It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

Advanced version of moneypak virus, need some high-level help please

Posted 1/28/2013 4:09 AM
#95049
User avatar

joe3321 Member

Date Joined Nov 2016
Total Posts: 1
Hi, i contracted the moneypak virus while surfing the web. I've seen this virus before and was able to remove it from a friends laptop with some avira anti-virus software, but this one i just got on my desktop is much more difficult. <br/> <br/> <br/>Ok so to launch in -- I'm using a custom built desktop with windows XP operating system. Originally this virus attached itself to explorer.exe and if not terminated via task manager it would sieze my system (in both normal and safe mode), this took approximately 5 seconds and was difficult to thwart. I looked online on how to get rid of the virus unfortunately all the remedies have been comprimised: cant get online help (blocked), cant install antivirus software (its got something hogging memory that wont allow various anti-virus software to be launched each with thier own unique error), i cant do a system restore (says it cant be performed safely, restart system), and cant launch the antivirus software from flashdrive. <br/> <br/> <br/> <br/>I've tried closing down all my task manager process trees but i think the virus stuck itself in something that cant be closed like system_idle.exe. anyways im really stumped as to what to try next, i've got very limited functionality in both normal and safe mode (can use like windows explorer and search functions, but its as if theres some kind of intentional logic loop tieing up tons of system resources). <br/> <br/> <br/> <br/>Would love an experienced helping hand. Thanks.
Posted 2/1/2013 1:32 AM
#95065
User avatar

Advanced member

As long as you can still access windows explorer, then you need to search for and remove: <br/> <br/><random>.exe <br/>Look in <br/>C:\Windows\Temp <br/>and <br/>C:\DOCUMENTS AND SETTINGS\<This folder should have your Windows Account name>\LOCAL SETTINGS\Temp for this random letters and/or numbers executable. <br/> <br/>ctfmon.lnk <br/>Look in C:\Documents and Settings\<This folder should have your Windows Account name>\Start Menu\Programs\Startup <br/> <br/>If you find them and remove them, you should be able to get the computer in a state in which you can continue with a scan to remove the rest of the infection. <br/> <br/>Cheers!
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, December 4, 2016, 7:02 AM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 3 new threads and 4 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.