essexboy
This showed up on Notepad after reboot.
essexboy
…But (here we go again!) after quick scan, second entry in Notepad is 09122012-204319
This does not show up on Desktop or in My Documents, and I cannot attach it here directly from Notepad :-[ :-X
…What am I doing wrong? and how to get it posted?
essexboy
Ran RogueKiller. Have three RK reports, attached hereto.
Still working on getting second OTL to you…it’s still on OTL, but no longer on Notepad. How can I get it attached here?
Here is a very good guide that will take care of this in minutes.
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware
As essexboy is already handling this issue then it is best left in his hands.
There is no forum rule that others cannot help. Bleepingcomputers is a top site for malware removal help. I have done exactly this on 25 computers and its removed it minutes rather then days of scanning with OTL. OTL is great and so is essexboy but if someone knows a faster more easier way then it should be provided. OTL is kinda old school and can be very tedious for a newbie. Emsidoft Emergency Kit can also be installed as a portable app.
Its well known that once you start recieving help from a malware specialist others need to butt out and let the specialist ( essexboy ) do there job.
Again I will say that if it’s a forum rule then it should be clearly stated as such and not assumed. Also if essexboy is the only one that can help then there should be a seperate section in the forum that only he can post in. No one knows everything. Especially essexboy. Ive been in the compueter business for 15 years and still don’t know everything. OTL is old school and takes help. The link I provided is an easier and more effective way. We are a community and in a community we all help each other. Thanks.
No offense to essexboy but if I can add more education then it should not be turned down or deleted. 2 days later and it’s still not done. I have provided several clients with this exact guide and within 25 minutes its fixed.
It’s not just about cleaning out the malware, the logs requested also provide information as to wheather there are other problems as well and there is alot of information that can also be collected from infected systems to further help avast in it’s fight.
essexboy is not the only malware specialist we have here and there is a seperate are for them to provide help but unfortunately not all people with issues start there thread in the correct section " hence this thread"
One scanner is not enough. That’s why there are do many free on demand scanners out therer. The most important thing is turn around time. Why spend days going back and forth with log postings when on a matter off minutes it can be fixed. Use the info provided in the link then follow up with an MBAM scan. Never hurts to scan with HMP also or CCE.
Aventador This is not the same malware as the one you have linked to I am afraid, malware does not stay the same so a tool that worked yesterday will not work today… HMP has killed a fair few systems I have had to recover. Also working in a shop with the computer is easy, working remotely is not
larryvir this should be the last run, once done can you let me know of any problems you are experiencing
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
2012/09/08 23:07:55 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\dsgsdgdsgdsgw.pad
:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
I beg to differ. I also do house calls and work remotely via Teamviewer.
as essexboy said you have worked via a remote access a system not like essexboy is doing like here in this forum…I know how hard it is when you dont have your hand on the system since i do such stuff everyday…whether remote access,hand on cleaning or what ever…I remember when i was very knew to such removal stuff and believe me i have wrecked a few machines by following hand-on guides and having years of experience too… ;D
Excuse me but please do not assume. When someone emails me or calls me with a problem I often provide them with links to aid them. Which means there on there own. The instructions laid out by Bleepingcomputers can be used and followed by anyone. OTL involes special care an
D interaction with an expert to work.
No one can know everything. I sure don’t. But if someone can share info which can provide a safer and faster way to help the person it should not be shied away from. In the field no one uses OTL anymore cause it’s too tone comsuming.
That is why I use OTL as it will show me the areas that need to be removed/fixed/repaired. The tools used as a standalone will not get all of the bad files/registry entries. Plus I am an Instructor in online malware removal, so I do have a modicum of experience in this area. Could we refraiin from using this thread to discuss it as larryvir will be lost in what to do
I respect your last post essexboy. Just return the favor. Thanks.
To all of you:
I’m surprised by all the hits/interest shown in this problem, and embarrassed by so many observing my (let’s be polite and say) inexperience here. As I indicated before, most of us can drive a car well, but few can delve into a motor or transmission…we call a mechanic. Pondus and essexboy have been my most helpful mechanics, and I shall leave the resolution of this matter in the hands of essexboy…“too manycooks spoil the broth” 
So ty to all, but ease off please.
To essexboy:
- I truly appreciate the time and efforts you are taking on my behalf. But can I prevail upon your good nature to check my Reply#19, and answer some of the basic questions I raised?
- I have no problem running the scans, and can see that they are really prodding around in my innards But I am frustrated by my inability to post all the scan results for you. Are you getting enough info? Can you tell me how to improve my score? I know this is lack of v basic knowlege on my part, but I find it v annoying to have all this scattered somewhere on my PC and not be able to communicate it >:(
- Very few (v minor) problems have arisen. That TROJAN.RANSOM is no longer in evidence…SAS, Avast and MalowareBytes don’t show it…none show any theats at all, but I guess they may be hidden.
- ONWARDS , but I hope I shall be able to post the scans. Please tell me how to get from Notebook to attachment…when they get to My Documents all is well, but sometimes I cannot get them there, then…
- The process is to remove the main bad files and anything that they may leave behind. A messy registry is not a problem unless you can determine start speeds to the nano-second ;D
- OTL will request each running process to close, if it refuses (like Avast will ) then it moves on to the next process etc…
The script in the code box can be either a scan request or a fix command dependant on what we wish it to do
All logs will appear in the same location as the main OTL file, so if it is on the desktop that is where it will be - RogueKiller is a multipurpose tool in addtion to killing any known bad processes/registry keys it will also inspect the Master Boot Record for any infection. The shortcuts fix will restore any files/folders
that the malware has hidden. The smartscreen filter is under the tools option on the main IE bar
As I will always ask a mechanic what he is doing when repairing my car it is only fair for you to do the same. Plus like the mechanic I never leave any tools behind ;D
So how is the computer behaving now… Do you have any problems at all ?