Author Topic: FBI/Moneypak Scam  (Read 27922 times)

0 Members and 1 Guest are viewing this topic.

Aventador

  • Guest
Re: FBI/Moneypak Scam
« Reply #30 on: September 13, 2012, 01:49:02 PM »
One scanner is not enough. That's why there are do many free on demand scanners out therer. The most important thing is turn around time. Why spend days going back and forth with log postings when on a matter off minutes it can be fixed. Use the info provided in the link then follow up with an MBAM scan. Never hurts to scan with HMP also or CCE.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: FBI/Moneypak Scam
« Reply #31 on: September 13, 2012, 01:52:39 PM »
Aventador  This is not the same malware as the one you have linked to I am afraid, malware does not stay the same so a tool that worked yesterday will not work today.. HMP has killed a fair few systems I have had to recover.  Also working in a shop with the computer is easy, working remotely is not   

larryvir this should be the last run, once done can you let me know of any problems you are experiencing


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
2012/09/08 23:07:55 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\dsgsdgdsgdsgw.pad

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Aventador

  • Guest
Re: FBI/Moneypak Scam
« Reply #32 on: September 13, 2012, 02:24:58 PM »
I beg to differ. I also do house calls and work remotely via Teamviewer.

true indian

  • Guest
Re: FBI/Moneypak Scam
« Reply #33 on: September 13, 2012, 02:27:51 PM »
I beg to differ. I also do house calls and work remotely via Teamviewer.

as essexboy said you have worked via a remote access a system not like essexboy is doing like here in this forum...I know how hard it is when you dont have your hand on the system since i do such stuff everyday...whether remote access,hand on cleaning or what ever...I remember when i was very knew to such removal stuff and believe me i have wrecked a few machines by following hand-on guides and having years of experience too.... ;D
« Last Edit: September 13, 2012, 02:29:28 PM by true indian »

Aventador

  • Guest
Re: FBI/Moneypak Scam
« Reply #34 on: September 13, 2012, 02:40:27 PM »
Excuse me but please do not assume. When someone emails me or calls me with a problem I often provide them with links to aid them. Which means there on there own. The instructions laid out by Bleepingcomputers can be used and followed by anyone. OTL involes special care an
D interaction with an expert to work.

Aventador

  • Guest
Re: FBI/Moneypak Scam
« Reply #35 on: September 13, 2012, 02:46:23 PM »
No one can know everything. I sure don't. But if someone can share info which can provide a safer and faster way to help the person it should not be shied away from. In the field no one uses OTL anymore cause it's too tone comsuming.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: FBI/Moneypak Scam
« Reply #36 on: September 13, 2012, 02:47:22 PM »
That is why I use OTL as it will show me the areas that need to be removed/fixed/repaired.  The tools used as a standalone will not get all of the bad files/registry entries.  Plus I am an Instructor in online malware removal, so I do have a modicum of experience in this area.  Could we refraiin from using this thread to discuss it as    larryvir will be lost in what to do

Aventador

  • Guest
Re: FBI/Moneypak Scam
« Reply #37 on: September 13, 2012, 02:50:56 PM »
I respect your last post essexboy. Just return the favor. Thanks.
« Last Edit: September 13, 2012, 11:06:29 PM by Aventador »

larryvir

  • Guest
Re: FBI/Moneypak Scam
« Reply #38 on: September 13, 2012, 08:40:25 PM »
To all of you:
I'm surprised by all the hits/interest shown in this problem, and embarrassed by so many observing my (let's be polite and say) inexperience here. As I indicated before, most of us can drive a car well, but few can delve into a motor or transmission...we call a mechanic. Pondus and essexboy have been my most helpful mechanics, and I shall leave the resolution of this matter in the hands of essexboy..."too manycooks spoil the broth" :) So ty to all, but ease off please.

To essexboy:
1. I truly appreciate the time and efforts you are taking on my behalf. But can I prevail upon your good nature to check my Reply#19, and answer some of the basic questions I raised?
2. I have no problem running the scans, and can see that they are really prodding around in my innards :) But I am frustrated by my inability to post all the scan results  for you. Are you getting enough info? Can you tell me how to improve my score? I know this is lack of v basic knowlege on my part, but I find it v annoying to have all this scattered somewhere on my PC and not be able to communicate it  >:(
3. Very few (v minor) problems have arisen. That TROJAN.RANSOM is no longer in evidence...SAS, Avast and MalowareBytes don't show it...none show any theats at all, but I guess they may be hidden.
4. ONWARDS :) , but I hope I shall be able to post the scans. Please tell me how to get from Notebook to attachment...when they get to My Documents all is well, but sometimes I cannot get them there, then... :(

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: FBI/Moneypak Scam
« Reply #39 on: September 13, 2012, 09:00:00 PM »
Hi essexboy, welcome to my problems.

I gather that I (surprisingly) sent you enough info to analyze my problem, and hope you will not be underwhemed by my lack of expertise here. I'm over 80 but feel under 8 in this mix-up. But I'm learning. If you are careful to dot the t's and cross the i's in your instructions I wd be most appreciative. I'll do my best.
1. Are we just chasing down this virus or making more fixes to my PC? Shd I anticipate any major changes in my programs? And according to CCleaner my Registry is a mess, but I'm afraid to 'fix' it.
2. OTL seems clear, but to be certain: a) does 'shut down all processes' include Avast,etc? b) I gather I'm not to change anything in the initial set-up, but I shd copy/paste the entire (bluish) box at bottom from :OTL through [reboot]; c) after quick scan, where will this log show up?
3) RogueKiller: a) To get it on my DT, is that an option while dling?; b) I am on IE8...where is this Smartscreen Filter, and how do I disable it?; c) two reports after Scan, one before and one after 'delete'?; d) and a third after ShortcutsFix, correct?

I realize these questions are basic (infantile) but I'd rather not be as embarrassed as I was after the first go-around  :) :-[ Will start, and await your answers anxiously.
1.  The process is to remove the main bad files and anything that they may leave behind. A messy registry is not a problem unless you can determine start speeds to the nano-second  ;D
2.  OTL will request each running process to close, if it refuses (like Avast will ) then it moves on to the next process etc..
     The script in the code box can be either a scan request or a fix command dependant on what we wish it to do
     All logs will appear in the same location as the main OTL file, so if it is on the desktop that is where it will be
3.  RogueKiller is a multipurpose tool in addtion to killing any known bad processes/registry keys it will also inspect the Master Boot Record for any infection.  The shortcuts fix will restore any files/folders
     that the malware has hidden.  The smartscreen filter is under the tools option on the main IE bar   

As I will always ask a mechanic what he is doing when repairing my car it is only fair for you to do the same.  Plus like the mechanic I never leave any tools behind  ;D

So how is the computer behaving now..  Do you have any problems at all ?

larryvir

  • Guest
Re: FBI/Moneypak Scam
« Reply #40 on: September 13, 2012, 09:27:38 PM »
essexboy
Three showed up on Notepad:OTL.Txt, ExtrasTxt, and 09132012_145535
Only the attached was movable to My Docs, and cd be found in 'Browse'.
If you want the others, please tell me how.


« Last Edit: September 15, 2012, 12:05:05 AM by larryvir »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: FBI/Moneypak Scam
« Reply #41 on: September 13, 2012, 09:45:33 PM »
Nope all I need now is to know what problems remain before I tidy up  ;D

larryvir

  • Guest
Re: FBI/Moneypak Scam
« Reply #42 on: September 13, 2012, 11:27:30 PM »
To essexboy
1. Phew, glad that's over :) Don't know how to thank you enough for all that time and effort! Great job! I assume I can delete the debris now (?) I intend to keep Malwarebytes...can't hurt to have two roach -killers on the job (but yes, only one AV, Avast for sure!)
2. In general PC runs much as before: good. TROJAN.RANSOM gone; no threats found by my three ghost-hunters; all seems 'quiet on the home-front'.
3. Very minor 'problems' such as that damn Windows security shield back in my tray which pops up on every boot telling me updates shd be dled...forget how I removed it before. But if that's the biggest complaint you ever get, you must be doing pretty well  ;D
4. I might mention a few possible 'indicators', none of which may pertain to this: a)In my first post I mentioned Rundll32...shd I delete the ~60 suspicious ones, short ones (~30-60bytes) which appeared 09/07-09/09 when the trouble started?; b) Something strange showed up in My Docs ~70 'album art' (half long and half short jpg's) covers of music I've dled...is that of any signifigence?...I may  delete them; c) That wgsdgsdgdsgs.exe is still in Avast jail, labeled 'no virus'...shd I delete that?: d) "Error on page" appears more frequently, at the bottom just above the Start line...mean anything?

Again my heartfelt thanks for a great job. Will let you know if anything else shows up. Will also keep you on tap shd I need help in the future [that's the trouble with showing expertise... ;) ;D ]

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: FBI/Moneypak Scam
« Reply #43 on: September 13, 2012, 11:58:14 PM »
Anything in the virus chest can now be deleted

Reference the windows updates you should install them to keep your system secure

Quote
"Error on page" appears more frequently, at the bottom just above the Start line...mean anything?
I assume that you mean internet explorer
Go to Control Panel > Internet Options > Advanced Tab
And reset the settings.. See picture at the bottom

I will clear my tools now and once that is done let me know of any further concerns

Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
     [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?Keep safe  :wave:

larryvir

  • Guest
Re: FBI/Moneypak Scam
« Reply #44 on: September 14, 2012, 10:15:48 PM »
Hi essexboy

PC running well, about as usual. Lost two PWs, easily replaced; some sites load sl more slowly, but load speed varies normally.

Followed your 'end-game' plan:
1. OTL. Ran fix, then cleanup (twice). OTL did not delete itself, so I did it manually. But I notice those 'attachments' still show up on my posts...How can I delete them?
2. Hidden f&f was already checked (from long ago).
3. Malwarebytes I shall keep, as mentioned before, so I shall have Avast and two roach hunters.
4. A word on auto updates: I dislike them...they are intrusive,slow down my PC and bark at the wrong time. I generally manually update all each month, but will do so 2X/mo if you think it best. Will add Windows update to that list...have been reluctant to update Windows (created problems in the past)...was talked into updating in July...170 loaded my PC! Wd rather not have 'Hippo'.
5. 'Error on page'. Wd rather not reset all...some I set for other, unremembered, reasons. Is there some specific setting I shd reset? (Msg is showing right now)
6. Have a Firewall (windows) but never found out how to 'update' it...will check. Avast free offers no firewall, does it?
7. Emptied Avast Virus Chest...no change noted.
8. Wd still like to know how to rid my PC of that damn Window Security shield in my tray...it keeps insisting I turn on auto update >:(

Guess that's it. Please answer above when/if you get time/inclination. You have done a fine job, and gone 'beyond the call of duty'. I won't thank you again...you might get the impression that you've done someting clever  :) ;) ::)