Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Very badly infected with a virus. Safe mode won't work.
New Posts  All Forums:Forum Nav:

Very badly infected with a virus. Safe mode won't work.

post #1 of 12
Thread Starter 
I just contracted the FBI Moneypak virus and it's rendered my Windows XP PC unusable. I can't boot into safe mode (Including normal, networking, and command prompt) as every window and the desktop itself disappear within seconds. I entered explorer.exe into command prompt and I could see the desktop for a brief moment but then it vanished along with the cmd window.

I have a copy of Hirens Boot Disk and I managed to delete the .exe file in Appdata but it didn't help. I keep getting blank desktops and no start button. Task Manager refuses to work as well.

However, I can boot into Mini XP to delete/add files on the main XP installation, although I can't install any programs.
I've already deleted the files specified by the removal guides and nothing's helped.

What do I do?

Thank you for reading. smile.gif
Edited by frickfrock999 - 1/1/13 at 10:06am
post #2 of 12
Kiss XP goodbye? You could try one of the Anti virus live CDs or use a Linux boot with something like ClamAV to scan the XP drive but I don't know how well any of that will work.
     
CPUGraphicsRAMHard Drive
Core i3 2370M Intel HD3000M Elpida 4GB DDR3 1333 Toshiba 5400RPM 
Optical DriveOSOSOS
Generic DVDRW Kubuntu x64bit Win7 Home Premium 64bit Bodhi Linux 64bit 
Case
Acer Aspire TimelineX 4830T 
CPUMotherboardGraphicsRAM
AthlonIIX4 640 3.62GHz (250x14.5) 2.5GHz NB Asus M4A785TD-M EVO MSI GTX275 (Stock 666) 8GBs of GSkill 1600 
RAMHard DriveHard DriveHard Drive
4GBs of Adata 1333 Kingston HyperX 3k 120GB WD Caviar Black 500GB Hitachi Deskstar 1TB 
Optical DriveCoolingOSOS
LG 8X BDR (WHL08S20) Cooler Master Hyper 212+ Kubuntu x64 Windows 7 x64 
OSMonitorPowerCase
Bodhi Linux x64 Acer G215H (1920x1080) Seasonic 520 HAF912 
CPUMotherboardGraphicsRAM
N450 1.8GHz AC and 1.66GHz batt ASUS proprietary for 1001P GMA3150 (can play bluray now!?) 1GB DDR2 
Hard DriveOptical DriveOSOS
160GB LGLHDLBDRE32X Bodhi Linux Fedora LXDE 
OSOSMonitorKeyboard
Kubuntu SLAX 1280x600 + Dell 15inch Excellent! 
PowerCase
6 cells=6-12hrs and a charger 1001P MU17 Black 
  hide details  
Reply
     
CPUGraphicsRAMHard Drive
Core i3 2370M Intel HD3000M Elpida 4GB DDR3 1333 Toshiba 5400RPM 
Optical DriveOSOSOS
Generic DVDRW Kubuntu x64bit Win7 Home Premium 64bit Bodhi Linux 64bit 
Case
Acer Aspire TimelineX 4830T 
CPUMotherboardGraphicsRAM
AthlonIIX4 640 3.62GHz (250x14.5) 2.5GHz NB Asus M4A785TD-M EVO MSI GTX275 (Stock 666) 8GBs of GSkill 1600 
RAMHard DriveHard DriveHard Drive
4GBs of Adata 1333 Kingston HyperX 3k 120GB WD Caviar Black 500GB Hitachi Deskstar 1TB 
Optical DriveCoolingOSOS
LG 8X BDR (WHL08S20) Cooler Master Hyper 212+ Kubuntu x64 Windows 7 x64 
OSMonitorPowerCase
Bodhi Linux x64 Acer G215H (1920x1080) Seasonic 520 HAF912 
CPUMotherboardGraphicsRAM
N450 1.8GHz AC and 1.66GHz batt ASUS proprietary for 1001P GMA3150 (can play bluray now!?) 1GB DDR2 
Hard DriveOptical DriveOSOS
160GB LGLHDLBDRE32X Bodhi Linux Fedora LXDE 
OSOSMonitorKeyboard
Kubuntu SLAX 1280x600 + Dell 15inch Excellent! 
PowerCase
6 cells=6-12hrs and a charger 1001P MU17 Black 
  hide details  
Reply
post #3 of 12
Reverse engineer virus, find the virus maker, go to his and make him pay for a new computer.

Or just format bro.
    
CPUMotherboardGraphicsRAM
Core i7 920 4ghz 1.25v Evga Classified E760/E762 Evga Gtx 480 + Galaxy GTX 480 SLI 6GB Corsair Dominator GT 1600mhz 
Hard DriveOSMonitorKeyboard
Crucial C300 256Gb, Samsung 7200rpm 320gb, 2x W... Windows 7 64-bit Home premium Dell U2410 1920x1200 Wireless Logitech 
PowerCaseMouseMouse Pad
Antec Quatro 1200w Corsair 800D Razer Death Adder Office Depot thingy 
AudioAudio
Asus Xonar STX Sennheiser HD555's 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core i7 920 4ghz 1.25v Evga Classified E760/E762 Evga Gtx 480 + Galaxy GTX 480 SLI 6GB Corsair Dominator GT 1600mhz 
Hard DriveOSMonitorKeyboard
Crucial C300 256Gb, Samsung 7200rpm 320gb, 2x W... Windows 7 64-bit Home premium Dell U2410 1920x1200 Wireless Logitech 
PowerCaseMouseMouse Pad
Antec Quatro 1200w Corsair 800D Razer Death Adder Office Depot thingy 
AudioAudio
Asus Xonar STX Sennheiser HD555's 
  hide details  
Reply
post #4 of 12
take the hard drive out and use another computer to run malwarebytes on it. Safe mode should work then, and then run a slew of other fixes.

google "bleeping computer fbi" without quotes.

see: http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

one of my users had this problem. Malwarebytes can get your safe mode working again.
 
Work Rig
(11 items)
 
 
CPUMotherboardGraphicsRAM
i7-2700k @ 4.6GHz  Asus P8Z68-V/Gen3 Galaxy Ref 670 + EK 670 Copper G.Skill Ripjaws 16GB 
Hard DriveCoolingCoolingOS
Crucial M4 128GB + 1TB F3 + 2x 640GB Black RAID0 H220 + 2x GT AP-15 Alphacool ST30 + PWM Helix push/pull Windows 7 Ultimate x64 
KeyboardPowerCaseMouse
Filco Tactile Click Cooler Master V1000 600T SE Roccat Kone XTD 
Mouse Pad
Steel Series 9HD 
CPUMotherboardGraphicsRAM
i7 950 Rampage III Gene 2x EVGA GTX 680 SLI 24gb HyperX 
Hard DriveCoolingOSMonitor
960GB Crucial M500 Intel Stock Windows 7 64bit Enterprise HP ZR2440w + Z24i 
KeyboardPowerCase
Ducky Brown Antec TP-750 Antec Sonata 
  hide details  
Reply
 
Work Rig
(11 items)
 
 
CPUMotherboardGraphicsRAM
i7-2700k @ 4.6GHz  Asus P8Z68-V/Gen3 Galaxy Ref 670 + EK 670 Copper G.Skill Ripjaws 16GB 
Hard DriveCoolingCoolingOS
Crucial M4 128GB + 1TB F3 + 2x 640GB Black RAID0 H220 + 2x GT AP-15 Alphacool ST30 + PWM Helix push/pull Windows 7 Ultimate x64 
KeyboardPowerCaseMouse
Filco Tactile Click Cooler Master V1000 600T SE Roccat Kone XTD 
Mouse Pad
Steel Series 9HD 
CPUMotherboardGraphicsRAM
i7 950 Rampage III Gene 2x EVGA GTX 680 SLI 24gb HyperX 
Hard DriveCoolingOSMonitor
960GB Crucial M500 Intel Stock Windows 7 64bit Enterprise HP ZR2440w + Z24i 
KeyboardPowerCase
Ducky Brown Antec TP-750 Antec Sonata 
  hide details  
Reply
post #5 of 12
Quote:
Originally Posted by Willanhanyard View Post

Reverse engineer virus, find the virus maker, go to his and make him pay for a new computer.
Or just format bro.
QFT

Wipe the slate clean. Theres no salvaging something like that as far as I'm concerned. Unless youre some computer security whiz, do you really want to run the risk of that virus staying there, doing god knows what?

Hope you had backed up anything super important.
    
CPUMotherboardGraphicsRAM
3570k Gigabyte z77x-ud3h MSI 7850 Kingston HyperX Blu 
Hard DriveHard DriveHard DriveOptical Drive
OCZ Vertex 4  Western Digital 2500YS Seagate Barracuda Samsung DVD/RW 
CoolingOSPowerCase
CoolerMaster 212 evo Windows 7 Ultimate XION PowerReal 600W NZXT Nemesis Elite 
MouseMouse PadAudio
MX518 MicroCenter $1 Mousepad Soundblaster Audigy 2 ZS 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
3570k Gigabyte z77x-ud3h MSI 7850 Kingston HyperX Blu 
Hard DriveHard DriveHard DriveOptical Drive
OCZ Vertex 4  Western Digital 2500YS Seagate Barracuda Samsung DVD/RW 
CoolingOSPowerCase
CoolerMaster 212 evo Windows 7 Ultimate XION PowerReal 600W NZXT Nemesis Elite 
MouseMouse PadAudio
MX518 MicroCenter $1 Mousepad Soundblaster Audigy 2 ZS 
  hide details  
Reply
post #6 of 12
Reformatting will be the fast way to get back up and running again
My Pc Rig
(49 photos)
 
CPUMotherboardGraphicsGraphics
Intel 3570k Z77 MSI-Mpower Motherboard XFX Double D 7950 Black Edition XFX Double D 7950 None Black Edition 
GraphicsRAMHard DriveHard Drive
Sapphire Vaper-X 7950 G.Skill Ripjaws 1333 16GB Western Digital 2TB Black Editon, 6 of Them Samsung 840 Pro  
Optical DriveCoolingOSMonitor
Samsung SH-B123 Blu-Ray Reader Corsair H100I Windows 7 Ultimate 64 Bit Samsung S27A350H 27inch LED  
MonitorKeyboardPowerCase
AOC 2436VW 24inch LCD Logitech K800 XFX Pro 1250W Black Edition Cooler Master HAF XM 
MouseMouse PadOtherOther
Logitech M600 Ron Jon Surf Mouse Pad National Zetro Furniture Desk National Leather Furniture Chair 
OtherOtherOther
Logitech Performance Mouse MX  APC Back-UPS RS 800 UPS X2 of them APC ES 550VA Battery Backup, 100V 
  hide details  
Reply
My Pc Rig
(49 photos)
 
CPUMotherboardGraphicsGraphics
Intel 3570k Z77 MSI-Mpower Motherboard XFX Double D 7950 Black Edition XFX Double D 7950 None Black Edition 
GraphicsRAMHard DriveHard Drive
Sapphire Vaper-X 7950 G.Skill Ripjaws 1333 16GB Western Digital 2TB Black Editon, 6 of Them Samsung 840 Pro  
Optical DriveCoolingOSMonitor
Samsung SH-B123 Blu-Ray Reader Corsair H100I Windows 7 Ultimate 64 Bit Samsung S27A350H 27inch LED  
MonitorKeyboardPowerCase
AOC 2436VW 24inch LCD Logitech K800 XFX Pro 1250W Black Edition Cooler Master HAF XM 
MouseMouse PadOtherOther
Logitech M600 Ron Jon Surf Mouse Pad National Zetro Furniture Desk National Leather Furniture Chair 
OtherOtherOther
Logitech Performance Mouse MX  APC Back-UPS RS 800 UPS X2 of them APC ES 550VA Battery Backup, 100V 
  hide details  
Reply
post #7 of 12
Cry.

On a serious note, upon research this seems like a hell of a tricky virus. It seems more than able to remove AV's when they try to attack it.. Are there many important files on the infected PC? I'd probably just bite the bullet, take any important files and move those to a clean HDD (to ensure nothing from the virus is attatched to the files) and totally clean them with multiple anti-virus' to ensure that they're safe and reformat.
post #8 of 12
Download Avast and install it update the program and then run a boot time virus scan,
When it finds something read and press the appropriate number for the removal,

And if that does not fix it sorry its time to reformat.
RIG 1
(16 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX 8350 ASUS CH-V 990FX Asus GTX 680 G-SKILL F3-14900 SNIPER 
Hard DriveHard DriveOptical DriveCooling
Samsung 840 Pro WD Black² PIONEER BDR-205 XSPC Raystorm 
OSMonitorKeyboardPower
WIN 8.1 MCE Nec 421 MX5500 DARK POWER PRO 1200 
CaseMouseMouse PadAudio
CoolerMaster Cosmos II REVO DIRTY ASUS HDAV 1.3 Deluxe 
  hide details  
Reply
RIG 1
(16 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX 8350 ASUS CH-V 990FX Asus GTX 680 G-SKILL F3-14900 SNIPER 
Hard DriveHard DriveOptical DriveCooling
Samsung 840 Pro WD Black² PIONEER BDR-205 XSPC Raystorm 
OSMonitorKeyboardPower
WIN 8.1 MCE Nec 421 MX5500 DARK POWER PRO 1200 
CaseMouseMouse PadAudio
CoolerMaster Cosmos II REVO DIRTY ASUS HDAV 1.3 Deluxe 
  hide details  
Reply
post #9 of 12
Im going to say that scanning the drive with Malwarebytes from another comoputer or the Kaspersky Rescue Disk are your best bets.
Those are the only 2 things Ive had consistent results with at work.
The Mule V3.8
(13 items)
 
Dell Mini Mule
(9 items)
 
 
CPUMotherboardGraphicsRAM
i7 3770k ASUS Maximus V Gene EVGA GTX780 SC 8GB (2x4) Mushkin Enhanced Blackline 1866 
Hard DriveCoolingOSMonitor
120GiggleByte Samsung 840, 1TByte WD Caviar Black Antec Khuler 920 w/ 2 Rosewill Hyperboreas Windows 8 Pro Dell UltraSharp U2412M (Primary), Hanns-G HL227... 
KeyboardPowerCaseMouse
CoolerMaster Storm Trigger(MXRed) Seasonic M12II 620W Silverstone TJ08B-E Logitech Performance Mouse MX 
Audio
2 x PolkAudio M10, Onboard :( , Polk, PSW-10 Sub 
CPUMotherboardGraphicsRAM
i5 3337U 1.8GHz Dell H77 SomethingOrOther Intel HD4000 6GB DDR3 1600 
Hard DriveOptical DriveCoolingOS
64GB Mushkin MSATA SSD(OS), 1TB WD Black(Data) NOPE Pitiful Windows 7 Pro 
Monitor
13" 1366 x 768 TFT Trash  
  hide details  
Reply
The Mule V3.8
(13 items)
 
Dell Mini Mule
(9 items)
 
 
CPUMotherboardGraphicsRAM
i7 3770k ASUS Maximus V Gene EVGA GTX780 SC 8GB (2x4) Mushkin Enhanced Blackline 1866 
Hard DriveCoolingOSMonitor
120GiggleByte Samsung 840, 1TByte WD Caviar Black Antec Khuler 920 w/ 2 Rosewill Hyperboreas Windows 8 Pro Dell UltraSharp U2412M (Primary), Hanns-G HL227... 
KeyboardPowerCaseMouse
CoolerMaster Storm Trigger(MXRed) Seasonic M12II 620W Silverstone TJ08B-E Logitech Performance Mouse MX 
Audio
2 x PolkAudio M10, Onboard :( , Polk, PSW-10 Sub 
CPUMotherboardGraphicsRAM
i5 3337U 1.8GHz Dell H77 SomethingOrOther Intel HD4000 6GB DDR3 1600 
Hard DriveOptical DriveCoolingOS
64GB Mushkin MSATA SSD(OS), 1TB WD Black(Data) NOPE Pitiful Windows 7 Pro 
Monitor
13" 1366 x 768 TFT Trash  
  hide details  
Reply
post #10 of 12
Quote:
Originally Posted by kmac20 View Post

QFT
Wipe the slate clean. Theres no salvaging something like that as far as I'm concerned. Unless youre some computer security whiz, do you really want to run the risk of that virus staying there, doing god knows what?
Hope you had backed up anything super important.

This. I would not even waste my time trying to clean it. If anything. Live Linux boot, attach hard drive/thumb get anything you might not have backed up and wipe.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Operating Systems
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Very badly infected with a virus. Safe mode won't work.