[markrr]

Good evening,

I have a friend whose computer is completely locked by the Green Dot MoneyPak FBI virus. I haven't used Windows XP in years and can't remember a whole lot about it. I recall the need to to start in safe mode for some repairs but I didn't want to say anything to him for fear of leading him down the wrong path and causing a bigger problem. Could you please tell me what I should tell him so that he may start the process with you to resolve this problem?

Thank You

Mark

[Advertisements]

Hi you will need a 1Gb USB stick for this

Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly



Download the following files to the desktop .. Right click the links and select save as...then select desktop

Rufus

OTLPE_standard

Right click OTLPE on your desktop and select ..Open as archive




Select OTLPE standard



Click Extract, ensure that desktop is selected



Insert the USB stick Then run Rufus

Select the ISO file on the desktop via the ISO icon.

Press Start Burn


Once the USB has burnt then

[*]Download Farbar Recovery Scan Tool and save it to the flash drive.

• Reboot your system using the boot USB you just created.
  Note : If you do not know how to set your computer to boot from USB follow the steps here
• As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
• Your system should now display a Reatogo desktop.
• Locate the flash drive and run FSRT
• The tool will start to run.
  
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[Essexboy]

Hi you will need a 1Gb USB stick for this

Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly



Download the following files to the desktop .. Right click the links and select save as...then select desktop

Rufus

OTLPE_standard

Right click OTLPE on your desktop and select ..Open as archive




Select OTLPE standard



Click Extract, ensure that desktop is selected



Insert the USB stick Then run Rufus

Select the ISO file on the desktop via the ISO icon.

Press Start Burn


Once the USB has burnt then

[*]Download Farbar Recovery Scan Tool and save it to the flash drive.

• Reboot your system using the boot USB you just created.
  Note : If you do not know how to set your computer to boot from USB follow the steps here
• As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
• Your system should now display a Reatogo desktop.
• Locate the flash drive and run FSRT
• The tool will start to run.
  
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[markrr]

He says that the screen is locked. Please explain to me how to get to the point to download the things you have recommended.

Thanks

Mark

[Essexboy]

Does he have access to another computer where he can burn the boot USB

[markrr]

No. He could come here, 40 miles away, and use my Apple CPU. But I don't know what burn the boot means or if it would work on an Apple. He has CPUs at work but the company is very finicky about this type thing. Please explain burn the boot. I am not to good at this.

Thanks

Mark

[Essexboy]

Is he able to start in safe mode

Reboot the computer and immediately repeatedly press F8 does a menu appear and is he able to access safe mode

[markrr]

He'll try this late tonight when he gets home from work. He is also going to borrow a laptop. I'll tell you the outcome tomorrow and Thank You for your help.

Mark

[Essexboy]

No problem, I am sure we will be able to come up with something

[markrr]

My friend was able to start his machine in safe mode and has a laptop in his possession. How shall I tell him to proceed next? It may take a little while since he works to day from noon till 10 PM this evening.

Thanks

Mark

[Essexboy]

OK as he has safe mode this will make it much simpler

• Download RogueKiller and save it on your desktop.
  
  NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
• The report has been created on the desktop.

Please attach: All RKreport.txt text files located on your desktop.

THEN

Download OTL to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
  
  
• Select All Users
• Under the Custom Scan box paste this in
  
  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  CREATERESTOREPOINT
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[markrr]

Thanks for all your help. I have my friend here and have set up a geekstogo account so he can take it from here. The useer name is jsmithrun. He won't be home from work until 11 PM+. If you leave him direction he will continue. Once again Thanks.

Mark

[Essexboy]

OK he will not be able to post in this thread. So have him create a new one under his name and link it to this thread. I will then pick it up

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.