macabre Posted March 22, 2013 ID:659975 Share Posted March 22, 2013 Hello MrC,I contracted the FBI moneypak virus. I already did the frst scans. Attached are their findings. Thank you!FRST.txtSearch.txt Link to post Share on other sites More sharing options...
MrCharlie Posted March 22, 2013 ID:659980 Share Posted March 22, 2013 This should do it...........OK, here you go......Please carefully carry out this procedure!!!!!!Please download the attached fixlist.txt and copy it to your flashdrive.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options. (as you did before)Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.See if the computer boots normally now.MrCEDIT: attachment removed Link to post Share on other sites More sharing options...
macabre Posted March 22, 2013 Author ID:659981 Share Posted March 22, 2013 I do not. The computer was from a fellow office worker. I was called in after the fact. Link to post Share on other sites More sharing options...
macabre Posted March 22, 2013 Author ID:659984 Share Posted March 22, 2013 Great! I'll get to this Monday the latest since I left the office already. Thanks. Link to post Share on other sites More sharing options...
MrCharlie Posted March 22, 2013 ID:659989 Share Posted March 22, 2013 OK, I know what those files are, but just check back before running the fix in case I change the fixlist.txt though.MrC Link to post Share on other sites More sharing options...
MrCharlie Posted March 23, 2013 ID:660086 Share Posted March 23, 2013 OK, I did change the fixlist.txt script so download and use the one attached here.Also you're also infected with .........You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?http://www.dslreports.com/faq/10451When Should I Format, How Should I Reinstallhttp://www.dslreports.com/faq/10063I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 27, 2013 ID:661536 Share Posted March 27, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts