Author Topic: FBI/Moneypak Scam  (Read 11066 times)

Offline larryvir

  • Jr. Member
  • **
  • Posts: 28
    • Personal Message (Offline)
FBI/Moneypak Scam
« on: September 11, 2012, 04:12:29 AM »
Was hit, and locked up, by this twice:
09/07...Just rebooted, and it went away.
09/09...Persistant, had to reboot in safe mode. Avast 'Behavior' pop-up: Randll wgsdgsdgdsgsd.exe. Sent to Virus Chest, where it still is. Then ran full scans (with PUPS) via Avast free 7.0.1466, and Piriform SAS free 3.06.1433. No virus or threat found. Reran both 09/10 with same results.
But now, whenever I reboot I get pop-up saying, roughly: RANDLL...X Error loading wgsdgsdgdsgsd.exe...module not found (probably because it's in the Virus Chest). I just X it out and all's well. Ran Search for RANDLL; is pervasive, found 272 entries including 60 with RANDLL32 title, all the latter v short and dated 09/07-09/09...which seems suspicious to me. PC seems to run sl slower than usual, but not bad, may be my imagination.

I'm not concerned about that silly threat, but is that damn thing still on my PC? Would appreciate help (reassurance) on this. And what shd I do about those RANDLL32 entries?

PC is old (2004) Dell ON6381; OS XP Pro 32-bit SP3; Intel Pentium 4; RAM 512MB single DDR @ 166MHz per Speccy, but 2.80GHz (sic) per CCleaner; HD 78GB MaxtorGYO8OLO; I'm on BB. Speccy offers all (?) data if you need more.

Please help, Larry


Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21701
  • Gender: Male
    • Personal Message (Offline)
Re: FBI/Moneypak Scam
« Reply #1 on: September 11, 2012, 05:48:09 AM »
Quote
I'm not concerned about that silly threat, but is that damn thing still on my PC? Would appreciate help (reassurance) on this. And what shd I do about those RANDLL32 entries?
start a new topic in the virus and worms section ......and in that topic you do this

follow this guide and attach (not copy and paste) the requested logs  http://forum.avast.com/index.php?topic=53253.0
AdwCleaner
Malwarebytes
OTL
aswMBR



then help will arrive there later today   ;)

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: FBI/Moneypak Scam
« Reply #2 on: September 11, 2012, 06:55:15 AM »
So atleast Avast Behaviour Shield is doing something  :P ....glad to see it was able to get the ransomware :)

Offline larryvir

  • Jr. Member
  • **
  • Posts: 28
    • Personal Message (Offline)
Re: FBI/Moneypak Scam
« Reply #3 on: September 11, 2012, 07:12:19 AM »
 :)PONDUS, don't have these on my PC, so no logs to send.
And where do I find 'virus and worms'?  :)
« Last Edit: September 11, 2012, 07:16:05 AM by larryvir »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21701
  • Gender: Male
    • Personal Message (Offline)
Re: FBI/Moneypak Scam
« Reply #4 on: September 11, 2012, 07:14:01 AM »
:)PONDUS, don't have these on my PC, so no logs to send.
that is why my post had a link to all the info ....click it ....read it .....download

somone her will help you...got to go to work   ;)
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline larryvir

  • Jr. Member
  • **
  • Posts: 28
    • Personal Message (Offline)
Re: FBI/Moneypak Scam
« Reply #5 on: September 11, 2012, 08:26:40 AM »
 :)Hi again PONDUS...ty for your interest.
1. I am usually v loath to dl all that stuff onto my PC, but will take and follow ur advice. This will take a while, but will get it done.
2. I am like the avg guy behind the wheel: can drive well, but wd not contemplate taking the transmission apart. Also not used to navigating THIS site...eg, how do I 'attach' what to where , and how?
3. Further, I am a v poor/slow typer. Don't want to appear lazy, but is there someway I can move my post from Free/Pro/Suite to Virus/Worms? :-[

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21701
  • Gender: Male
    • Personal Message (Offline)
Re: FBI/Moneypak Scam
« Reply #6 on: September 11, 2012, 08:33:41 AM »
ok to make it easyer we dropp making a new post in the virus and worms section..
just attach the logs here to this.....and i will notifie the malware remover of your post here

1. when the malware remover is done he will remove all tools used

below the box where you write in here you find a "attachments and others options"
click that when attaching
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: FBI/Moneypak Scam
« Reply #7 on: September 11, 2012, 08:47:14 AM »
Just in case a screenshot can help you understand what Pondus meant... ;D

Offline larryvir

  • Jr. Member
  • **
  • Posts: 28
    • Personal Message (Offline)
Re: FBI/Moneypak Scam
« Reply #8 on: September 11, 2012, 03:08:31 PM »
true indian: TY but I cannot read that even blown up 4X  :)

Pondus:
1. ADWCLEANER...GOT 'WARNING, unsafe site' so did NOT dl.
2. Malewarebytes...successful. Acted much like CCleaner, but found a TROJAN.RANSOM, which CC did NOT. Also found, as CC always does, that my MS updates is turned off (I want it off). Nothing else. Now in quarantine. Unfortunately, this log did not show up in 'my documents', but in Notepad, and I do not know how to 'attach' from Notepad... log still available if I find out how :-[

Very encouraging...will continue with the other dls ;D


Offline larryvir

  • Jr. Member
  • **
  • Posts: 28
    • Personal Message (Offline)
Re: FBI/Moneypak Scam
« Reply #9 on: September 11, 2012, 04:40:16 PM »
Hi again Pondus,
This is continuation from previous...
(2a: incorrectly refered to CCleaner...was actually SuperAntiSpyware that is my usual malware hunter, and which did NOT find that TROJAN!)
3. Got lost in navigating, but finally got OTL. Followed instructions carefully and got scan. Can see nothing bad in that. Should I look for anything specific? Unfortunately, I cannot send that log to you; contains some v confidential items. Please do not consider me uncooperative.

Will continue with last scan:aswMBR.exe after an interruption for some work...I DID tell you I am SLOW  :(

Offline craigb

  • avast! Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 8068
  • Gender: Male
    • Personal Message (Offline)
Re: FBI/Moneypak Scam
« Reply #10 on: September 11, 2012, 04:47:40 PM »
true indian: TY but I cannot read that even blown up 4X  :)

Dont blow it up, just click on the picture
Windows 8.1 Pro X64/ IE 11/ Avast 9.0.2018/ MBAM Premium 2

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28987
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: FBI/Moneypak Scam
« Reply #11 on: September 11, 2012, 05:10:10 PM »
You can attach the OTL log and as soon as I have analysed it you can remove it from the thread

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21701
  • Gender: Male
    • Personal Message (Offline)
Re: FBI/Moneypak Scam
« Reply #12 on: September 11, 2012, 05:22:31 PM »
Quote
1. ADWCLEANER...GOT 'WARNING, unsafe site' so did NOT dl.
what gave that warning?

you can copy and paste malwarebytes and aswMBR log

OTL is the most important log here, but this you must attach as it is so big that it may take 10 posts with copy and paste to do and will also complicate Essexboys work
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline larryvir

  • Jr. Member
  • **
  • Posts: 28
    • Personal Message (Offline)
Re: FBI/Moneypak Scam
« Reply #13 on: September 11, 2012, 09:38:34 PM »
OK, I'm about ready to quit this >:( These dls and scans are scattered all over my PC, and when I go to move one I lose something. Too complicated for me. This is like the farmer giving road instructions, but forgetting that the Big Oak was cut down :)

craigb...TY I knew there must be a simple way to view that, so call me simple :)

Pondus
(1a the ADWCLEANER gave the red WARNING when I pressed 'run'.)
4. I managed to dl aswMBR.exe, and it scanned. Finally found log file in Doc&Set. Have attached it  here, I think...will see when it is sent.

Can we make a guess with what you now have?
« Last Edit: September 14, 2012, 10:13:55 PM by larryvir »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21701
  • Gender: Male
    • Personal Message (Offline)
Re: FBI/Moneypak Scam
« Reply #14 on: September 11, 2012, 09:59:51 PM »
the AdwCleaner is not that important....Essexboy will see the same stuff in the OTL log ....but depending on what it removed would make the OTL fix script smaller

so now we have aswMBR log

if you manage also attach or copy and paste Malwarebytes log .....if the program does not find and remove anything then you can dropp that log

and the most important OTL.txt
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now