issues, the second scan uncoverd zero (0). Attached is the mbar-log following the second scan, and the system-log. What now? Thanks in advance. Fixlog.txt mbar-log-2013-05-19 (23-01-20).txt system-log.txt

OK. And now I clicked "Finish" and now I rebooted, and have the "Safe Mode with Command Prompt... Running the fixlist now...

I spoke to soon. It just finished... It now says: "Startup Repair cannot repair this computer automatically. Sending more information can help Microsoft create solutions. -> Send information about this problem (recommended) -> Dont Send View Problem Details Problem Signature: Problem Event Name: StartupRepairOffline Problem Signature 01: 6.1.7600.16385 Problem Signature 02: 6.1.7600.16385 Problem Signature 03: unkown Problem Signature 04: 515 Problem Signature 05: AutoFailover Problem Signature 06: 1 Problem Signature 07: NoRootCause OS Version: 6.1.7601.2.1.0.256.1 Locale ID: 1033

I turned the computer back on and pressed F8 to enter BIOS to try and run the fix through FBAR. The BIOS said something about my computer not having been shut down correctly and/or was previoulsy started incorrectly, and/or is unable to start (unfortunaly, I dont remmebr what it said exactly. I think I chose something about Launch Startup Repair (Recommended). Now I seem to be stuck at a "Startup Repair" and the screen says "Startup Repair is checking your system for problems...Attempting Repairs. And its been doing this for about 15 minutes. Should I let it run, or re-attempt to re-boot and get into Command Prompt?

Thanks. Could you please explain to me what this "fix" will do, in general. I'd just like to understand what Im doing before I do it. Also, I noticed what appears to be a focus on Skype. Is this to suggest the breach came through, or is related to Skype? Or is the ransomware masking itself as Skype?

MrCharlie, I have attached the FRST log and a search for services.exe. FRST.txt Search.txt

Thanks MrCharlie. Before I post the logs, I have a question. Should I be concerned about posting my log online? Should I scrub the log in anyway? Thanks in advance.

I've been hit with the FBI Moneypak ransomware on a Windows 7, x64. Rebooting in Safe Mode with Networking results in a white screen and the inability to do anything else. I have the run the Farbar Recovery Scan Tool and performed a search for services.exe. I understand I should provide the FRST scan log and the results of the search but before I do, I have a question. Should I be concerned about posting my log online? I'm only a mildy technical person, but given the nature of this ransomware I'm ultra sensitive, and am very concerned about additional damage caused by this breach. Should I scrub the log in anyway? Or, can someone provide a fixlist without the full log? Thanks in advance for any help! Thanks, John