FBI Moneygram Virus - Computer Locked / Safe Mode not working at all

Superdave wrote:

Please run RogueKiller again and delete those items.

Okay I did that and am now running the scanner.

Misteretc wrote:

Superdave wrote:

Please run RogueKiller again and delete those items.

Okay I did that and am now running the scanner.

Also, please tell me how your computer is working.

Here's the report from the scanner...

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Ann [Admin rights]
Mode : Remove -- Date : 06/10/2013 19:02:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 5 ¤¤¤
[SUSP PATH] iexplore.exe -- C:\Documents and Settings\Ann\Desktop\iexplore.exe [7] -> KILLED [TermProc]
[SUSP PATH] iexplore.exe -- C:\Documents and Settings\Ann\Desktop\iexplore.exe [7] -> KILLED [TermThr]
[RESIDUE] iexplore.exe -- C:\Documents and Settings\Ann\Desktop\iexplore.exe [7] -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Documents and Settings\Ann\Desktop\iexplore.exe [7] -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Documents and Settings\Ann\Desktop\iexplore.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : SearchProtection (C:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat) [-] -> DELETED
[STARTUP][SUSP PATH] _uninst_71875972.lnk @Ann : C:\Documents and Settings\Ann\Local Settings\temp\_uninst_71875972.bat [x] -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP2004C +++++
--- User ---
[MBR] fdf36bf7cbf080ccf9e85efa4fef1b57
[BSP] 08ad4a436ea9c62a424bc2f87968e8be : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190771 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_06102013_02d1902.txt >>
RKreport[1]_S_06102013_02d1756.txt ; RKreport[2]_D_06102013_02d1902.txt

Superdave wrote:

Misteretc wrote:

Superdave wrote:

Please run RogueKiller again and delete those items.

Okay I did that and am now running the scanner.

Also, please tell me how your computer is working.

My computer is running much, much better now thanks.

Do I need to do anything else?

Misteretc wrote:

Do I need to do anything else?

Did you run the ESET scanner?

Yes, here were the results...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f36567a16cc78148b486ee3eb746938b
# engine=14043
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-11 12:06:02
# local_time=2013-06-10 08:06:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 16777214 0 2 78043935 78043935 0 0
# scanned=59153
# found=2
# cleaned=0
# scan_time=3597
sh=3D8010EC0AA8B40704319AC0DFF6DFA7C6052D34 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Ann\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\23\53d90297-526841de"
sh=225E89F5BE1828A4BEF854184FF816504F7451FC ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-2423.CR trojan" ac=I fn="C:\Documents and Settings\Ann\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\61\2ce3fe3d-3093e281"
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f36567a16cc78148b486ee3eb746938b
# engine=14043
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-11 05:38:48
# local_time=2013-06-11 01:38:48 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 16777214 0 2 78060301 78060301 0 0
# scanned=289615
# found=2
# cleaned=2
# scan_time=18697
sh=3D8010EC0AA8B40704319AC0DFF6DFA7C6052D34 ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Ann\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\23\53d90297-526841de"
sh=225E89F5BE1828A4BEF854184FF816504F7451FC ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-2423.CR trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Ann\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\61\2ce3fe3d-3093e281"

Ok, let's do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

***********************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*******************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
**************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Great, thanks!