Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
NSA MoneyPack Virus: Kopersksy Will Not Work
Message
<blockquote data-quote="scotty" data-source="post: 135919" data-attributes="member: 12798"><p>Yes, I did run TDSSkiller but could not find the log to post--it ran successfully. I also ran ADWCleaner and RogueKiller and logs are posted below.</p><p></p><p> # AdwCleaner v3.004 - Report created 17/09/2013 at 20:27:46</p><p># Updated 15/09/2013 by Xplode</p><p># Operating System : Microsoft Windows XP Service Pack 3 (32 bits)</p><p># Username : Scott & Shannon - DESKTOP</p><p># Running from : C:\Documents and Settings\Scott & Shannon\Desktop\AdwCleaner.exe</p><p># Option : Clean</p><p></p><p>***** [ Services ] *****</p><p></p><p></p><p>***** [ Files / Folders ] *****</p><p></p><p>Folder Deleted : C:\Program Files\RewardsArcade </p><p>Folder Deleted : C:\Program Files\Viewpoint</p><p>Folder Deleted : C:\Program Files\WinZip Registry Optimizer</p><p>Folder Deleted : C:\Program Files\Common Files\ParetoLogic</p><p>Folder Deleted : C:\Documents and Settings\Scott & Shannon\Local Settings\Application Data\RewardsArcade </p><p>Folder Deleted : C:\Documents and Settings\Scott & Shannon\Application Data\DriverCure</p><p>Folder Deleted : C:\Documents and Settings\Scott & Shannon\Application Data\HELPER</p><p>Folder Deleted : C:\Documents and Settings\Scott & Shannon\Application Data\PriceGong</p><p></p><p>***** [ Shortcuts ] *****</p><p></p><p></p><p>***** [ Registry ] *****</p><p></p><p>Key Deleted : HKCU\Software\YahooPartnerToolbar</p><p>Key Deleted : HKLM\Software\Uniblue\DriverScanner</p><p>Key Deleted : HKLM\Software\Uniblue\SpeedUpMyPC</p><p></p><p>***** [ Browsers ] *****</p><p></p><p>-\\ Internet Explorer v8.0.6001.18702</p><p></p><p></p><p>*************************</p><p></p><p>AdwCleaner[R0].txt - [1511 octets] - [17/09/2013 20:16:48]</p><p>AdwCleaner[S0].txt - [1323 octets] - [17/09/2013 20:27:46]</p><p></p><p>########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1383 octets] ##########</p><p></p><p><strong>AND HERE IS THE ROGUEKILLER REPORT:</strong></p><p></p><p>RogueKiller V8.6.11 [Sep 11 2013] by Tigzy</p><p>mail : tigzyRK<at>gmail<dot>com</p><p>Feedback : http://www.adlice.com/forum/</p><p>Website : http://www.adlice.com/softwares/roguekiller/</p><p>Blog : http://tigzyrk.blogspot.com/</p><p></p><p>Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version</p><p>Started in : Normal mode</p><p>User : Scott & Shannon [Admin rights]</p><p>Mode : Remove -- Date : 09/17/2013 21:46:23</p><p>| ARK || FAK || MBR |</p><p></p><p>¤¤¤ Bad processes : 0 ¤¤¤</p><p></p><p>¤¤¤ Registry Entries : 0 ¤¤¤</p><p></p><p>¤¤¤ Scheduled tasks : 0 ¤¤¤</p><p></p><p>¤¤¤ Startup Entries : 0 ¤¤¤</p><p></p><p>¤¤¤ Web browsers : 0 ¤¤¤</p><p></p><p>¤¤¤ Particular Files / Folders: ¤¤¤</p><p></p><p>¤¤¤ Driver : [LOADED] ¤¤¤</p><p></p><p>¤¤¤ External Hives: ¤¤¤</p><p></p><p>¤¤¤ Infection : ¤¤¤</p><p></p><p>¤¤¤ HOSTS File: ¤¤¤</p><p>--> %SystemRoot%\System32\drivers\etc\hosts</p><p></p><p></p><p>127.0.0.1 localhost</p><p></p><p></p><p>¤¤¤ MBR Check: ¤¤¤</p><p></p><p>+++++ PhysicalDrive0: SAMSUNG HD160JJ/P +++++</p><p>--- User ---</p><p>[MBR] 74fc93d00b624a82f421f6da88fc3d95</p><p>[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code</p><p>Partition table:</p><p>0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo</p><p>1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 111192 Mo</p><p>2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 227801700 | Size: 38130 Mo</p><p>3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 305893665 | Size: 3223 Mo</p><p>User = LL1 ... OK!</p><p>User = LL2 ... OK!</p><p></p><p>+++++ PhysicalDrive1: SAMSUNG HD160JJ/P +++++</p><p>--- User ---</p><p>[MBR] 501e0d6900b18b534a9fcc91650fc670</p><p>[BSP] d17cd76fdfd3323b5fe85b518ea94d94 : Windows XP MBR Code</p><p>Partition table:</p><p>0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953198 Mo</p><p>User = LL1 ... OK!</p><p>Error reading LL2 MBR!</p><p></p><p>Finished : << RKreport[0]_D_09172013_214623.txt >></p><p>RKreport[0]_D_09172013_213357.txt;RKreport[0]_S_09172013_212744.txt;RKreport[0]_S_09172013_214600.txt</p><p></p><p></p><p></p><p></p><p></p><p></p><p>Hi,</p><p></p><p>did you run the TDSSKiller tool? We are not quite done yet, as there could be more malware on your PC.</p><p></p><p>Please download <a href="http://www.bleepingcomputer.com/download/adwcleaner/" target="_blank">AdwCleaner</a> by Xplode onto your desktop.</p><ul> <li data-xf-list-type="ul">Close all open programs and internet browsers.</li> <li data-xf-list-type="ul">Double click on<strong> AdwCleaner.exe</strong> to run the tool(For Vista or Windows 7, right-click and select <strong>Run as Administrator to start</strong>)</li> <li data-xf-list-type="ul">Click<strong> delete</strong></li> <li data-xf-list-type="ul">Please post the content of that logfile with your next reply.</li> <li data-xf-list-type="ul">You can find the logfile at <strong>C:\AdwCleaner[S1].txt</strong></li> </ul><p></p><p>Download & SAVE to your Desktop RogueKiller or from <a href="http://www.bleepingcomputer.com/download/roguekiller/" target="_blank">here</a></p><ul> <li data-xf-list-type="ul">Quit all programs that you may have started.</li> <li data-xf-list-type="ul">Please disconnect any USB or external drives from the computer before you run this scan!</li> <li data-xf-list-type="ul">For Vista or Windows 7, right-click and select <strong>Run as Administrator to start</strong></li> <li data-xf-list-type="ul">Wait until Prescan has finished, then click on<strong> "Scan" </strong>button</li> <li data-xf-list-type="ul">Wait until the Status box shows "Scan Finished"</li> <li data-xf-list-type="ul">Click <strong> delete</strong> and wait until it saids <strong>deleting finished</strong></li> <li data-xf-list-type="ul">Click on<strong> "Report"</strong> and copy/paste the content of the Notepad into your next reply.</li> <li data-xf-list-type="ul">The log should be found in RKreport[1].txt on your Desktop<br /> Exit/Close RogueKiller+</li> </ul></blockquote><p>[/QUOTE]</p>
[QUOTE="scotty, post: 135919, member: 12798"] Yes, I did run TDSSkiller but could not find the log to post--it ran successfully. I also ran ADWCleaner and RogueKiller and logs are posted below. # AdwCleaner v3.004 - Report created 17/09/2013 at 20:27:46 # Updated 15/09/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Scott & Shannon - DESKTOP # Running from : C:\Documents and Settings\Scott & Shannon\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\RewardsArcade Folder Deleted : C:\Program Files\Viewpoint Folder Deleted : C:\Program Files\WinZip Registry Optimizer Folder Deleted : C:\Program Files\Common Files\ParetoLogic Folder Deleted : C:\Documents and Settings\Scott & Shannon\Local Settings\Application Data\RewardsArcade Folder Deleted : C:\Documents and Settings\Scott & Shannon\Application Data\DriverCure Folder Deleted : C:\Documents and Settings\Scott & Shannon\Application Data\HELPER Folder Deleted : C:\Documents and Settings\Scott & Shannon\Application Data\PriceGong ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\Uniblue\DriverScanner Key Deleted : HKLM\Software\Uniblue\SpeedUpMyPC ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 ************************* AdwCleaner[R0].txt - [1511 octets] - [17/09/2013 20:16:48] AdwCleaner[S0].txt - [1323 octets] - [17/09/2013 20:27:46] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1383 octets] ########## [b]AND HERE IS THE ROGUEKILLER REPORT:[/b] RogueKiller V8.6.11 [Sep 11 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Scott & Shannon [Admin rights] Mode : Remove -- Date : 09/17/2013 21:46:23 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD160JJ/P +++++ --- User --- [MBR] 74fc93d00b624a82f421f6da88fc3d95 [BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 111192 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 227801700 | Size: 38130 Mo 3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 305893665 | Size: 3223 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG HD160JJ/P +++++ --- User --- [MBR] 501e0d6900b18b534a9fcc91650fc670 [BSP] d17cd76fdfd3323b5fe85b518ea94d94 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953198 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_D_09172013_214623.txt >> RKreport[0]_D_09172013_213357.txt;RKreport[0]_S_09172013_212744.txt;RKreport[0]_S_09172013_214600.txt Hi, did you run the TDSSKiller tool? We are not quite done yet, as there could be more malware on your PC. Please download [url=http://www.bleepingcomputer.com/download/adwcleaner/]AdwCleaner[/url] by Xplode onto your desktop. [list] [*]Close all open programs and internet browsers. [*]Double click on[b] AdwCleaner.exe[/b] to run the tool(For Vista or Windows 7, right-click and select [b]Run as Administrator to start[/b]) [*]Click[b] delete[/b] [*]Please post the content of that logfile with your next reply. [*]You can find the logfile at [b]C:\AdwCleaner[S1].txt[/b] [/list] Download & SAVE to your Desktop RogueKiller or from [url=http://www.bleepingcomputer.com/download/roguekiller/]here[/url] [list] [*]Quit all programs that you may have started. [*]Please disconnect any USB or external drives from the computer before you run this scan! [*]For Vista or Windows 7, right-click and select [b]Run as Administrator to start[/b] [*]Wait until Prescan has finished, then click on[b] "Scan" [/b]button [*]Wait until the Status box shows "Scan Finished" [*]Click [b] delete[/b] and wait until it saids [b]deleting finished[/b] [*]Click on[b] "Report"[/b] and copy/paste the content of the Notepad into your next reply. [*]The log should be found in RKreport[1].txt on your Desktop Exit/Close RogueKiller+ [/list] [/quote] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
