Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dept. Of Justice (moneyPak)


  • This topic is locked This topic is locked
3 replies to this topic

#1 Skidd86

Skidd86

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 12 June 2014 - 09:15 AM

I had a computer dropped off to me a couple of days ago and I have been working on removing this Department of Justice virus.  I have worked on computers in the past with the same virus and all I had to do was a simple system restore from safe mode.  Well that will not work this time because if I select safe mode (without networking, with networking, or with command prompt) it will automatically reboot the computer.  So I moved onto to other options.  I booted from hirens 15.2 and ran malwarebytes from there, and it did find some entries but it did not remove the dept of justice virus.  I have also tried running Kaspersky Rescue disk, Hitman pro kickstarter, windows defender offline, and I even removed both hard drives from the PC and slaved them to my laptop to run scans, but nothing has been able to remove this version of DOJ (moneypak).

 

The computer is running Windows XP.

 

What should i do next?



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,042 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:55 PM

Posted 12 June 2014 - 01:09 PM

Hello and Welcome on board Skidd86 :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

First,
  • Download here to your Desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to the CD
  • Next,
    • connect the USB Flash Drive
    • Download FRST and save it to the root of the USB Flash Drive.
    Next,
    • Reboot the "bad computer" using the boot CD you just created.
      Note : If you do not know how to set your computer to boot from CD follow the steps here
    • When you see a message with Starting REATOGO-X-PE connect the USB Flash Drive
    • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
    • After fully load your system should now display a REATOGO-X-PE desktop.
    • Double click the My Computer Icon, next open the drive corresponding to your flash drive
    • Execute FRST by double clicking on the icon FRST.gif
      (When the Tool opens for the first time you must click Yes on the disclaimer.)
    FRST.png
    • Press Scan button.
    • It will produce logs called FRST.txt and Addition.txt in the same directory the Tool is run from.
    • Open the Start Menu and click Shutdown to close the REATOGO-X-PE
    • Insert the Flash Drive on the working computer, then locate and open the FRST.txt log
    • Please copy and paste the log contents to your post. (also the content of the Addition.txt!)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Skidd86

Skidd86
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 13 June 2014 - 09:27 AM

Update on this topic just in case anyone runs into the same variation of this virus.  I was able to remove it by booting to Kespersky rescue disk 10 and using the windows unlocker function of it followed by updating virus definitions and then running a virus scan from within the kespersky rescue disk.  The following is the link contains the instructions I used to remove the ransomware.  Thanks for the help :)

http://support.kaspersky.com/us/viruses/disinfection/8005



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,042 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:55 PM

Posted 13 June 2014 - 09:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users