Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Moneypak Virus - Cannot run in Safe Mode


  • This topic is locked This topic is locked
6 replies to this topic

#1 jaygeeess

jaygeeess

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 05 September 2013 - 07:15 PM

I recently acquired the lovely moneypak virus.  Previously I was able to get rid of it using safemode, but this time, I am not able to do anything in safemode, command prompt etc;  It's got me.  Can someone please help me get rid of this thing? 

 

I am running Windows 7 64 bit.  Any help or instructions would be fantastic!

 

Thanks!  -J



BC AdBot (Login to Remove)

 


#2 jaygeeess

jaygeeess
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 05 September 2013 - 09:41 PM

Too many of these huh? 



#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 06 September 2013 - 01:23 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 jaygeeess

jaygeeess
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 06 September 2013 - 12:19 PM

Hello, Thankyou for your reply.  I have saved my FRST64.exe to my flash drive, and opened the command prompt.  The title bar reads: Administrator:X\windows\system32\cmd.exe.  in the body of the command prompt I have X:\>, I then type E:\FRST64.exe so that it reads: X:\>E:\FRST64.exe.  Note the E:\ is the location of my flash drive.  When I hit ENTER, I get an error that says that this is not a valid Win32 application.  I also tried typing E: so that the command prompt reads E:\> and type FRST64.exe, and I get the same error message.  Any ideas?



#5 jaygeeess

jaygeeess
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 07 September 2013 - 04:12 PM

Any advice?



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 08 September 2013 - 11:56 PM

Try to use FRST.exe instead of FRST64.exe


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 15 September 2013 - 07:00 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users