Solved Moneypak virus still on XP after using HitmanPro Kickstart and Kaspersky Rescue

[SSS]

I do not know how to run the logs requested, especially on a computer with this virus. I will print the log creation instructions and study them back at my computer with the virus.
I do not have a web camera. I use Malwerebytes as my antivirus. The computer was purchased new in 2006. It is a HP Pavillion desktop.
I am not savy with these matters so clear instructions are appreciated. I will return all posts as soon as possible, while working from remote computers. I do not have a lap top at my disposal.
Thanks in advance.
P.S. I see I can get to the internet with Kaspersky Rescue with limited access. Thanks for that info.

 

[TwinHeadedEagle]

Can you boot to Safe Mode? Or Safe Mode with Networking

 

[SSS]

TwinHeadEagle,

Thanks for the prompt reply.

I can not boot to either Safe Mode or Safe Mode with Networking.

What are the next steps to solving this?

Also, using Kaspersky Rescue, I can reply to all, by posting a comment on anyone's profile. I can only post here, on this treahd, when I go to an uninfected computer, which is away from my residence.

I could not use the Farbar Recovery Scan Tool (FRST) tool on the Kaspersky Rescue's desktop. I copied it to the KR desktop, from my flash drive, and it stayed on the KR desktop, but when I clicked the FRST tool, it would not run.

It asked for me to pick from a small selections of application to run it. Please provide detailed instructions on using the FRST tool, if the information is needed.

All help is greatly appreciated from all. I need to solve this virus problem as soon as possible.

Thanks.

 

[TwinHeadedEagle]

Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
  
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• Wait for the CD to detect your hardware and load the operating system
• Your system should now display a Reatogo desktop
  Note : as you are running from CD it is not exactly speedy
• Insert the USB with FRST
• Locate the flash drive with FRST and double click
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[SSS]

Thanks. File attached. I look forward to your next instructions.

 

[TwinHeadedEagle]

Report is not complete, can you run it again...

 

[SSS]

I ran the progame again. Here is the file. The newer file is 21kb while the first one was 17kb. Thanks.

 

[SSS]

I misspelled "program".

 

[TwinHeadedEagle]

Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>> Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your USB flashdrive.

>> Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...

 

[SSS]

Soungs good.

I just opened FRST, and hit the "Fix" button only.Then the FRST closed quickly. I did not hit the "Scan" button.

I waited about 20 mins, to see the "fixlog.txt" on my flash dirve. However, I do not see it. I am stil in the Recovery environment.

How long does it take to process the "Fixlist.txt"? 5 mins? 1 hour? 3 hours? etc.

Do I need to hit the "Fix" button again? Do I need to run the "Scan" before I hit "Fix"?

Thanks.

 

[TwinHeadedEagle]

Probably it is done. Try to boot now...

 

[SSS]

TwinHead Eagle,

Thanks for the hlep. it appears the virus is gone (as I am typing this from the previously infected computer), but, the computer is running extremely slow and I do not see the the fixlog.txt file.

What can I do to locate (or create) that file? It is not in the same folder as the FRST file.

What is (or could be) the reason the computer is running so slow? Is this a sign that the virus is not 100% removed? I do not recall the computer running this slow before. You hear a long drag on the windows music, as the operating system is opening up. I doubt if I can play a music video.

The last time the computer was running almost this slow, it was because the hard drive was failing, about 3 to 5 years ago. I purchased a new hard drive at that time.

What may be a fix for this slowness?

I am scanning the computer with Malwerbytes. It has been running for about 1 hour. It normally takes 6 hours to complete a scan at normal speed.

I look forward to your next instructions.

Thanks

 

[TwinHeadedEagle]

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[SSS]

TwinHeadedEagle,

Thanks for the help. We are getting closer.

The computer is still slow. I can play music videos, but it is dragging.

Malware Bytes finished it’s 6 hour scan, and found 1 thing, which allowed me to quarantine it, though I wanted to delete it.

I used Piriform CCleaner v3.26.1888, several times, to clean up the system. I clicked most boxes, except the passwords.

1. Do I need to do use the Microsoft System Tools Disk Clean Up and Disc Defragmenter as a possible remedy for the slowness? (If so, how long should this take?)

2. I can not locate the Microsoft Restore Point screen. I was going to restore the registry back to a point, before the virus occurred. I went to Programs-Accessories-System Tools-Restore Point, but no Restore Point screen came up. All others methods to locate the Restore Point screen are not working.

How do I get the restore screen working again? Maybe the virus disabled it.

3. Do you have a utility tool that will check if the hard drive, the CPU, video card, etc, is damaged or virus infected?

4. I have attached the FRST.txt file and the Addition.txt file.

Thanks again for the help.

 

[TwinHeadedEagle]

Hi,


Please do not perform System Update, because you will restore computer at the time infection occured.


1. Yes you can perform this. Defraggler is good tool to use.

2. Do not perform anything unless you consult me.

3. It is possible, but let's first finish with malware.



First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):
- Java 7 Update 45
- Java Auto Updater
- Java(TM) 6 Update 35
- VideoPlayer v2.0.6
- Adobe Reader 9.5.1
- Adobe Reader XI

Latest versions of Java and Adobe Reader available here --> http://www.java.com/en/ and here http://get.adobe.com/uk/reader/
Make sure to uncheck optional offers.

***** NEXT *****​

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.

***** NEXT *****​

1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.

***** NEXT *****​

Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
  
  

  createsrpoint;
  emptyfolderscheck;delete
  FFdefaults;
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns;b

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

[SSS]

Thanks. I will get back to you.

 

[SSS]

The following were uninstalled:
- Java 7 Update 45
- Java(TM) 6 Update 35
- VideoPlayer v2.0.6
- Adobe Reader XI

- Java Auto Updater
could not be found from the Add Remove Programs section of the Control Panel, so I could not unintall it.


- Adobe Reader 9.5.1
was in the Add Remove Programs sections, but could not be opened, so I coul not uninstall it.


I loaded up the latest java and adobe reader.

Attached are: Fixlog.txt and ComboFix.txt

I downloaded zoek.rar and zoe.zip successfully, but when I hit the zoek.exe, I received the screen to "Run", and when I hit "Run" the screen dissappeared but nothing happened.

I do not understand all of the instructions for zoek that say "Please wait while the tool does not start...." I waited 10 mins, but nothing happened. Please send further instructions on the zoek.exe file.

Also, to run Combo Fix, I deleted the AVG antivirus, as Combo Fix gave me a warning that AVG was running. AVG had not run since 2012, so I uninstalled the program with the "Add Remove" program section.

However, that did not get it all. I Googled, and found an AVG Removal Tool, which completed the removal. It opened up a command box and I saw lines appearing. On reboot, it repeated the process. AVG is now removed, and I now have a Windows security alert (a red shield with and x) on task tray.

I probably should have emailed you before I used that tool. I will make sure I consult you on future issues. The system is running slow, and I'm trying to complete this process as soon as possible. The Combo Fix took about 3 hours to complete.

I will now use the Defraggler tool that you suggested, after I upload this post.

Thanks again for your help.

 

[SSS]

With the https://www.piriform.com/defraggler/download should I use the free one or would you recommend purchased the one for $24.95?

How is this defraggler different or better than running the Microsoft Chkdsk (or it may go by another name) that comes with the computer?

Thanks

 

[TwinHeadedEagle]

Defraggler - download free version, it is more than enough. I think it has better defrag.



Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

• Click on the Scan button.
• After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Post logfile will also be saved in the C:\AdwCleaner folder.

Re-run FRST once more and attach fresh report.

 

[SSS]

FRST.txt and AdwCleaner[S0].text attached.

I will download the free defragger and use it. I thought it took about 10 hours to defrag a hardware, so I will stop the defragment, when I receive more instructions from you.

Thanks.