Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus - Lockscreen MoneyPak


  • Please log in to reply
3 replies to this topic

#1 PR2

PR2

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 12 October 2012 - 10:17 AM

Hello

My computer is infecetd with a lockscreen virus of some sort. Its telling me thta I need to go to Walgreens, Kmart and purchase a moneypak card to receive a code to unlock the computer. ESET smart security theat screen came up identifying Win32/Lockscreen.ALD trojan and said it was unable to clean.

Any help would be greatly appreciated!


PR2

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:15 PM

Posted 12 October 2012 - 10:59 AM

I guess you can access the desktop

Boot into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:12:15 PM

Posted 12 October 2012 - 11:00 AM

Take a look here: Remove the FBI MoneyPak Ransomware or the Reveton Trojan

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#4 destiny11x

destiny11x

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 14 October 2012 - 06:36 PM

Hi, I was able to wipe a lot of the virus out with the guides listed on this website but when I ran a mini toolkit everything was comparable until the errors part which listed this:

ystem errors:
=============
Error: (10/14/2012 06:01:04 PM) (Source: DCOM) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (10/14/2012 05:09:18 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.137.1734.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/14/2012 05:09:18 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/14/2012 05:07:51 PM) (Source: DCOM) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (10/14/2012 05:00:39 PM) (Source: Service Control Manager) (User: )
Description: MpFilter
spldr
Wanarpv6
ycsgvj

Error: (10/14/2012 05:00:39 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (10/14/2012 04:59:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll21

Error: (10/14/2012 04:59:28 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/14/2012 04:59:26 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/14/2012 04:59:24 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

I've run microsoft essentials, malaware bytes, avasti, super antispyware, tdsskiller, eset online scanner and the mini toolbox. the anti viruses are now coming up clean. Am I ok?

Help Please!

Edited by destiny11x, 14 October 2012 - 08:41 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users