FBI MoneyPak

[John040608]

I have tried to go into each type of safe mode but as soon as I log on it restarts my computer. I have seen much success from the help on this forum and I am hopeful that you will be able to help me too. I am running Windows 7 64-bit.

I have gone through the first step and have the information available for the second step where the personalized code is written and used.

FRST.txt

And I got this message when I did the services.exe search.

Search.txt

Any help you can lend will be greatly appreciated.

Thanks in advance.

John

[Maurice Naggar]

Hello John and welcome to MalwareBytes forum.

There is some bad news. The system has the Zero access rootkit.

Backdoor trojan warning:ZeroAccess / Sirefef

This system has some serious backdoor trojans. ZeroAccess / Sirefef

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

See this article on creating strong passwords http://www.microsoft.com/security/online-privacy/passwords-create.aspx

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Let me know what you decide.

[John040608]

So, I'm in some trouble then. It sounds like my only option is to completely wipe my computer, right? I have never wiped a computer before is it possible to get direction on how to go about it?

Will the wipe completely remove the virus?

I'm sure I will have more questions but can't think all that clearly at the moment.

[Maurice Naggar]

There are two options. a) wipe system and start from scratch, which is the only way to be 100 % sure of safety.

A wipe and redo from scratch means you will need to have your Windows o.s. CD/DVD or have access to your manufacturer's restore partition on the HDD.

All of your application programs will have to be installed from scratch. And you will lose all personal files & documents, etc.

b) Hunt down and remove remains of malware, but without any guarantee.

We do have a good record of removing the malware, if that is what you decide to do.

BUT 2 things you must do:

1) protect yourself by putting on an identity theft watch ( as noted before) and changing all passwords by using another but clean computer.

2) IF you have no backup of your personal files or documents - before this point - do so now before we start anything.

Malware removal can sometimes be un-predictable.

I gave you the trojan warning so that you are fully aware of the magnitude of the situation.

[John040608]

I just got off the phone with my bank and credit card companies. Is there anyone else that I should notify about my possible identity theft?

I want to be certain that the virus has been removed. I have my documents backed up on an external hard drive. I am not sure if I have a reinstall disc nor am I sure I can access the restore partition. How would I go about accessing my reinstall partition?

[Maurice Naggar]

You want to watch your bank accounts and credit card accounts, and any of those you may have had account numbers stored on your computer.

As mentioned before, follow => Consumers – Identity Theft http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/index.html

What is the brand manufacturer of your computer? The computer manufacturer's website will have procedures for ggetting started on doing a factory restore from the hidden partition on your hard drive. Check out your pc manufacturer's support website.

Since a clean install will result in the loss of all your personal files & documents, you will want to back them up / copy to Offline media beforehand.

For all the files, documents, personal stuff you back-up..... after all is done & you have the new Windows setup, and Antivirus installed, and MBAM.....

then I would scan any files you restore with 1) antivirus, 2) MBAM.

If you have the Windows 7 operating system DVD, set pc to boot from it, restart the system and boot from DVD. You'll want to first delete the existing Wdinows 7 partition, then do a new install of Windows 7.

If you do not have the Windows 7 DVD, check with your pc maker's support site for the directions on doing a factory restore.

Once you have Windows restored, be sure if the OEM included any antivirus that you un-install it, and install your own.

Be sure you make a visit to Windows Update to insure your Windows is all up-to-date.

Keep your pc disconnected from internet before & during the Windows clean install.

Only reconnect after the antivirus program is installed.

IF and only if your OEM or vendor included a pre-installed antivirus, be sure to Uninstall it before installing your antivirus.

Best to you. Good luck.

Backups are your pc's best friend.

[John040608]

I have an hp. I got back in 2009.

Do you recommend an antivirus? What does MBAM stand for?

I'm going to be out of town for about a week. I haven't been able to mess with my computer because of pulling everything together. Can you keep the thread open so when I come back if I have questions I can post them?

[Maurice Naggar]

For antivirus, if cost is an issue, two good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

MBAM is MalwareBytes' AntiMalware, the best in the universe & the industry leader.

MBAM is an excellent app to have on your system, in addition to antivirus program.

I would urge you to consider having the PRO edition for its real-time protection.

The cost is low and is a one-time fee, without annual renewal, and can be migrated to a new pc in future if & when you get new hardware.

http://www.malwarebytes.org/products/malwarebytes_pro/

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!