Moneypak virus :(

[Tanzoo]

Hi, today I somehow got the moneypak virus and have tried getting into safe mode, repair from startup and restoring from a recent date, but when I try to restore from a different date it says I do not have any restore points. I turned my computer on normally and signed in and my desktop is there, but after a few seconds I get a message asking me to select a device- Xsplit or hauppauge hd pvr. Once I select one of these my screen turns white and I receive the moneypak lock screen. When I press the off button it dissapears and my dekstop is there but I do not have time to do anything before my computer turns off :/ any help would be much appreciated thanks.

[Tanzoo]

just got on to my desktop and am doing a scan with malwarebytes now nothing found so far

[MrCharlie]

What's the operating system?? XP, Vista, W7 or W8?

MrC

[Tanzoo]

Malware found 2 trojans one to do with skype and one called winlogon|shell which I just removed booted pc up again and its fine doing a full scan now with malwarebytes

[Tanzoo]

Thanks for offering help MrCharlie but I think its fixed now much appreciated

[MrCharlie]

If you say so but that infection is often bundled with other nasty malware such as ZeroAccess, a backdoor trojan.

When you get done scanning..........

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

[Tanzoo]

will get onto that as soon as this scan finishes thanks

[Tanzoo]

Just finished the malware scan and got no results back and followed on to do the roguekiller scan and this is what I got back.

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Dave [Admin rights]

Mode : Scan -- Date : 04/18/2013 21:59:28

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] CurseClient.exe -- C:\Users\Dave\AppData\Local\Apps\2.0\CQG93M9H.DTL\KXZMD9X3.TDN\curs..tion_9e9e83ddf3ed3ead_0005.0001_35ab96b41397406c\CurseClient.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD15EARS-22MVWB0 +++++

--- User ---

[MBR] 1493e278c2f29a25424de5175b45283e

[bSP] 0386422b1a1899d4da06a1b45f5a057e : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 19456 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 39847936 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 40052736 | Size: 705486 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1484888064 | Size: 705755 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_04182013_02d2159.txt >>

RKreport[1]_S_04182013_02d2159.txt

[MrCharlie]

It looks OK...no ZA infection.

How is it??

MrC

[Tanzoo]

computer is running fine should I press delete on the 6 ticked items that came up on roguekiller or just leave them? thanks

[MrCharlie]

No they're OK.

Lets check your computers security before you go.

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt.
  
• Please Post the contents of that document.
  
• Do Not Attach It!!!
  

MrC

[Tanzoo]

Done, looks like my firewall is off did not realise :S

Results of screen317's Security Check version 0.99.62

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

McAfee Anti-Virus and Anti-Spyware

AVG Premium Security 2013

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 7 Update 11

Java version out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

AVG avgwdsvc.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

Symantec Norton Online Backup NOBuAgent.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

[MrCharlie]

Out dated programs on the system are vulnerable to malware.

Please update or uninstall them:

Java 7 Update 11 <---please update, should be Update 21

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now

Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here

Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

-------------------

Adobe Reader 9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe.

-----------------

Google Chrome 26.0.1410.43 <---OLD

Google Chrome 26.0.1410.64 <---OK

You have old versions of Google Chrome on the system.

Please download and run OldChromeRemover.

@Windows Vista/Windows 7-8 users must use “Run As Administrator.”

-----------------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Tanzoo]

Thanks so much really helped me out I will get working on updating these things now thanks again really appreciate it!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!