Solved Department of Justice Moneypak Virus

[Matt232222]

I feel like I've exhausted all options...any assistance or input is greatly appreciated!

 

[Matt232222]

Apologies for the 3 identical postings...when I submitted "Create Post", the webpage never confirmed the posting...it just kept "idled" and I had assumed the posting did not go through. Thank you!

 

[TwinHeadedEagle]

Please download Farbar Recovery Scan Tool and save it to a flash drive.

• Plug the flashdrive into the infected PC.
• Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
• Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

• In the command window type in notepad and press Enter.
• When notepad opens, click File and select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe and press Enter.

Note: Replace letter e with the drive letter of your flash drive.

• The tool will start to run. When the tool opens click Yes to disclaimer.
• Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please attach it to your reply.

 

[Matt232222]

Thanks...super good instructions! Here is the txt file that was produced.

 

[TwinHeadedEagle]

FRST report wasn't created properly.

When you boot to Command Prompt in Recovery Environment, type this command

Chkdsk C: /r

Then when it is over, reboot, and then repeat FRST scan again and attach fresh report.

 

[Matt232222]

Thanks. When I enter that command, I get the below italicized message. I still attached the FRST report it created, although it appears basically identical.

The type of the file system is NTFS.
Unable to determine volume version and state. CHKDSK aborted.
Failed to transfer logged messages to the event log with status 50.

 

[Matt232222]

I also ran Listparts.exe and have attached the report if that is helpful.

 

[TwinHeadedEagle]

Can you boot Windows normally?

 

[Matt232222]

Yes, I can boot Windows normally. However, the Department of Justice Moneypak screen loads up immediately when I sign on.

 

[TwinHeadedEagle]

FRST won't show proper report in recovery, because you have strange file system, called RAW. Do you know something about this?

 

[Matt232222]

From what I can find, RAW refer to a disk partition that has not been formatted with an NT file system, neither FAT nor NTFS. Before now I did not know my system used RAW...I'm a bit surprised. FYI, my computer is a Dell Latitude laptop that uses Windows 7 Enterprise.

 

[TwinHeadedEagle]

The only way out will be to re-format the partition, but all data will be lost. There is no way to convert a RAW volume to a NTFS file system without loosing the data as the volume will need to be reformatted.

 

[Matt232222]

I see, understood. Not the answer I was hoping for, but that's life I suppose! Thanks so much for your help...it is much appreciated!

 

[TwinHeadedEagle]

You can try to contact Dell support, maybe they can help.

 

[Matt232222]

Ok, I might try that avenue. Thanks!