Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Moneypack Virus


  • Please log in to reply
7 replies to this topic

#1 gottagokw

gottagokw

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 02 November 2012 - 01:01 PM

Virus comes up soon after starting computer.

Unable to sign on under different user names without virus eventually loading.

Safe Mode with Networking is still clean.

Launched safe mode with networking and ran updated version of Malwarebytes Anti-Malware and it is unable to detect anything under full scan.

Determined that the folder hellomotto was loaded every time and from other posts appear that this is linked to virus. However, the virus comes back in regular mode and installs the hellomotto folder.

Any ideas?


*Moderator Edit: Moved topic from XP to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 02 November 2012 - 01:09 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:23 AM

Posted 02 November 2012 - 01:03 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 gottagokw

gottagokw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 02 November 2012 - 01:10 PM

I can only work in safe mode with networking.

Do I download and run in safe mode with networking?

Thanks

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:23 AM

Posted 02 November 2012 - 01:18 PM

Yes

Edited by narenxp, 02 November 2012 - 01:18 PM.


#5 gottagokw

gottagokw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 02 November 2012 - 01:25 PM

wireless network unavailable on infected laptop computer

trying to get online now

#6 gottagokw

gottagokw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 02 November 2012 - 01:39 PM

in normal mode and deleted file from other posts on your site - will post actual description in next post

however, have two loading errors

error loading c:\documents and settings\user name\application data\psrco.dll

error loading c:\documents and settings\user name\application data\dpapad.dll

any ideas

also, how should i make sure that all traces of virus are gone

this site is the best

#7 gottagokw

gottagokw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 02 November 2012 - 01:43 PM

I found my solution in the post with Big Red Jeff labeled "Different FBI Virus"

Finally I used msconfig in safe mode to disable all services and startup and the fbi screen didn't open. I tracked it down to the following run command c:\documents and settings\user\local settings\application data\microsoft\windows\[random #]\taskschd.exe. The properties for taskschd.exe say it was origianly AutoIt3Help.exe by autoitscipt.com. I rescanned same tools in normal mode pluss avg and ms secureity essensals and nothing detected it. So I deleted the files and the run command in the registery.

This file was cause of pop up

c:\documents and settings\user\local settings\application data\microsoft\windows\[random #]\taskschd.exe

The filename and path location differs on most of the systems.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:23 AM

Posted 02 November 2012 - 02:14 PM

Do you still need help?

If yes post the logs




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users