Jump to content

Moneypak and FBI virus defeating safe mode


Recommended Posts

Hello,

I'm a paying custome of Malwarebytes.

To date, I've been infected with the subject virus 3 times while being protected by MB. I've usually been able to get around it by logging on with a different admin account, scanning, deleting, etc.

However, the virus is now a bit more sophistcated in that it has infected all of my accounts now.

At this stage, I can not boot up in normal, safe mode, safe mode with networking, safe mode with command prompt, or debug. I tried booting with the last known good configuration with no success.

Logging in normal or debug mode puts me to the moneypak screen. Use of contol-alt-delete does either produces an errror code or once the screen selection appears, clicking on Taskmaster puts the computer into reboot mode.

I've read through the various postings on this virus, and I'm not sure how to go about getting past the Moneypak screen to install or scan. I have a spare laptop which I'm using now, and a clean flash drive. The infected computer is running Windows Vista and is upgraded daily with the MB updates.

I noticed during the last infection that there were new files in the c/users/admin/temp folder that were executables and the appeared to launch my camara app. They could not be deleted by righ clicking as a left or right click on them instantly launched the cam app. This is clearly tied into the virus as it took a snapshot of me to make it look more authentic. I've various tools on the system (erunt, etc) but obviously can't access the as I can't get past the Moneypak screen.

To be clear...at this point, I can not scan anything, and thus, can't download a log file to give you information. Any help would be appreciated.

Regards,

Scott

Link to post
Share on other sites

Welcome to the forum, here's how we deal with that malware:

  1. Please download Farbar Recovery Scan Tool and save it to a flash drive.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    Plug the flash drive into the infected PC.
  2. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
    If you are using Vista or Windows 7 enter System Recovery Options.
    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

[*]On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
      Select Command Prompt
      Once in the Command Prompt:

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

Link to post
Share on other sites

Mrc,

I'm feeling dumb right now. I downloaded the file to my flash drive, but when following the instruction for Vista:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.

There is no "Repair your computer" option. There is a domain directory recovery, but I'm pretty sure that isn't it.

Can you clear this up for me?

Thanks!

Link to post
Share on other sites

Would it help to know that I've donated? :)

I don't work according when and what people donate, most people don't even donate.

In my free time I help out on the forum, this means when I eat dinner...I can't work on the forum.

So that being said, see if you can create a Kaspersky/Unlocker disk as outlined near the bottom of this post:

http://maddoktor2.co...ic,55928.0.html

You can make a cd or use it on a usb flash drive.

Let me know.....MrC

Link to post
Share on other sites

I've been able to create the Kespersky recovery usb, and have setup BIOS to boot from the USB.  On boot up, I get all the necessary screens but continue to receive a Kernel panic - not syncing message.  I'm not sure why to be honest.  I've used Kespersky's most recent ISO as I found they tend to lag in their updates, so everything should work.  The USB is FAT32 formatted.  Any thoughts?  I'm about to wipe the USB again and start over as it may be something as simple as a corrupt file.  I do get slightly different messages using Graphic mode vs Text mode, and in Text mode, the system insists on entering a continuos reboot mode as it insists the PC was not shut down properly (appears to see "run" command as already in use from best I an tell).

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.