Jump to content

FBI Moneypack Virus Windows 7-Please help


Recommended Posts

Every time I run the scan, near the very end it says the program has ended and asks me to choose checking online for a solution or ending the program. I picked check online for a solution and this is the log that came after that.

 

C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2M2H0A7\afr[4].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2M2H0A7\afr[5].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2M2H0A7\afr[6].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q83ZV0EH\channel-reward-central_com[1].htm HTML/Fraud.BG trojan 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RHD181CX\afr[2].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WG32QT48\afr[1].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WG32QT48\neostrata[1].htm JS/Iframe.CV trojan 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI0HQO81\afr[1].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI0HQO81\afr[2].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI0HQO81\afr[3].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[2].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[3].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[4].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[5].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\5f4b043d-565cdced Java/Exploit.CVE-2012-1723.DZ trojan 
 

Link to post
Share on other sites

No worries, we'll just clear them out manually ;).

 

----------Step 1----------------
We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
     

    :OTL
    [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    [2 C:\Users\Rita Nicole\Desktop\*.tmp files -> C:\Users\Rita Nicole\Desktop\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    :Files
    C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2M2H0A7\afr[4].htm
    C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2M2H0A7\afr[5].htm
    C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2M2H0A7\afr[6].htm
    C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q83ZV0EH\channel-reward-central_com[1].htm
    C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RHD181CX\afr[2].htm
    C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WG32QT48\afr[1].htm
    C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WG32QT48\neostrata[1].htm
    C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI0HQO81\afr[1].htm
    C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI0HQO81\afr[2].htm
    C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI0HQO81\afr[3].htm
    C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[2].htm
    C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[3].htm
    C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[4].htm
    C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[5].htm
    C:\Users\Rita Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\5f4b043d-565cdced

    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]

     

  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

----------Step 2----------------
Instructions for DELETE:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Afterwards, please reboot the computer.


----------Step 3----------------
Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

Link to post
Share on other sites

Great thanks, here come the logs.

Also, every time I restart the computer it ask me about Register LP, I always click no because I am not sure what that is.

 

All processes killed
========== OTL ==========
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
C:\Users\Rita Nicole\Desktop\~WRL3059.tmp deleted successfully.
C:\Users\Rita Nicole\Desktop\~WRL3536.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
========== FILES ==========
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2M2H0A7\afr[4].htm moved successfully.
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2M2H0A7\afr[5].htm moved successfully.
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2M2H0A7\afr[6].htm moved successfully.
File\Folder C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q83ZV0EH\channel-reward-central_com .htm C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RHD181CX\afr[2].htm not found.
File\Folder C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WG32QT48\afr .htm C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WG32QT48\neostrata .htm C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI0HQO81\afr .htm C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI0HQO81\afr[2].htm not found.
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI0HQO81\afr[3].htm moved successfully.
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[2].htm moved successfully.
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[3].htm moved successfully.
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[4].htm moved successfully.
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[5].htm moved successfully.
C:\Users\Rita Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\5f4b043d-565cdced moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Rita Nicole
->Temp folder emptied: 33017277 bytes
->Temporary Internet Files folder emptied: 2183775970 bytes
->Java cache emptied: 2820236 bytes
->FireFox cache emptied: 871133633 bytes
->Flash cache emptied: 194982 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82458790 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304080 bytes
RecycleBin emptied: 5653180 bytes
 
Total Files Cleaned = 3,072.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Rita Nicole
->Java cache emptied: 0 bytes
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Rita Nicole
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07172013_145730

Files\Folders moved on Reboot...
C:\Users\Rita Nicole\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\Amazon Digital Video\Servicelog.adv scheduled to be moved on reboot.
C:\Windows\temp\HideMyIpSRV.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

# AdwCleaner v2.305 - Logfile created 07/17/2013 at 15:19:50
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Rita Nicole - RITANICOLE-PC
# Boot Mode : Normal
# Running from : C:\Users\Rita Nicole\Desktop\AdwCleaner.exe
# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

File : C:\Users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1469 octets] - [03/07/2013 05:39:22]
AdwCleaner[R2].txt - [1638 octets] - [03/07/2013 05:44:10]
AdwCleaner[R3].txt - [807 octets] - [17/07/2013 15:19:50]
AdwCleaner[s1].txt - [1818 octets] - [03/07/2013 05:44:56]

########## EOF - C:\AdwCleaner[R3].txt - [926 octets] ##########

Link to post
Share on other sites

The prompt is for REgisterLSP.exe actually.

# AdwCleaner v2.305 - Logfile created 07/17/2013 at 15:21:27
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Rita Nicole - RITANICOLE-PC
# Boot Mode : Normal
# Running from : C:\Users\Rita Nicole\Desktop\AdwCleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

File : C:\Users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1469 octets] - [03/07/2013 05:39:22]
AdwCleaner[R2].txt - [1638 octets] - [03/07/2013 05:44:10]
AdwCleaner[R3].txt - [994 octets] - [17/07/2013 15:19:50]
AdwCleaner[s1].txt - [1818 octets] - [03/07/2013 05:44:56]
AdwCleaner[s2].txt - [926 octets] - [17/07/2013 15:21:27]

########## EOF - C:\AdwCleaner[s2].txt - [985 octets] ##########

Link to post
Share on other sites

Things look good. Judging by your last few logs, I'd say your system is clean. :)

Before we move on, please take the time to install the following updates. Program updates are a critical part of your computer's safety net, as outdated applications leave you vulnerable to malware.

 

---------

Upgrade Java : (64 bits)

  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 3 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Check the box that says: "Accept License Agreement.".
  • Click on the link to download Windows Offline Installation 64 bit ( jre-7u3-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u3-windows-x64.exe and select "Run as an Administrator.")

---------

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

---------

 

Firefox is out of date.  Using an outdated version of a web browser leaves you extremely vulnerable to malware!
Please visit Mozilla site  and update it to the latest version.

 

---------

Please let me know how the updates went, as failed updates may be due to malware.

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefindRegisterLSP.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.