FBI Moneypak Virus
Posted on 2012-12-27
A customer's computer has a particularly nasty version of the FBI Moneypak virus. I found a couple of recent questions relating to this virus, but they did not help. The OS is XP Pro SP3.
The Bleeping Computer article could not be used because when I try to get into Safe Mode, the computer reboots.
The Temp and Startup folders for the current user, All Users, Default User, and Administrator were all empty.
I could access all folders in the other computer, but when I reinstalled the disk in its own computer and booted from an installation disk to get to the repair console, the response was Access Denied whe I tried to get into the Documents and Settings folder or the Program Files folder.
Running Malwarebytes (Full Scan and for that drive) with the drive in another machine turned up nothing.
Bootcfg /rebuild (from the recovery console) had no effect.
Putting Rogue Killer in the startup directory did not work. I then tried The Killer in the same way. I saw the All Done, but the computer was still blocked.
I tried Emsisoft's command line scanner with the disk installed in the other computer. After 5 hours the report was that 537 items were found and removed. The situation did not change. The computer is still infected.
I do not see any unusual entries in Program files or My Documents.
Is there any hope for this installation? Where do I go from here?