Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A plethora of trouble after FBI Moneygram virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 bmetay

bmetay

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 07 May 2014 - 10:29 AM

I caught the FBI Moneypak ransomeware virus on my win 7 box.  I was able to remove it with Kaspersky rescue disk. I rebooted normally and ran MalwareBytes and Hitman Pro.
It's been a losing battle since  then. I've  caught and removed one trojan after another with the above tools. As I ran them last , 4 trojans and a root kit dled and killed MWB and Hitman while they were running.
I started over and removed them with Kaspersky RD.
I'm no expert, but it looks like registry entries are downloading and executing malware.
I removed a couple from startup using msconfig, but they reappear.
I downloaded Autoruns and deleted some obviously bad entries.
Restarted in safe mode with networking, ran Kaspersky, MWB, and Hitman pro . All clean.
Rebooted normally, downloaded Mcaffee updated definitions and went to bed  with a full scanrunning..
When I woke up the box was  down. It would not boot. No  messages.
Restored the MBR with a win 7 recue disk and lo and behold everything works again in safe mode.
MWB,HMP,Kaspersky say clean.
But I'm afraid whatever nailed my MBR is still there.
So can you help me rid myself of this plague? I can plug in an external drive and have access to an uninfected computer.
 

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:11 AM

Posted 07 May 2014 - 03:42 PM

This issue will require further investigation and a more comprehensive look at your system. Many of the scanning we use in this forum are not capable of detecting (repairing/removing) all malware variants so more advanced tools are needed to investigate. Before that can be done you will need to create and post a DDS log for further investigation.

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 bmetay

bmetay
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 09 May 2014 - 09:38 PM

I know I shouldn't post here, but this can't be right, can it?.
 
.
 
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================


#4 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:03:11 AM

Posted 14 May 2014 - 01:41 AM

You have posted in MRL here http://www.bleepingcomputer.com/forums/t/533965/a-plethora-of-trouble-after-fbi-moneygram-virus/

 

To avoid confusion this topic is closed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users