FBI/Moneypak Scam

[larryvir]

Hi again Pondus
(3a found the OTL scan logs)
Am gaining some confidence in this; maybe I'm not so stupid
If the fiiles come through, please be sure to DELETE them when you finish with them...they will still be here on my PC...somewhere

Now another problem: 'file is too large'...now what?

[larryvir]

will try sending only the txt file

[larryvir]

 Tried sending 'X-file'  too large...limited to 190KB 

[essexboy]

OK lets now start to remove it.. I will clear all tools once we are done

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
[2012/06/20 23:31:40 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2002/09/03 15:50:45 | 000,004,819 | ---- | M] () (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\q2x3nuf8.default\extensions\pxrruksrrw@pxrruksrrw.org.xpi
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O3 - HKU\S-1-5-21-1085031214-1844237615-725345543-1003\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O33 - MountPoints2\{2d087c52-b052-11de-ae7a-fe820eab1ade}\Shell\AutoRun\command - "" = BOOTEX\thumbcache_131.exe
O33 - MountPoints2\{2d087c52-b052-11de-ae7a-fe820eab1ade}\Shell\explore\command - "" = BOOTEX/thumbcache_131.exe
O33 - MountPoints2\{2d087c52-b052-11de-ae7a-fe820eab1ade}\Shell\open\command - "" = .////BOOTEX/thumbcache_131.exe

:Files
C:\Program Files\Web Assistant

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

• Download RogueKiller  and save it on your desktop.
   
  NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  
  
• Quit all programs
• Start RogueKiller.exe.
  
• Wait until Prescan has finished ... 
•     Click on Scan

   
 

• Wait for the end of the scan. 
• The report has been created on the desktop. 
• Click on the Delete button.

     

• The report has been created on the desktop.

• Next click on the ShortcutsFix   
  
  
• The report has been created on the desktop.

Please post:    All RKreport.txt text files located on your desktop.

[larryvir]

Hi essexboy, welcome to my problems.

I gather that I (surprisingly) sent you enough info to analyze my problem, and hope you will not be underwhemed by my lack of expertise here. I'm over 80 but feel under 8 in this mix-up. But I'm learning. If you are careful to dot the t's and cross the i's in your instructions I wd be most appreciative. I'll do my best.
1. Are we just chasing down this virus or making more fixes to my PC? Shd I anticipate any major changes in my programs? And according to CCleaner my Registry is a mess, but I'm afraid to 'fix' it.
2. OTL seems clear, but to be certain: a) does 'shut down all processes' include Avast,etc? b) I gather I'm not to change anything in the initial set-up, but I shd copy/paste the entire (bluish) box at bottom from :OTL through [reboot]; c) after quick scan, where will this log show up?
3) RogueKiller: a) To get it on my DT, is that an option while dling?; b) I am on IE8...where is this Smartscreen Filter, and how do I disable it?; c) two reports after Scan, one before and one after 'delete'?; d) and a third after ShortcutsFix, correct?

I realize these questions are basic (infantile) but I'd rather not be as embarrassed as I was after the first go-around  Will start, and await your answers anxiously.

[larryvir]

essexboy
This showed up on Notepad after reboot.

[larryvir]

essexboy
...But (here we go again!) after quick scan, second entry in Notepad is 09122012-204319
This does not show up on Desktop or in My Documents, and I cannot attach it here directly from Notepad 
...What am I doing wrong? and how to get it posted?

[larryvir]

essexboy
Ran RogueKiller. Have three RK reports, attached hereto.
Still working on getting second OTL to you...it's still on OTL, but no longer on Notepad. How can I get it attached here?

[Aventador]

Here is a very good guide that will take care of this in minutes.

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

[CraigB]

Here is a very good guide that will take care of this in minutes.

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

As essexboy is already handling this issue then it is best left in his hands.

[Aventador]

There is no forum rule that others cannot help. Bleepingcomputers is a top site for malware removal help. I have done exactly this on 25 computers and its removed it minutes rather then days of scanning with OTL. OTL is great and so is essexboy but if someone knows a faster more easier way then it should be provided. OTL is kinda old school and can be very tedious for a newbie. Emsidoft Emergency Kit can also be installed as a portable app.

[CraigB]

There is no forum rule that others cannot help.

Its well known that once you start recieving help from a malware specialist others need to butt out and let the specialist ( essexboy ) do there job.

[Aventador]

Again I will say that if it's a forum rule then it should be clearly stated as such and not assumed. Also if essexboy is the only one that can help then there should be a seperate section in the forum that only he can post in. No one knows everything. Especially essexboy. Ive been in the compueter business for 15 years and still don't know everything. OTL is old school and takes help. The link I provided is an easier and more effective way. We are a community and in a community we all help each other. Thanks.

[Aventador]

No offense to essexboy but if I can add more education then it should not be turned down or deleted. 2 days later and it's still not done. I have provided several clients with this exact guide and within 25 minutes its fixed.

[CraigB]

It's not just about cleaning out the malware, the logs requested also provide information as to wheather there are other problems as well and there is alot of information that can also be collected from infected systems to further help avast in it's fight.

essexboy is not the only malware specialist we have here and there is a seperate are for them to provide help but unfortunately not all people with issues start there thread in the correct section " hence this thread"