FBI Green Dot Moneypak Virus and GWRMDX.EXE - System Error

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by MWarren, Sep 12, 2012.

  1. MWarren

    MWarren Private E-2

    Subject: FBI Green Dot Moneypak Virus and GWRMDX.EXE - System Error

    Hi,


    This thread contains two issues:
    1) FBI Green Dot Moneypak Virus and
    2) GWRMDX.EXE - System Error

    I am attaching the logs to be reviewed for any further instructions or advice you can recommend on whether the virus removal was successful or not? At first it appears to me the issue may have been resolved, but the problem is while rebooting the computer on the system administrator profile I get the following pop-up message:

    GWRMDX.EXE - System Error

    The program can't start because AM18.dll is missing from your computer. Try reinstalling the program to fix this problem.

    Prior to following your Malware Removal instructions, I began to uninstall programs that did not have a "Publisher" in the Add/Remove thinking that they may have been the source of orgin of the virus. I started with uninstalling the Microsoft Greetings Workshop using Revo Uninstaller and/or the native Windows 7 Home Edition Add/Remove Programs. This program no longer appears in Add/Remove, but I keep getting this message. I do not get this message when using other log in profiles that do not have administrative access.

    I have researched the web and I do not even understand the reason why Microsoft originally installed Greetings Workshop with the OS that came with this HP computer. It can only function using "XP emulate mode" on the 7 PRO edition, where as this is HOME edition. This was the rational for attempting to uninstall this program thinking it was associated with Hallmark Greeting Cards and I had no interest in using this program.

    I would not know where to start in trying to reinstalling this program to fix this problem?

    Logs attached for analysis:

    1) RKreport[1].txt
    2) mbam-log-2012-09-12 (16-09-20).txt
    3) TDSSKiller.2.8.8.0_12.09.2012_16.48.31_log.txt
    4) HitmanPro_20120912_1707.log
    5) MGlogs.zip

    Thank you kindly for reviewing these logs and also advising what can be done to fix this System Error.
     

    Attached Files:

    MWarren, Sep 12, 2012
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Please also download MBRCheck to your desktop
    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )
     
    Kestrel13!, Sep 13, 2012
    #2
  3. MWarren

    MWarren Private E-2

    Hi,

    Attached is the log MBRCheck_09.14.12_13.27.35.txt for analysis as something was found.

    Thanks,


     

    Attached Files:

    MWarren, Sep 14, 2012
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Re run Hitman Pro and have it delete all it finds.

    Uninstall the below:

    • Search Toolbar

    What problems remain?
     
    Kestrel13!, Sep 14, 2012
    #4
  5. MWarren

    MWarren Private E-2

    Thank you as I believe all is well now after finding the Greetings Workshop CD and reinstalling, then removing this program there are no more System Error startup errors. I have uninstalled Search Toolbar and attaching the final logs from Hitman for analysis: HitmanPro_20120915_1707.log

    These two were deleted and I am not sure if they are remnants of Hallmark Greetings Workshop (because GREETINGSW2 looks similar)?

    1. IE4STNT.EXE

    C:\Users\Michelle\Documents\GREETINGSW2\INTERNET

    2. IE4STW95.EXE

    C:\Users\Michelle\Documents\GREETINGSW2\INTERNET


    If all looks good, can you inform me of the final steps to restore this computer back before having done all of the Malware detection steps for this forum? I was also wondering what your opinion is on Firewall programs to install in place of the Windows 7 native firewall? I never activated the Norton Internet Security that shipped with this HP computer ... I am also presuming that Windows Defender is good enough AntiVirus detection but that I really need to have something more than Windows Firewall.

    What do you think of Comodo Personal Firewall or is there a ratings guide of antivirus and firewall free programs?

    Thanks,:major





     
    MWarren, Sep 15, 2012
    #5
  6. MWarren

    MWarren Private E-2

    Sorry I forgot to attach the HitmanPro_20120915_1707.log for analysis

     

    Attached Files:

    MWarren, Sep 15, 2012
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You would be better off asking about this in the software forum. I stick with the Win 7 own firewall personally.

    Windows Defender is not an antivirus.

    OK, so onto final steps. :)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Kestrel13!, Sep 15, 2012
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds