Jump to content

FBI moneypack virus help removing


Recommended Posts

Hello I was needing some help in removing the FBI moneypack virus the current and most latest verision of this virus. The one that does not allow any operating functions and completely hijacks the operating system. Therefore not allowing me to try any of the other solutions being entering safe mode, safe mode with networking, or safe mode with command prompt. I have read a previous post involving this topic in which using FRST64.exe file to repair the computer in the safe mode screen and have now run the file and also have the saved file log. Now I'm needing help in finalizing the process to rid my laptop of the virus. I'm at the phase where users have been provided with specific codes to solving and continuing the process specific to that machine. I would greatly appreciate any help provided and would be thankful if getting some assistance in solving this issue. Thanks in advance.

I will submit and upload the saved file log since copying and pasting makes this post too long to post.

Thanks for your help.FRST.txt

Link to post
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Hello User13 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKU\Omar Ibanez\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Omar Ibanez\Documents\60556136.exe [25088 2013-05-14] ()

HKU\Omar Ibanez\...\Winlogon: [shell] cmd.exe [363008 2008-01-20] (Microsoft Corporation)

AppInit_DLLs: [0 ] ()

2013-05-14 19:39 - 2013-05-14 19:39 - 01096061 ____A C:\Users\Omar Ibanez\AppData\Local\2433f433

2013-05-14 19:39 - 2013-05-14 19:39 - 01096028 ____A C:\Users\Omar Ibanez\AppData\Roaming\2433f433

2013-05-14 19:39 - 2013-05-14 19:39 - 01096017 ____A C:\ProgramData\2433f433

2013-05-14 19:38 - 2013-05-14 19:38 - 00025088 ____A C:\Users\Omar Ibanez\Documents\60556136.exe

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKLM-x32\...\Run: [] [x]

C:\Users\Omar Ibanez\AppData\Local\2433f433

C:\Users\Omar Ibanez\AppData\Roaming\2433f433

C:\ProgramData\2433f433

C:\Users\Omar Ibanez\Documents\60556136.exe

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

Ok I have done as you said and here is the fixlog.txt log created after done.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2013

Ran by SYSTEM at 2008-01-01 21:44:20 Run:2

Running from F:\

Boot Mode: Recovery

==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

==== End of Fixlog ====

Link to post
Share on other sites

It's strange why didn't delete those files. Could you please repeat with the following script:

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

C:\Users\Omar Ibanez\AppData\Local\2433f433

C:\Users\Omar Ibanez\AppData\Roaming\2433f433

C:\ProgramData\2433f433

C:\Users\Omar Ibanez\Documents\60556136.exe

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

Ok ran again and here is the fix log results.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2013

Ran by SYSTEM at 2008-01-01 22:07:34 Run:3

Running from F:\

Boot Mode: Recovery

==============================================

C:\Users\Omar Ibanez\AppData\Local\2433f433 => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Is every single entrie on a new line? There is something very strange. Your script there should looks like mine here:

C:\Users\Omar Ibanez\AppData\Local\2433f433

C:\Users\Omar Ibanez\AppData\Roaming\2433f433

C:\ProgramData\2433f433

C:\Users\Omar Ibanez\Documents\60556136.exe

The strange thing is that FRST delete every file which is on the first line. There is no action for the other.

Link to post
Share on other sites

Ok I did again and now here is new fixlog.txt.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2013

Ran by SYSTEM at 2008-01-01 22:43:13 Run:5

Running from F:\

Boot Mode: Recovery

==============================================

C:\Users\Omar Ibanez\AppData\Local\2433f433 => File/Directory not found.

C:\Users\Omar Ibanez\AppData\Roaming\2433f433 => Moved successfully.

C:\ProgramData\2433f433 => Moved successfully.

C:\Users\Omar Ibanez\Documents\60556136.exe => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

No problem. :)

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • ComboFix log

Link to post
Share on other sites

Ok I now rebooted normally and a command prompt has appeared.

Saying that "C:\Users\Omar Ibanez\Documents\60556136.exe is not recognized as an internal operable program or batch file."

and now im at the line C:\Windows\system32>

Link to post
Share on other sites

Hey Maniac,

I tried doing the steps you instructed, but its not loading normally the laptop I mean. I only am getting the command prompt message, and when I close it the screen stays black and blank with nothing running or the system doing anything. I can not get the programs installed. How do I bypass this command prompt and get the operating system to boot normally? Or is there anyway to do so now from this step? I would appreciate your help.

Link to post
Share on other sites

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKLM-x32\...\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1297728 2013-02-23] (Spigot, Inc.)

HKU\Omar Ibanez\...\Winlogon: [shell] cmd.exe [363008 2008-01-20] (Microsoft Corporation)

C:\Users\Omar Ibanez\AppData\Roaming\Babylon

C:\ProgramData\Babylon

C:\Users\Omar Ibanez\AppData\Local\CRE

C:\Users\Omar Ibanez\AppData\Local\_

C:\Users\Omar Ibanez\AppData\Local\Conduit

C:\Users\Omar Ibanez\AppData\Roaming\WhiteSmokeTranslator

C:\Program Files (x86)\Conduit

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.