Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Infected with Department of Justice Virus, now computer won't boot!


  • This topic is locked This topic is locked
10 replies to this topic

#1 snokum

snokum

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 05 May 2013 - 01:01 PM

My computer is infected with the DOJ virus (Moneypak), and I do not have the option to boot into safe mode, and when I try to boot now, there is only a blinking cursor in the top left of the screen.  I have tried Kaspersky Rescue CD, and I have not been able to run the Hitman fix, as it comes up with Disk Read Error when I boot from the USB.

 

What should I do to get back into my system?  Any help would be much appreciated!  Thanks.



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:18 AM

Posted 05 May 2013 - 01:56 PM

Hello snokum and welcome to Bleeping Computer!

 

In order for us to help you faster, could you please post your Operating System (Windows XP/Vista/7/8) and weather it's 32 or 64-bit?

 

bloopie



#3 snokum

snokum
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 05 May 2013 - 02:37 PM

Thanks for getting back to me.  It's Windows 7, and it is a 32-bit system. 



#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:18 AM

Posted 05 May 2013 - 02:53 PM

Hello again,

Thanks for that. Now I'm going to request a log from a tool that cannot be posted anywhere except the Malware Removal Logs forum, and that's where I have moved this topic.

Let's try the below instructions. You will need a USB device and a clean computer:

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt

Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
bloopie

#5 snokum

snokum
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 05 May 2013 - 03:31 PM

what if i'm not able to get into the System Recovery Options from the Advanced Boot Options:?

 

 

I currently cannot get into the Advanced Boot options.  I also cannot make a repair disc because I do not have another Windows 7 computer.   Am I missing something?  Thanks. 

**32-bit System Repair Disc can only be created on a 32-bit Windows 7** 



#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:18 AM

Posted 05 May 2013 - 04:38 PM

Hello again,

 

Do you have access to any other machine at all ? It doesn't have to be a Windows machine.

 

We will need to create a new disc or attack from another vector.

 

If so, you may need to create a  recovery environment iso and burn it to a disk, so that you can boot your computer into the infected user account outside of Windows.

 

Do you have your Original Installation CD handy?

 

Let me know what you have to work with!

 

bloopie


Edited by bloopie, 05 May 2013 - 04:38 PM.


#7 snokum

snokum
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 05 May 2013 - 05:04 PM

Yes, I have other computers, but they are all 64 bit computers, Windows Vista.  I've tried the Kaspersky Recovery on the infected computer, and that has not worked (although am trying again currently).

 

Thanks again. 



#8 snokum

snokum
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 05 May 2013 - 06:15 PM

Also, I do not have my original installation CD. 



#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:18 AM

Posted 05 May 2013 - 09:57 PM

Hi again,

Please follow the links in my post #4 on how to create a recovery disk to get the proper logs posted... It does not matter what version of Windows or bit rate your other machine is running. You should still be able to create a recovery disk to get the logs posted.

bloopie

#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:18 AM

Posted 09 May 2013 - 06:22 PM

Hello again,

 

Any luck making the repair disk? Are you still with us?

 

As I mentioned in post #4:

 

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

I have bolded and underlined the pertinent information in the above quote.

 

bloopie



#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:18 AM

Posted 13 May 2013 - 05:32 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users