The original version of this page can be found at : http://forum.bullguard.com/forum/10/Advanced-version-of-moneypak-v_95049.html
Posted By : joe3321 - 1/28/2013 6:09 AM
Hi, i contracted the moneypak virus while surfing the web. I've seen this virus before and was able to remove it from a friends laptop with some avira anti-virus software, but this one i just got on my desktop is much more difficult.
 
Ok so to launch in -- I'm using a custom built desktop with windows XP operating system. Originally this virus attached itself to explorer.exe and if not terminated via task manager it would sieze my system (in both normal and safe mode), this took approximately 5 seconds and was difficult to thwart. I looked online on how to get rid of the virus unfortunately all the remedies have been comprimised: cant get online help (blocked), cant install antivirus software (its got something hogging memory that wont allow various anti-virus software to be launched each with thier own unique error), i cant do a system restore (says it cant be performed safely, restart system), and cant launch the antivirus software from flashdrive.
 
I've tried closing down all my task manager process trees but i think the virus stuck itself in something that cant be closed like system_idle.exe. anyways im really stumped as to what to try next, i've got very limited functionality in both normal and safe mode (can use like windows explorer and search functions, but its as if theres some kind of intentional logic loop tieing up tons of system resources).
 
Would love an experienced helping hand. Thanks.

Posted By : Andreea-Luciana Ostache - 2/1/2013 3:32 AM
As long as you can still access windows explorer, then you need to search for and remove:

<random>.exe
Look in
C:\Windows\Temp
and
C:\DOCUMENTS AND SETTINGS\<This folder should have your Windows Account name>\LOCAL SETTINGS\Temp for this random letters and/or numbers executable.

ctfmon.lnk
Look in C:\Documents and Settings\<This folder should have your Windows Account name>\Start Menu\Programs\Startup

If you find them and remove them, you should be able to get the computer in a state in which you can continue with a scan to remove the rest of the infection.

Cheers!


Andreea-Luciana Ostache
Senior Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 12

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

-->