Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Assistance with Green Dot MoneyPak Virus Win XP SP3


  • Please log in to reply
4 replies to this topic

#1 Amanda Hugginkiss

Amanda Hugginkiss

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 04 April 2013 - 06:03 PM

Hi,

 

I need assistance removing the Green Dot MoneyPak virus from an XP SP3 PC.

 

Status of PC:

  • Can login to Normal mode with infected network user account but can't get beyond Dept of FBI splash.
  • Can login to Safe mode with networking on infected network user account but can't get beyond Dept of FBI splash.
  • Cannot login to Safe mode command prompt only - does not allow for the network credentials only local user.
  • Can control using PSExec but don't know what to do.
  • Have copied Combofix.exe and mbam-setup-1.70.0.1100.exe to root of infected PC's local C:\ drive.

 

Things I have done so far:

  • Copied users' important data through network admin share to a hot swap pc and the user is working again.
  • Have tested being able to PSExec to the PC but no further.

Please let me know what other information I can provide and/or what steps to proceed with.

 

Thank you!



BC AdBot (Login to Remove)

 


#2 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:03:30 AM

Posted 05 April 2013 - 12:33 PM

Hi, welcome to BC!

 

Please follow the instructions in the following guide to get rid of the initial "FBI" malware

 

http://www.bleepingcomputer.com/virus-removal/remove-fbi-cybercrime-division-ransomware

 

Let me know how things go.  Once you have done this you should be able to boot into windows where we can finnish the cleanup process.



#3 Amanda Hugginkiss

Amanda Hugginkiss
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 05 April 2013 - 02:36 PM

HI Jimbob... first off thanks for the help.

 

When booting into 'safe mode with command prompt only' I am not able to login.  It doesn't allow for any of the local or network usernames that I have tried to log in.  It shows a Log On to Windows dialog box with only User name and Password fields and anything I've tried network or local users are not working but coming back with 'The system could not log you on. Make sure your user name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case. Make sure that Caps Lock is not accidentally on.'  

 

Is there any other way to attempt cleaning some of this off of the PC with either a bootable CD or bootable USB drive?  I don't think I'm going to be able to access from the command prompt or from Windows.



#4 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:03:30 AM

Posted 05 April 2013 - 02:50 PM

Yes,  you can run an AV scan as described in the following link

 

http://support.kaspersky.com/4162

 

This article also notes how to use a flash drive instead of burning a cd.

 

When the scan is done check the report and save a copy as a text file to your desktop so that you can reboot and post the results in your next post.



#5 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:03:30 AM

Posted 09 April 2013 - 09:50 AM

Just wanted to check in and see how things were going and to see if you need any further help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users