Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win xp fbi virus and live security platinum


  • Please log in to reply
24 replies to this topic

#1 larrym_nj

larrym_nj

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 08 August 2012 - 03:55 PM

hello everybody, i am having a big problem , my decktop is running win xp but picked up both of these viruses, i am able to get past the live platinum but the fbi moneypack is locking everything up, now when i try to start in any safe mode i get the blue screen all the time, the only thing i can think of doing is taking out the hard drive and hooking that up to laptop to run norton virus scan but i am wondering if i do that will it infect my laptop ? so any and all help is appreciated, i have read and tried most of what everybody says but my big problem is if i let win xp load normally it goes to moneypack virus and if i try to boot into any safe mode i get blue screen, any ideas ??? thanks ,larry

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:20 PM

Posted 08 August 2012 - 08:55 PM

Hello, Larry... have you gone thru our Guide yet?
Remove the FBI MoneyPak Ransomware or the Reveton Trojan
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 larrym_nj

larrym_nj
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 08 August 2012 - 10:30 PM

i am reading these and my problem is that i cannot boot into any form of safe mode , when i do i always get the blue screen of death with the error message # 0x0000007b, dont know if that helps at all, after reading a little more and it says to try to go to run and type msconfig and i try that also but it tells me that it is not working because of a virus and then automatically goes to the fbi page, i am lost, have no idea what to do, larry

Edited by larrym_nj, 08 August 2012 - 10:35 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:20 AM

Posted 09 August 2012 - 07:33 AM

Hello, does this BSOD occur only in safe mode now or also in normal mode?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 larrym_nj

larrym_nj
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 09 August 2012 - 09:24 AM

it only shows when i try to boot into safe mode but if i let it boot into normal mode the fbi virus locks up the computer, thanks, larry

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:20 AM

Posted 09 August 2012 - 09:30 AM

Do you have an XP CD and/or the possibility to burn a CD?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 larrym_nj

larrym_nj
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 09 August 2012 - 11:01 AM

dont know if we still have the cd but if we do is there a way to fix this issue ? thanks again for any help, larry

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:20 AM

Posted 09 August 2012 - 12:33 PM

Yes, there are different ways in fact, some easier, others more difficult. :)

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download rst.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named enum.log
  • Remove the USB drive and insert it back in your working computer and navigate to enum.log

    Please note - all text entries are case sensitive
Copy and paste the enum.log for my review

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 larrym_nj

larrym_nj
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 09 August 2012 - 02:47 PM

if i was to take out the ard drive and hook it up to my laptop would norton be able to remove it all or would i still need to download those other programs ?

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:20 AM

Posted 09 August 2012 - 03:27 PM

No, Norton will not be albe to remove it, as the problems (loading point of the malware) is in the registry, and not in the file system. Norton will not be able to scan the registry of a slaved drive.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 larrym_nj

larrym_nj
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 09 August 2012 - 10:03 PM

ok is it easier for me to try to burn the cd GETxPUD.exe and do it that way or can i clean it as a slaved drive from my clean computer ? if i can clean it as a slaved drive what programs do i need to do that ? thank you again for all your help and patients , larry

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:20 AM

Posted 10 August 2012 - 02:43 AM

if i can clean it as a slaved drive what programs do i need to do that ? thank you again for all your help and patients , larry

That would involve manually loading the registry hives and browsing through them to see what needs fixing, something I wouldn't recommend unless you know fairly well what you're doing. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 larrym_nj

larrym_nj
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 10 August 2012 - 09:34 AM

hi again , here are the logs you requested


30.5M Aug 8 21:09 /mnt/sda1/WINDOWS/system32/config/software
10.3M Aug 8 21:09 /mnt/sda1/WINDOWS/system32/config/system

29.6M May 18 19:10 /sda1/~/RP1524/~SOFTWARE
29.6M May 30 17:38 /sda1/~/RP1525/~SOFTWARE
29.8M Jun 9 20:05 /sda1/~/RP1526/~SOFTWARE
29.8M Jun 9 21:25 /sda1/~/RP1527/~SOFTWARE
29.8M Jun 16 17:09 /sda1/~/RP1528/~SOFTWARE
29.8M Jun 16 19:14 /sda1/~/RP1529/~SOFTWARE
29.8M Jun 20 23:00 /sda1/~/RP1530/~SOFTWARE
29.8M Jun 27 18:38 /sda1/~/RP1531/~SOFTWARE
29.8M Jul 9 14:39 /sda1/~/RP1532/~SOFTWARE
29.8M Jul 15 23:51 /sda1/~/RP1533/~SOFTWARE
29.8M Jul 17 12:12 /sda1/~/RP1534/~SOFTWARE
30.4M Jul 24 22:30 /sda1/~/RP1535/~SOFTWARE
30.4M Jul 27 19:16 /sda1/~/RP1536/~SOFTWARE
30.4M Aug 6 21:45 /sda1/~/RP1537/~SOFTWARE
30.4M Aug 7 18:59 /sda1/~/RP1538/~SOFTWARE
9.6M May 18 19:10 /sda1/~/RP1524/~SYSTEM
9.6M May 30 17:38 /sda1/~/RP1525/~SYSTEM
9.6M Jun 9 20:05 /sda1/~/RP1526/~SYSTEM
9.6M Jun 9 21:25 /sda1/~/RP1527/~SYSTEM
9.6M Jun 16 17:09 /sda1/~/RP1528/~SYSTEM
9.6M Jun 16 19:14 /sda1/~/RP1529/~SYSTEM
9.6M Jun 20 23:00 /sda1/~/RP1530/~SYSTEM
9.6M Jun 27 18:38 /sda1/~/RP1531/~SYSTEM
9.6M Jul 9 14:39 /sda1/~/RP1532/~SYSTEM
9.6M Jul 15 23:51 /sda1/~/RP1533/~SYSTEM
9.6M Jul 17 12:12 /sda1/~/RP1534/~SYSTEM
9.6M Jul 24 22:30 /sda1/~/RP1535/~SYSTEM
9.6M Jul 27 19:16 /sda1/~/RP1536/~SYSTEM
9.6M Aug 6 21:45 /sda1/~/RP1537/~SYSTEM
9.6M Aug 7 18:59 /sda1/~/RP1538/~SYSTEM

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:20 AM

Posted 10 August 2012 - 09:46 AM

Please reboot in xPUD and navigate to your usb drive. Click Tool > Open Terminal.

Type the following and press enter.

bash rst.sh -r

Type 1536 and press enter.

Now attempt to restart your computer normally and try safe mode (normal mode will most likely still not work, but with a bit of luck safemode should no longer BSOD now).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 larrym_nj

larrym_nj
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 10 August 2012 - 09:55 AM

should i remove cd and usb drive then try to reboot into safe mode

it also says , no such file or directory and when i typed in 1536 command not find

Edited by larrym_nj, 10 August 2012 - 10:03 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users