Results 1 to 6 of 6

Thread: FBI Moneypak Failure to stop/detect

  1. #1
    Junior Member
    Join Date
    Jul 2012
    Posts
    3

    Default FBI Moneypak Failure to stop/detect

    I picked up the Trojan FBI Moneypak from from a web site and it had an interesting method of operating that SD and TeaTimer did not detect and did not prevent. I think, I was able to remove it, but not 100% sure. (I'll have a question later). I also have quarantined the executable part of it in case you would like to have a copy. First my system description; First I'm running Windows 2000 Sp-5 (it does everything I want it to do, and wife has Win-7 on her computer and I hate it) and I was using FireFox 12.0. Here what it did, the computer locked up with one browser window open (no menu controls visible, and even the keyboard controls were disabled) The mouse functioned. The page stated I was doing something illegal (downloading copyrighted mtl, or viewing porn of some kind) and the FBI had detected me, and was fining me, and that my computer would remain locked until I want to pay-pal and paid a fine. I tried to shut down the browser with Alt-F4 did not work, I tried to open the task manager to shut down FireFox, It opened for a second, and then shut down. At that point I just hit the reset button, removed the network cable and restarted. At restart browser tried to go to a web site but failed (no connection). I found 0_0u_l.exe in the temp folder of the local settings Folder. Could not delete, got the File in use message. I was able to rename it (0_0u_l.exe.vir). I restarted the computer and at boot up I received the message RUNDLL could not find 0_0u_l.exe. The computer is now acting normaly (I hope) I have run SD 1.6.0.30 with the current updates and nothing was detected, I also forced a SD scan of 0_0u_l.exe, and was informed "nothing found". I do understand that Win2000 is no longer supported. But Tea Timer usually prevents any changes to the registry. Now for my question: why did at boot up try to install itself with RUNDLL. Also Would you like a copy of 0_0u_l.exe.vir file.
    Thank You

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,491

    Default

    Hello Aule Mar,

    Please zip or rar the file/s and send them to and if you can with a password like 'infected' on the archive please.





    Quote Originally Posted by Aule Mar View Post
    I have run SD 1.6.0.30 with the current updates
    Spybot - Search & Destroy stable version is at 1.6.2

    http://www.safer-networking.org/en/spybotsd/index.html


    Quote Originally Posted by Aule Mar View Post
    and I was using FireFox 12.0.
    Firefox is at version 13.0.1 When updated it is often to patch security holes.

    http://forums.spybot.info/showpost.p...1&postcount=27

    Quote Originally Posted by Aule Mar View Post
    I do understand that Win2000 is no longer supported.
    Since July 13, 2010.

    Quote Originally Posted by Aule Mar View Post
    First I'm running Windows 2000 Sp-5
    Service Pack 5 for Windows 2000 is not an official or authorized release. http://support.microsoft.com/lifecycle/?c2=1131

    Please see this post in our malware removal forum: Microsoft End Of Support Cycle

    Do you have a anti-virus program installed?

    Best regards,
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Jul 2012
    Posts
    3

    Default Sending files

    I ziped the files and tried to send, but hotmail detected the virus and refused to let me send it. Is there a place I can upload it directly?

  4. #4
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    You can use our contact formular and attach the file.

    Best regards
    Sandra
    Team Spybot
    Last edited by tashi; 2013-09-11 at 06:57. Reason: Removed outdated link

  5. #5
    Junior Member
    Join Date
    Jul 2012
    Posts
    3

    Default File has been sent

    I have also updated both Firefox, and Spybot, still using Win2000. Still, it was not detected.
    Aule

  6. #6
    Senior Member
    Join Date
    May 2009
    Posts
    236

    Default

    Quote Originally Posted by spybotsandra View Post
    Hello,

    You can use our contact formular and attach the file.

    Best regards
    Sandra
    Team Spybot
    The English version is here
    Last edited by tashi; 2013-09-11 at 06:58. Reason: Removed outdated links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •