MoneyPak Removal (No Safe Mode or Internet Connection)

Fiery

Fiery

Level 1
Jan 11, 2011
2,007
The tools will not remove your files. I'm recommending you to backup your files incase the malware has set a trap for us, leaving your machine unbootable. It's unlikely but the chance exist. You can run the tools without backing up your files. So it's not mandatory.

Since your machine was badly infected, it would be a good idea to backup your files just in case. You can read my first post for an explanation.
 
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
I will do that now! Here is the latest log. Also, the Internet connection has returned. Thank you so much! I really means a lot, and it's good to know there are people who are willing to take their own time to help out others rather than messing up computers.
 

Attachments

  • ComboFix.txt
    14.5 KB · Views: 93
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
Never mind about the internet. I got a screen popping up, saying:

"C:\Program Files\Internet Explorer\iexplore.exe

Illegal operation attempted on a registry key that has been marked for deletation"

I'm not sure if that will be fixed later. I will go to the next step now. Again, thank you so much!
 
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
I attempted the new thing you said, but I got the same error message as when I tried to open the Internet page.
 
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
Sorry for all of the replies. The Internet and programs are able to run again. I will continue with your instructions.
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Please let me know how your PC is after the scans below.

Please download Malwarebytes' Anti-Malware from here to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • When it prompts you to try their 30-day trail, click decline
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
  • The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
 
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
Here is from MalwareBytes:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.26.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Caitlin :: CAITLIN-PC [administrator]

6/26/2013 9:26:26 PM
mbam-log-2013-06-26 (21-26-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215284
Time elapsed: 18 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Caitlin\Templates\2433f433 (Trojan.Agent.TPL) -> Quarantined and deleted successfully.

(end)
 
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
C:\FRST\Quarantine\xrrpxyjsuiwavyhxr.exe Win32/Moure.A trojan
C:\Program Files\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\TDSSKiller_Quarantine\25.06.2013_22.11.57\tdlfs0000\tsk0004.dta Win32/Olmasco_O trojan
C:\TDSSKiller_Quarantine\25.06.2013_22.11.57\tdlfs0000\tsk0005.dta Win64/Olmasco.S trojan
C:\TDSSKiller_Quarantine\25.06.2013_22.11.57\tdlfs0000\tsk0006.dta Win32/Olmasco_O trojan
C:\TDSSKiller_Quarantine\25.06.2013_22.11.57\tdlfs0000\tsk0007.dta Win64/Olmasco_O trojan
C:\TDSSKiller_Quarantine\25.06.2013_22.11.57\tdlfs0000\tsk0008.dta Win32/Olmasco_O trojan
C:\TDSSKiller_Quarantine\25.06.2013_22.11.57\tdlfs0000\tsk0009.dta Win64/Olmasco.R trojan
C:\TDSSKiller_Quarantine\25.06.2013_22.11.57\tdlfs0000\tsk0010.dta a variant of Win32/Olmasco.Q trojan
C:\TDSSKiller_Quarantine\25.06.2013_22.11.57\tdlfs0000\tsk0011.dta Win64/Olmasco.X trojan
C:\TDSSKiller_Quarantine\25.06.2013_22.11.57\tdlfs0000\tsk0016.dta a variant of Win32/Olmarik.AYN trojan
 
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
It's running really well! It's now letting me update my windows and put up the security, which it hasn't in ages. That should have been my first sign of osmethign was wrong. Thank you so much for all of your help! You truly are the best!
 

Similar threads

I
  • Locked
Removing Zeus by resetting Windows
Replies
6
Views
484
Windows Malware Removal Help & Support
nasdaq
nasdaq
anirbandutta01
    • Like
Serious Discussion Safe mode protection
Replies
11
Views
876
General Security Discussions
Brahman
Brahman
mcmissouri
    • Love
  • Locked
pejhfhcoekcajgokallhmklcjkkeemgj I can't get rid of this f****** extension on chrome. I see you guys are the masters of your trade. Can one of yo
Replies
9
Views
630
Windows Malware Removal Help & Support
oldschool
oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top