- Mar 8, 2013
- 22,627
Moneypak Virus, Dept of Justice version, 5 days fighting
- Thread starter typicaldani
- Start date
- Status
Sorry with these questions, but every time I try to download combofix from that link I get a webpage that says "Unfortunately the page that you requested does not exist"
Also, these instructions seem to require internet since I'd have to download things while running the program?
- Mar 8, 2013
- 22,627
Thanks. I started combofix and got as far as extracting, then it was making output folder when I got "runtime error 216 at 0004B18B" and hangs
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
FRST somehow won't finish everytime...but malware keeps recreating.
Can you upload this file and give me download link
C:\Windows\SysWOW64\User32.dll
Upload here --> www.zippyshare.com
Can you upload this file and give me download link
C:\Windows\SysWOW64\User32.dll
Upload here --> www.zippyshare.com
- Mar 8, 2013
- 22,627
Very good, I think I found the source of infection 
Now is important to follow it very carefully:
Download this file:
http://www73.zippyshare.com/v/88841583/file.html
Copy it on you C partition. So location of file should be C:\user32.dll
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Open FRST, and click Fix. Attach me that report after it is finished.
Now is important to follow it very carefully:
Download this file:
http://www73.zippyshare.com/v/88841583/file.html
Copy it on you C partition. So location of file should be C:\user32.dll
***** NEXT *****
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Open FRST, and click Fix. Attach me that report after it is finished.
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
Sorry, I should have been mentioning that frst64 gets to "loading modules" and then seems to stop, but since it generates reports I didn't realize it was significant. Now that I know that shouldn't happen, I can say that it happened again and the malware was recreated according to the log. Sorry!
- Mar 8, 2013
- 22,627
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Open FRST, and click Fix. Attach me that report after it is finished.
Try to run ComboFix straight after FRST has finished.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Open FRST, and click Fix. Attach me that report after it is finished.
***** NEXT *****
Try to run ComboFix straight after FRST has finished.
- Mar 8, 2013
- 22,627
- Please download RogueKiller and save to the desktop.
- Close all windows and browsers
- Right-click the program and select 'Run as Administrator'
- Press the Scan button.
- A report opens on the desktop named - RKreport.txt
- Please post it in your next reply.
- Status
Similar threads
