FBI Money Pak Infection

What about normal mode?

FRST is of no use to us on Windows XP and it has to be run from a System Recovery Environment.

Do you know how to navigate around from DOS? Do you know how to change directories and delete files? If so, we may be able to get started that way.

This PC has multiple infections. Moneypak and also ZeroAccess.

The below files need to be deleted if you know how to do this from DOS.


C:\Documents and Settings\Administrator\Application Data\skype.ini
C:\Documents and Settings\Administrator\Local Settings\Application Data\267ec0ff-3d73-4df9-88b4-41b0074af7d1.crx
C:\Documents and Settings\Administrator\Application Data\vinims.dll
C:\Documents and Settings\Administrator\Application Data\sbtont.dll
C:\Documents and Settings\Administrator\Application Data\ndypcp.dll
c:\Windows\System32\consrv.dll
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

 

Okay then from the command prompt type the below command. Note the space after CD and make sure to include the closing \

cd C:\Documents and Settings\Administrator\Application Data\

Did the prompt in the window change to reflect that you are in the Application Data folder?

If the prompt changed to show you are in this folder then enter the below commands and note the space after del

del skype.ini
del *.dll

There is no space after the * It is one continuous *.dll and do not miss the period.
Did all of the above seem to work? Do not reboot, we have more to do from the command prompt first.