moneypak kapersky failure

This is the second time this pc has had the moneypak. I managed to get rid of it once for the person but this time it's not turning out to be...easy?

At any rate, I believe I followed the the steps for using the rescue disk corectly by mounting it on a usb and running the object scan, etc. The pc prior to that would not boot into windows except when the ethernet was pulled or I used Last Known Good Configuration.

Before the rescue disk I had tried using Combofix/MalwareBytes/TDSSkiller/Roguekiller. Still I'd get the splash screen with a regular boot.

As with others, Safe Mode would just boot cycle which led me to try the Rescue Disk.

Every few boots now it's been running a checkdisk as well. That worries me.

Hopefully I'm just missing a remnant. Now, the first time I was trying this I'd not really followed the steps and just did the object scan without running the unlocker. The second time I ran it all but it didn't find much. So I did skip steps once if that helps. There were things it found in the first scan that looked bad but recommended not quarantining or deleting. Nothing the second time. I wonder that it doesn't recommend I scan C: although I'm sure I did my first run through.

Guess I should've come here first but this is the first time I've gotten stuck completely.

 

I'll try all that. I'm almost done getting the files together but keep in mind I'm not able to maintain the ethernet connection or I get the splash screen for moneypak. Normal boot and Last Known have the moneypak with ethernet in. Safe Modes don't boot. So I'm doing this offline.

So no updating of malwarebytes definitions, of which he has the paid version from my last foray. I don't know if any of the others like to update off the top of my head or if they're all current and don't need internet connections to run.

 

I don't know what to do on the malwarebytes part. The one that was there said it was corrupt. That was a Pro version. Then I installed the new one thinking it was just the database update as that was the link I used. It was a new install and it functions but its 57 days out of date. I don't see where to get an update file. Anyway, the out of date version finds nothing.

 

1. Roguekiller is eaten by AVG if it's enabled. Deleted as a virus. FYI
2. MGtools doesn't function off flash drive. Copied and pasted from flash. Running it extracts files but runs no batches. I see an command box flash by but just get a folder on C with lots of files.

 

View attachment RKreport[4]_S_11252012_02d2330.txt

View attachment hijackthis.log

View attachment HitmanPro_20121126_0004.log

View attachment TDSSKiller.2.8.15.0_25.11.2012_23.51.22_log.txt

it still has the moneypak screen if the ethernet is plugged in.

It won't boot to safe mode. It seems to halt at one of the AVG lines although I don't know if what is visual in a safe mode is a good indication of where the trouble is.

 

Correction, it will now boot normally to the desktop without a moneypak screen. It will not boot into safe mode of any kind however.

 

I get it but when you run the database updater both his pro version and my free one still say it's out of date. I just tried it on mine and after running it when I start Malwarebytes it says I'm 8 days out of date. Doesn't matter for me, I have an internet connection. Doesn't matter for him now, I got to the desktop with internet and updated it and ran it.

I said I copied and ran MGtools from the the drive. I just was saying I tried it off the flash first so you'd know what I had done possibly wrong. It creates a folder but doesn't seem to run any of the .exe in it on it's own. I'll look at the instructions again.

 

Redownloaded and ran MGtools on c: again. No batch files run. Just creates folder with files in it.

 

Yes, disabled until restart was the option i'd been using. It's either that or 10 minutes max as an option.

I can't get a command prompt. It opens for just a split second and closes again. I tried it through the accessories as well as trying a slash ipconfig to see if it would do anything. I don't think it's executing any commands. All I see is the path it's on when i do it a few times. c:\documents and settings\administrator.

 

Can't get a command prompt. It just flashes by.

 

The first part was no problems. The OTL kept asking if I want to make two files that don't exist when the scan completes and then I couldn't find them after I said yes. As I'm typing this message now I see it's giving me a notepad file for OTL.ext that I'm including. Took three or four tries for some reason.

Btw, it was tempting to check the "repair safe mode" or something similar but you didn't say to do that so I restrained myself.

 

Yes, and no. I went ahead and uninstalled AVG. It still doesn't want to boot into safe mode which has been an issue from the start. It will do a normal boot. This is the only apparent issue I can see.

1. Anything to do to fix Safe Mode?
2. Reinstall AVG? What other AV to use? It seems about as good as the others to me.

 

I think we touched on it before but cmd doesn't really work. Which is probably why MGtools isn't working either.

When i follow all your latest steps they appear to work fine but you don't get a log file. I searched for it. I assume it's probably going to show up in C: or the MGtools folder or desktop. It's not anywhere on C:

The windows fix program runs for awhile and I see no reason to think it didn't complete all the assigned tasks.

Start-Run-Cmd, just makes the dos box flash open and you can't do anything. similarly commands like ipconfig don't appear to execute either.

I found a post indicating combofix might work but I've refrained from trying it.

 

No, still no safe mode. Yes, AVG still not installed. Got file.

 

ok. He was going to check and see what OS he had for it. It's got XP on it but it's a Vista shipped machine. Cast off from his spouses travel agency. Figured we've probably run our course on it. Thanks for the help though.

 

I'm aware of that. I was thinking we've exhausted the possibilites other than system restore. Turns out system restore doesn't work. I can't see if there are any points as it won't run. I can't get to it just like I can't get to a dos prompt.

I just turned to it now after it was on all night and the message was that skype was out of system memory. It won't even let me click on My Computer. It's locked. Assuming it's not a hardware issue in there I just think we are wasting our time at this point. Reinstall. Don't you think? If he's got a vista disk the dell sticker with the key is on it. I could've done that 3 times over by now but I figured I'd save him from whatever he hasn't thought of backing up. He's got his email, pics and docs off it.

 

I guess I would only wonder if it's heading for a hardware issue. I have older stuff at work than his but this one is pretty old. The old Dells at work are the survivors. Plenty of the other pentium 4s didn't make it so long.

Well, he'll bring me a vista disk and I'll use the key it came with. He wants to double check it tomorrow for files and then I'll do a reinstall.

thanks a bunch.