Solved Moneypak virus still on XP after using HitmanPro Kickstart and Kaspersky Rescue

[TwinHeadedEagle]

Open Control Panel and remove:
- Optimizer Pro
- VideoPlayer


Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.

 

[SSS]

I uninstalled Video Player.

Optimizer Pro would not allow me to uninstall it. It gave me the attached error message.

So I use Google, and found out this is a virus to get people to purchase the software. The videos I found gave
methods to remove it.

Do you have a method to remove Optimizer Pro?

Or do you want me to look at these videos and pick the best method?

https://www.google.com/search?q=google&rlz=1C1PRFC_enUS516US516&oq=goo&aqs=chrome.1.69i59j0l3j69i60l2.4720j0j7&sourceid=chrome&es_sm=122&ie=UTF-8#q=optimizer pro scam





I will wait on your response before proceeding.

I saw more videos on removing the Optimizer Pro virus. Some had audio with someone speaking, and some just had music playing as the viewer watches the action on the screen.

Thanks

 

[TwinHeadedEagle]

Just proceed with my instructions, Fixlist.txt is about to delete Optimizer.

 

[SSS]

TwinHeadedEagle,

I think you have solved it.

After using the Fix command on the FRST software, the PC Optimizer Virus had 3 things left on the computer.

1. It still showed up in the "Add or Remove" program section. And this time I was able to remove it. (It had a message that it may have been uninstalled".

2. A short cut on the desktop remained. I successfully deleted the shortcut on the desktop.

3. A error sound (a booom) is still heard at start up, but now no written error message appears. The written error message appeared before, along with the sound. I see no detriment to the start up or the computer from this sound.

If you have a fix for the (booom) sound, great. If not, no worries.

I have attached the Fixlog.txt report.

Thanks

 

[TwinHeadedEagle]

Can you explain in more details how that booom sound looks like?

 

[SSS]

The booom sound occurs when an error message appears. I think I saw at one point in some settings tab, one could turn the sound off and just read the message (as I believe it is just a Windows notification).

The sound and the error message together is normal. And they both occur together when any error message occurs, not just from the Optimizer Pro virus.

I only heard the sound at the time of start up, when the Optimizer Pro Virus produced and error message and the sound came with it. Now, on start up, there are no visual error messages, though I hear the sound. I only hear it once, so it is not a big deal.

Something appears "caught in there" (as there is no reason for the boooom sound, as their is no visual, readable error message......as I believe because their is no error.)

So, if no ready solution is available, I'm satisfied with what I have.

Thanks

 

[TwinHeadedEagle]

Re-run FRST once more for final check. Check Addition.txt, press Scan and attach both reports.


1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.

 

[SSS]

Thanks for the help. I have uploaded the FRST and Addition file.

When I tried to run Combo Fix, I got a warning message that the AVG Free 2012 Virus protection was running. The message also warns that damage to my computer may occur, so I have not run the Combo fix.

I have used the AVG 2012 32 bit tool remover several time, but the same message appears. I do not see AVG in the Remove Programs Windows menu.

All help is appreciated.

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Follow the prompts and click Scan.
• When finished, please click Clean.
• Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Install the progam and select update.
• Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
• Click the Scan tab, choose Threat Scan is checked and click Scan Now.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

 

[SSS]

All files attached.

I was able to double click the applications to use them. However, when I right clicked, and tried to "Run As Administrator", I could not get in that way. I am the administrator of this account.

Thanks.

 

[TwinHeadedEagle]

PC seems clean, how is the situation now?

 

[SSS]

Thanks for the follow up.

The virus is gone.

The previous sound at the start up, is gone. (Described above, as an error sound. I used the word "booom" above to describe the sound.)

You have solved it all.

Thanks.

How much do I owe you?

 

[TwinHeadedEagle]

How much do I owe you?

It is up to you to decide, what is affordable to you, you do not have to donate anything if you can't. I volunteer my time, and if you want to show your appreciation, you can donate



Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

Recommended reading:
​

MUST READ - security tips:

• Computer Security - a short guide to staying safer online.
• Simple and easy ways to keep your computer safe and secure on the Internet

MUST READ - general maintenance:

• What to do if your Computer is running slowly?

The Importance of Software Updating:
​

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.​

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

• How to configure and use Automatic Updates in Windows
• How to update Java
• How to update Adobe Reader

Recommended additional software:
​

TFC - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

CryptoPrevent - to secure yourself from very severe CryptoLocker infection.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

FiheHippo.com Update Checker - to keep your programs up-to-date.

Adblock - to surf the web without annoying ads!

Post-cleanup procedures:​

Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​

Stay safe,
TwinHeadedEagle