FBI MoneyPak Virus on Intel iMac bootcamp winxp

I'm trying to use Kaspersky boot cd and/or hitmanpro on a usb stick to get rid of this. I cannot boot up into any safe mode variant because I'm on an Intel iMac (mid 2007) with my infected winxpro installed on the mac's bootcamp partition. My problem is I can't boot from either a a bootable cd or usb flash drive as the mac won't allow it. I can open a BartPE cd. Any help would be appreciated. Thanks.

 

I am running windows, xp pro. Thanks.

 

I disconnected from the internet. I got logged on and pressed ctrl+alt+del and was lucky to be able to click on shut down (took a few tries) and my windows desktop became visible with a few windows showing errors for programs not closing, etc.

First thing I did was go to start and Run and ran msconfig. I went to the startup tab and unchecked a81ftr3. It was at the bottom of the list.

Then I proceeded to the control panel and added another administrator user account, logged out and switched to that new user account. I am up and running.

I've updated AntiMalwarebytes program and am doing a full scan.

My problem was not being able to boot from a cd other than my BartPE dist I have Macrium Reflect on for backing up and restoring my win xp pro. I'm so low on disk space with my 32GB bootcamp partition that I turned off system restore since I had a backup. I was able to save some files when I was booted in mac from the bootcamp drive in case I had to restore from the backup.

I rarely use mac OS except to get online to find solutions to these sort of problems when my windows can't run. I was thinking of trying to boot from one of the many recovery disks you have listed, perhaps I could have been helped with the linux version you offered, even though that isn't windows.

I hope this helps somebody. Any more advice on how to proceed may be helpful. I follow your selfhelp guides. Thanks again.

 

I'm posting a clarification and corrected spelling. Can someone advise on how to contact an administrator? I was just past my editing time limit, hence this extra post. The "Contact Us" link didn't seem to provide a link for one.

Description of my virus attack:

I was locked out of my pc with a really scary ICE splash screen informing me I'm a criminal and wanting a payment of a fine for many possible fraudulent acts I had apparently indulged in. My research into this virus indicated it was a scam, however. I rest my case, in that regard.

I disconnected from the internet. I got logged on and pressed ctrl+alt+del and was lucky to be able to click on shut down (took a few tries) and my windows desktop became visible with a few windows showing errors for programs not closing, etc.

First thing I did was go to start and Run and ran msconfig. I went to the startup tab and unchecked a81ftr3. It was at the bottom of the list.

Then I proceeded to the control panel and added another administrator user account, logged out and switched to that new user account. I am up and running.

I've updated AntiMalwarebytes program and am doing a full scan.

My problem was not being able to boot from a cd other than my BartPE disk. I have Macrium Reflect on for backing up and restoring my win xp pro. I'm so low on disk space with my 32GB bootcamp partition that I turned off system restore since I had a backup. I was able to save some files when I was booted in mac from the bootcamp drive in case I had to restore from the backup.

I rarely use mac OS except to get online to find solutions to these sort of problems when my windows can't run. I was thinking of trying to boot from one of the many recovery disks you have linked, perhaps I could have been helped with the linux version you offered, even though that isn't windows.

The scan revealed 44 entries for removal, most optional. I have a log. I hope this helps somebody. Any more advice on how to proceed may be helpful.

 

Thank you for offering to help me further even though I'm running winxp pro on a mac and am unable to access bootable cd repair disks (other than a BartPE disc I created to backup and restore my drive with Macrium and Savepart) or USB flash drives when booting into winxp pro. I have no way of accessing a boot configuration via startup, only safemode variations when the computer is operational. This last infection did not allow me to do this and following other solutions I found after your decline to help I was lucky to be able to disable the virus as mentioned in my earlier posts of this thread.

I have no problems with running my computer now. However, I still see some files residing in this directory:

C:\Documents and Settings\All Users\Application Data

They are:
a81tfr3.bxx
a81tfr3.fvv
a81tfr3.reg

I finished running all the tools. My only concern is what the RKreport states:

[HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DLL][SUSP PATH] HKLM\[...]\CCSet\[...]\Parameters : ServiceDll (C:\DOCUME~1\ALLUSE~1\APPLIC~1\3rft18a.dss [x]) -> FOUND
[HJ DLL][SUSP PATH] HKLM\[...]\CS001\[...]\Parameters : ServiceDll (C:\DOCUME~1\ALLUSE~1\APPLIC~1\3rft18a.dss [x]) -> FOUND

I was able to get up and running when I was able to uncheck one of these in the startup.ini of my msconfig. Malwarebytes deleted the virus, but should I try to delete these files and reg. keys also? Unfortunately, I deleted the User Account I created to bypass the virus to run Malwarebytes repair and lost the log for that.

 

I ran rogue killer and this list came up. All items are checked for fixing, I'll wait for your reply.

 

I ran it and now more PUMs came up. Any need to fix these too? I've left Rogue Killer up and all the items are checked waiting for your response.

 

Please see attached RK log. I've not deleted these yet:

C:\Documents and Settings\All Users\Application Data\a81tfr3.bxx
C:\Documents and Settings\All Users\Application Data\a81tfr3.reg
C:\Documents and Settings\All Users\Application Data\a81tfr3.fvv

 

Now checkdisk occurs each time at startup when booting into winxp pro.


I removed hitman pro to attempt to correct this.

I deleted these files also.

C:\Documents and Settings\All Users\Application Data\a81tfr3.bxx
C:\Documents and Settings\All Users\Application Data\a81tfr3.reg
C:\Documents and Settings\All Users\Application Data\a81tfr3.fvv

 

I'd like to delete all the added files for this malware diagnosis. Anything I should save?

I see a period on the lower left bottom of the blue screen when it's finished checking the disk at startup, which takes about 18 minutes and doesn't report any errors. I noticed that period after installing and running Hitman Pro when that program ran on a startup. The "Hitman Pro" name doesn't showup after I unstalled it, but the period still arrives.

I appreciate all your help.

 

I ended up having an unresolvable system error. I believe I screwed up trying to do a repair of my registry with Glary's Utilities, which I'm not going to use again for that. I like CCleaner for it's junk hauling capabilities. I also tried a link you offered for repairing damaged OSs from the software forum utilizing my Win installation CD, but it didn't help in my case.

I ended up booting from a Bart PE disk with Macrium Reflect Free version which has saved me many times, using a backup from January of 2012, and restored the partition. Wow, so glad I had that backup. So easy to do. This is a backup I did directly from within XP Pro. The backup was of a partition that had been cleared with Spybot S&D, Malwarebytes, and defragged. It was a lean backup which gave me nearly 3 more GB of free space (for nearly 9GB) on my sparse 32BG fat32 partition. Next project is to convert this drive to NTFS and increase it's partition size. But I like it lean for the time it reduces doing backups and seems snappier in operation.

Thanks for all your help. I learned a bit from this experience.