Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get to desktop after removing fbi moneypak malware.


  • This topic is locked This topic is locked
12 replies to this topic

#1 hal3134

hal3134

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 24 June 2013 - 08:52 PM

I removed the fbi moneypak malware (or so I think) from my computer using the free/trial version of Emsisoft.  I ran malwarebytes repeatedly both before and after without it finding anything related to fbi moneypak.  For a day or two my computer seemed fine.  Now after I login to my user account, I get a black background window with "cmd.exe" in the header.  It says "Microsoft Windows XP [Version 5.1.2600] © Copyright 1985-2001 Micosoft Corp. '"C:\Documents and Settings\[username]\My Documents\139d2e78.exe"' is not recognized as an internal or external command, operable program or batch file.    C:\Documents and Settings\[username]> [blinking cursor awaiting command]"

 

When I select booting in Safe mode, I get a few screens of dos type commands fly by and then the blue screen of death pops up.  It says: "A problem has been detected and windows has shut down to prevent damage to your computer.  If this is the first time you've seen this stop error screen, restart your computer.  If this screen appears again, follow these steps:  Check for viruses on your computer.  Remove any newly installed hard drives or hard drive controllers.  Check your hard drive to make sure it is properly configured and terminated.  Run CHKDSK /F to check for hard drive corruption, and then restart your computer.  Technical information:  ***STOP: 0x0000007B (0xF7C46528, 0xc0000034, 0x00000000, 0x00000000)."

 

Usually I'm pretty careful about what websites I go to, and what I click on.  I run McAfee, including the website advisor, and whenever I see anything other than a green bar I close the window.  Usually I use task manager to close the window so I don't even click on the red x.  I think I have spybot running in the background too.

 

Can you please help me?  My home desktop computer is completely inoperable.


Edited by hal3134, 24 June 2013 - 08:53 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 AM

Posted 24 June 2013 - 11:29 PM


We are going to try System Restore to restore the system prior to the infection.

Depending on your Windows version.

Windows XP
Option 1.

Step 1: Use F8 to Boot to SafeMode With Command Prompt
Step 2: Use ctrl/alt/del (keys) to get task manager opened
Step 3: choose file and create new task
Step 4: Then Navigate to:
C:\windows\system32\restore\rstrui.exe and press Enter and press Enter (double click rstrui.exe) and press Enter (double click rstrui)
Step 5: Restore Computer to a Date you know you were virus free
Step 6: Run Malwarebytes

Option 2.

Step 1: Use F8 to Boot to SafeMode With Command Prompt
At the command prompt type in: rstrui.exe
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 hal3134

hal3134
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 25 June 2013 - 09:53 PM

Thanks for the advice.  I'll try this tomorrow; too many things to do tonight.



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 AM

Posted 25 June 2013 - 10:04 PM

I will look for you then



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 hal3134

hal3134
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 29 June 2013 - 11:25 PM

Sorry Gringo,  haven't had a chance to get to my broken computer yet.  I plan to work on it later today.  Thanks in advance for your patience.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 AM

Posted 30 June 2013 - 12:54 PM

ok I will look for you later


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 hal3134

hal3134
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 01 July 2013 - 09:29 PM

Gringo,

When I boot in Safe mode, then select "Safe Mode with Command Prompt", it gives me a choice between "Microsoft Windows Recovery Console" or "Microsoft Windows XP Home Edition."  If I select the latter I get the blue screen of death, with the same errors I logged above.  If I select the former, it give me "Microsoft Windows XP™ Recovery Console.  The Recovery Console provides system repair and recovery functionality.  Type EXIT to quit the Recovery Console and restart the computer.   1:  C:\WINDOWS        Which windows installation would you like to log onto (To cancel, press ENTER)?[solid, unblinking cursor]."

 

I also noticed that when I hit F8, one of my choices instead of "Safe Mode with Command Prompt" is "Last Known Good Configuration (your most recent settings that worked)."  Should I be trying that option? 

 

What do I do next?


Edited by hal3134, 01 July 2013 - 09:36 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 AM

Posted 01 July 2013 - 09:59 PM

Try it and let me know how it goes


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 AM

Posted 05 July 2013 - 12:56 AM

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert it back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 hal3134

hal3134
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 08 July 2013 - 09:53 AM

I assume you mean for me to do your instructions from July 5 in lieu of the ones from July 1.  I probably can't get to it tonight, but will try tomorrow or Wed. 

 

Thanks for the new directions.  They sound better to me than just using the Windows XP built-in options.  : )



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 AM

Posted 08 July 2013 - 01:04 PM

OK I will be looking for you


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 AM

Posted 12 July 2013 - 09:59 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 hal3134

hal3134
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 12 July 2013 - 07:24 PM

Still here.  Thanks for asking.

 

I'm having some trouble running the BurnCDCC program.  When I click "Start" it tells me to insert a blank disk, even though I've already inserted one.  It then pops the door on my DVD tray.  Clicking either "OK" or "cancel", then reinserting the disk just gets me the same error.   I've tried 2 different blank CD-R discs with the same result.  I've tried changing the speed on the BurnCDCC to various spots on the slider bar with no difference.  What am I doing wrong?


Edited by hal3134, 12 July 2013 - 07:24 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users