Jump to content

Moneypak Virus


Recommended Posts

Hello puglord and welcome to Malwarebytes!

Please do the following:

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

HKU\Leah\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Leah\AppData\Local\Temp\vcbgpxyklyymyvnue.exe [57856 2013-06-19] (Mozilla Foundation)

HKU\Leah\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION

HKU\Leah\...\Command Processor: "C:\Users\Leah\AppData\Local\Temp\vcbgpxyklyymyvnue.exe" <===== ATTENTION!

2013-06-19 20:14 - 2013-06-19 20:14 - 01328131 ____A C:\ProgramData\Application Data\2433f433

2013-06-19 20:14 - 2013-06-19 20:14 - 01328131 ____A C:\ProgramData\2433f433

2013-06-19 20:14 - 2013-06-19 20:14 - 01328130 ____A C:\Users\Leah\AppData\Roaming\2433f433

2013-06-19 20:14 - 2013-06-19 20:14 - 01328088 ____A C:\Users\Leah\AppData\Local\2433f433

2013-06-19 20:16 - 2012-03-30 14:03 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3954808119-543834664-2084127704-1000UA.job

2013-06-19 20:14 - 2013-06-19 20:14 - 01328131 ____A C:\ProgramData\Application Data\2433f433

2013-06-19 20:14 - 2013-06-19 20:14 - 01328131 ____A C:\ProgramData\2433f433

2013-06-19 20:14 - 2013-06-19 20:14 - 01328130 ____A C:\Users\Leah\AppData\Roaming\2433f433

2013-06-19 20:14 - 2013-06-19 20:14 - 01328088 ____A C:\Users\Leah\AppData\Local\2433f433

2013-06-19 20:26 - 2012-03-30 14:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-19 21:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2018-11-18 02:27 - 2013-02-26 20:42 - 84851134 ____A C:\Users\Leah\Desktop\VID00047.AVI

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

 

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

Give this new fix a try:

HKU\Leah\...\Run: [Google Update] "C:\Users\Leah\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-31] (Google Inc.)

HKU\Leah\...\Run: [Facebook Update] "C:\Users\Leah\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)

HKU\Leah\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Leah\AppData\Local\Temp\vcbgpxyklyymyvnue.exe [57856 2013-06-19] (Mozilla Foundation)

HKU\Leah\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION

HKU\Leah\...\Command Processor: "C:\Users\Leah\AppData\Local\Temp\vcbgpxyklyymyvnue.exe" <===== ATTENTION!

HKLM-x32\...\Run: [] [x]

ShortcutTarget: Dropbox.lnk -> (No File)

2013-06-19 20:14 - 2013-06-19 20:14 - 01328131 ____A C:\ProgramData\Application Data\2433f433

2013-06-19 20:14 - 2013-06-19 20:14 - 01328131 ____A C:\ProgramData\2433f433

2013-06-19 20:14 - 2013-06-19 20:14 - 01328130 ____A C:\Users\Leah\AppData\Roaming\2433f433

2013-06-19 20:14 - 2013-06-19 20:14 - 01328088 ____A C:\Users\Leah\AppData\Local\2433f433

2013-06-12 13:51 - 2013-06-12 13:51 - 00400584 ____A () C:\Users\Leah\Downloads\setup (1).exe

2013-06-12 13:51 - 2013-06-12 13:51 - 00400584 ____A () C:\Users\Leah\Desktop\setup.exe

2018-11-18 02:27 - 2013-02-26 20:42 - 84851134 ____A C:\Users\Leah\Desktop\VID00047.AVI

2013-06-19 21:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-19 20:14 - 2013-06-19 20:14 - 01328131 ____A C:\ProgramData\Application Data\2433f433

2013-06-19 20:14 - 2013-06-19 20:14 - 01328131 ____A C:\ProgramData\2433f433

2013-06-19 20:14 - 2013-06-19 20:14 - 01328130 ____A C:\Users\Leah\AppData\Roaming\2433f433

2013-06-19 20:14 - 2013-06-19 20:14 - 01328088 ____A C:\Users\Leah\AppData\Local\2433f433

2013-06-19 20:26 - 2012-03-30 14:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-19 20:16 - 2012-03-30 14:03 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3954808119-543834664-2084127704-1000UA.job

2013-06-19 11:54 - 2012-05-07 21:20 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3954808119-543834664-2084127704-1000UA.job

2013-06-18 07:32 - 2012-03-30 14:03 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3954808119-543834664-2084127704-1000Core.job

2013-06-17 17:54 - 2012-05-07 21:20 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3954808119-543834664-2084127704-1000Core.job

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.