Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Recovering from FBI Moneypak fix

Posted on 2013-06-03
5
638 Views
Last Modified: 2013-11-22
I have fixed an FBI Moneypak virus Win 7 computer. I now have an error message upon startup that says:

"RegSvr32
The module
"C;\Users\xxx\AppData\Local\W...\jdwyxubx.dll"
failed to load.

Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files.

The specified module could not be found."

I click "ok" and it then behaves.

However, I followed the path shown, and the only "W" item was Webex. Within Webex was a text file of the name jdwyxubx.txt. I tried renaming it to ....dll, but that didn't do anything.

I looked to see if I could uninstall Webex, or remove it from startup items, or disable it in msconfig, but none of those are options.

Anyone have any ideas? PS this only happens on the user name that was infected with FBI.

Thank you.

PPS Roguekiller, ESET online scanner, ESET NOD32, MWB have all been run and show clean.
0
Comment
Question by:Bruce Corson
5 Comments
 
LVL 1

Accepted Solution

by:
c08ra earned 500 total points
ID: 39217843
They may be located in the registry startup area
click on the windows key +r   or click start and in the search box type regedit   ----  enter
open the program and click yes to allow it to run.

Click on file then export to save a backup first then.....

Check these locations for entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

just delete the entry contents, if it goes wrong just double click on the saved backup to revert back to original registry entries
Hope this helps
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 39218034
Try autoruns it will detect if a file is being accessed on startup and allow you to delete the reference to it ( it will say file not found next to the entry).  Once you have done this I strongly suggest booting to safe mode with networking and running chameleon by Malwarebytes.  In the Malwarebytes/tools directory look for svchost.exe, this is really chameleon which will run killing any rogue processes (in case any are left) then it will update MBAM and run a scan.

Between those 2 steps you should have the problem cleaned up.  Afterward I would reinstall webex.
0
 
LVL 92

Expert Comment

by:nobus
ID: 39218171
you can also make a new user account to fix it
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 39218677
I would back tzucker's comment above and suggest you to follow it.

Get a copy of Autoruns from Microsoft and search for the "DLL"

Download:
http://download.sysinternals.com/Files/Autoruns.zip

Info:
http://technet.microsoft.com/en-us/sysinternals/bb963902

Remove it once found, or else if you face any difficulty working with the autoruns then you could just save the autorun entries of you system and post it here. To save the autorun entries do the following:
Click --> File --> Save.
File Name "filename.arn" (filename could be any name)
Save as type AutoRuns Data (*.arn) --> This is important while saving.

You might want to zip the arn file before posting it here for further analysis.

Sudeep
0
 
LVL 1

Author Closing Comment

by:Bruce Corson
ID: 39219845
This did it! Thanks very much.

For future people reading this solution, in case it isn't clear, the "entries" you are looking for are references to (in this case) Webex. Found that in one place, deleted it, and all's well now.

Thank you.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Norton antivirus 11 87
Avast install stuck on virtual machine 3 221
how can I resolve popup issues with Microsoft Edge? 9 105
Is my window10 Safe? after a malware removed by AV? 5 88
Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question