Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Moneypak Virus


  • Please log in to reply
9 replies to this topic

#1 '88Scrat

'88Scrat

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 28 February 2013 - 09:10 PM

I was hoping someone could help me remove this pesky little SOB. I am very new to PCs in general and I did skim some of the other threads but to no avail. I am hoping someone can explain the steps to remove it in, for lack of a better term, plain english. Like I said I'm not very familiar with this stuff. Now onto the problem, I seem to be infected with the $200 version of the FBI Moneypak virus. I say I think I am because the FBI screen has only come up one time, otherwise it turns to a white screen as soon as I login to my desktop. I can move the mouse, but thats it. I attempted to login using Safe Mode but my CPU restarts itself immidiatly after I attempt to login, it doesn't even make it to the desktop. I am running Windows XP on a Dell Laptop. I'm really hoping you guys can help me because quite frankly I'm a broke college student and can't afford to pay $125 to have a professional remove it for me. Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:44 PM

Posted 28 February 2013 - 09:28 PM

I'll report this topic to appropriate helpers.

Hold on...


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 '88Scrat

'88Scrat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 01 March 2013 - 10:45 AM

Thanks man, I really appreciate it.

#4 '88Scrat

'88Scrat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 01 March 2013 - 01:52 PM

Well, I have an update. I tried to boot up my computer again just to see if it would work (hey, you never know right?) and this time it won't even load windows at all...

The error message is as follows;
Windows could not start because the following file is missing or corrupt:
\WINDOWS\SYSTEM32\CONFIG\SYSTEM

I fear my computer might be dead for good...

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:44 PM

Posted 01 March 2013 - 08:13 PM

Be patient. Someone will get back to you...


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:44 PM

Posted 02 March 2013 - 10:10 PM

Lets give it a try.

We will need to view the system status from an external environment. You will need a USB drive and a CD to burn. There will be several steps to follow.

Download GETxPUD.exe to the desktop of your clean computer

  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Also Download Query.exe and rst to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Type bash rst.sh
  • After it has finished a report will be located in the USB drive (sdb1) named enum.log
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Then type dd if=/dev/sda of=mbr.txt bs=512 count=1

    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.txt is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located in the USB drive as mbr.txt
  • Plug the USB back into the clean computer. Post the contents of the report.txt, enum.log, filefind.txt and RegReport.txt in your next reply. The mbr.txt file must be attached to your reply as it is a hex file.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 '88Scrat

'88Scrat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 03 March 2013 - 12:37 PM

Ok I will try this but it will take me a while to find a computer that I can use to burn a CD. I can't think of anyone tha has a burner off the top of my head, unless the local library is an option.

I'll let you know when I find one, and I really appreciate the help.

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:44 PM

Posted 03 March 2013 - 01:23 PM

We can always load xPUD on a USB flash drive if easier.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 '88Scrat

'88Scrat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 04 March 2013 - 01:34 AM

A flash drive would probably be a better option, I spent a lot of time looking for a burner and never foind one. I assume that there will be a different set of instructions for using a flashdrive.

I'm sorry for the delay between posts, I am both a full time student and am employed full time so I don't have a great deal of spare time. Sorry if it is an inconvenience, I really do appreciate the help.

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:44 PM

Posted 04 March 2013 - 01:34 PM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download driver.sh to your USB drive
  • Also Download Query.exe and rst to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the USB flashdrive
  • The computer must be set to boot from the Flashdrive
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Type bash rst.sh
  • After it has finished a report will be located in the USB drive (sdb1) named enum.log
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Then type dd if=/dev/sda of=mbr.txt bs=512 count=1

    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.txt is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located in the USB drive as mbr.txt
  • Plug the USB back into the clean computer. Post the contents of the report.txt, enum.log, filefind.txt and RegReport.txt in your next reply. The mbr.txt file must be attached to your reply as it is a hex file.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users