Computer Support Forum

malware removal - have followed malware removal guide

Question: malware removal - have followed malware removal guide

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated

Relevance 100%
Preferred Solution: malware removal - have followed malware removal guide

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.

20 more replies
Relevance 82.07%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 79.75%

Hi,I need some help with the guide titled, "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help".http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/I'm up to step 8.I already downloaded GMER and when I double click it. It would automatically do a scan without prompting me (lasting less than 10 seconds) and then I continue with the instructions in the guide: I unchecked 'Sections', 'IAT/EAT', Drives/Partition other than Systemdrive, which is typically C:\, and 'Show All'.When I clicked "scan" the program just froze on me. I waited for about 5 minutes to see if it was just a lag but then I noticed the clock on the bottom of my computer screen also froze. I had to force the computer to shutdown by holding the power button. I tried GMER again about 2 more times and it froze both times the moment I clicked "scan". Then on the 3rd and 4th try, it scanned but I walked away for about half an hour and when I returned, it appeared to have self terminated. Then my final attempt. The scan finished and I clicked the "save..." button and the program froze on me and again, the clock on my desktop has froze again and I was not able to save the scan report.Is there an alternative program I can use rather than GMER?Thanks

Answer:I need help in the guide titled, "Preparation Guide For... Malware Removal Tools..."

If you cannot get GMER to just just post the other logs asked for and explain the problem you had trying to run GMER.

3 more replies
Relevance 77.43%

Hi. Recently my internet has been slower and computer not running as smoothly, so I followed the basic computer maintenance and the malware removal guide (thanks so much for these!). Attached are the logs from the malware removal guide, I was hoping someone might take a look at them and give me some advice on what to do next. Thanks!
 

Answer:Malware Removal according to the Guide

And the MGtools log...Thanks again!
 

8 more replies
Relevance 77.43%

 I'm following the  "read this before requesting malware removal help" guide and have a question : I have Adaware installed on my laptop will it conflict with any of the recommended downloads? should i uninstall it ?

Answer:malware removal guide

No it won't.

14 more replies
Relevance 77.43%

I am working on another computer. I am not able to visit this forum or any other for that matter. I cannot download most the antivirus. I have used ccleaner, spybot, sdfix, vundo fix, but the browser is still hijacked and not allowing me to any sites. Windows Installer is disabled as well. I cannot get through the malware removal guide because it is not allowing me to download most things, and I cannot get to this site to download directly from here. Any suggestions on just getting me to this site? Also I have downloaded mozilla and that is not working either. I was able to remove some spyware from the computer but am still being redirected and getting pop ups. Current programs are not detecting any problems.
 

Answer:Cannot run the Malware Removal Guide....

Welcome to Major Geeks!

You need to download to the computer you are using to post these messages..save to cd or thumb drive and then transfer to the infected machine....and since ComboFix requires no installer...run that first and attach that log.

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 77.43%

This is the first time I have posted a thread so I hope you will forgive me for being a novice.

I am sure that I have a virus and have been trying to remove it for two days. I downloaded a few anti-virus and anti-spyware programs such as Spybot S&D, Avast and Ad-aware. When I found this Malware Removal Guide I was excited to start it right away, however the virus that I have shuts down my explorer.exe and when I try to launch it as a New Task from Task Manager it continually restarts. For this reason I am unable to access the Add/Remove programs function from my Start menu. Does anyone know how I can get to Add/Remove without using my desktop or start menu? Also, if there is another way for me to uninstall programs please let me know?

The anti-virus program I have been using and intend to keep is Nod32. I am running Windows XP Home Edition. I am not sure what information you need. Please let me know if I have left something out.
 

Answer:Help using Malware Removal Guide

Just skip any steps in the Read and Run First instructions that you can't do ....we really need the logs from running:
ComboFix
SuperAntispyware
MalwareBytes
and the MGLogs.zip from running the MGTools.exe.

If you can't run any of them in normal mode, try safe mode.
 

15 more replies
Relevance 77.43%

A few days ago I started getting annoying pop ups only while internet explorer is open. Some of these pop ups include:

WinAntiVirus Pro 2000
Drivecleaner
Movietickets

Amongst many other things which I can't remember off the top of my head.

I followed the READ & RUN ME FIRST malware removal guide, however...when I finished running counterspy in safe mode I failed to save log of the scan (sorry, it was three in the morning and I'm getting ready to deploy). I do however have all the other required attachments.

By the way, when I ran spybot S&D it smitfraud kept coming up, as well as some Win32agent alert.
I just finally finished the entire process this morning and haven't ran anything since.

Any help would be greatly appreciated.
 

Answer:Help please. I tried the malware removal guide...

Here are the rest of the attachments.

I can run another counterspy scan if need be.
 

11 more replies
Relevance 77.43%

First I would like to say hi. I'm new here.

View attachment RKreport_SCN_09072014_162956.log



View attachment Malware Bytes log.txt



View attachment HitmanPro_20140907_1744.log





I have read the read & run me first guide. I had followed all the steps. Here are my logs. I would like to thank you in advance for any help.

Thanks
Diamond6
 

Answer:Malware Removal Guide

Welcome to MajorGeeks!

I also need the requested logs - C:\MGlogs.zip and the latest dated C:\TDSSKiller_log.txt.

dr.m
 

12 more replies
Relevance 77.43%

Hi, I'm new in this forum so im not familiar with some issues.

I'm doing the MALWARE REMOVAL guide step by step and got confused on step 4.

The GETRIGHT and SHOWNEW guide says: "Upload the runkeys.txt file here as an attachment".

I don't understand where i'm supposed to attach the log files. In a new thread like the one Im doing now? Someone of you guys is going to take a look at them and send me instructions?

Just in case I'll attach the logs here.

Well, that's it...Hope someone could help me please!! Thanks.
 

Answer:A little help in MALWARE REMOVAL GUIDE please!

Hi, I'm new in this forum so im not familiar with some issues.

I'm doing the MALWARE REMOVAL guide step by step and got confused on step 4.

The GETRIGHT and SHOWNEW guide says: "Upload the runkeys.txt (and the newfiles.txt) file here as an attachment".

I don't understand where i'm supposed to attach the log files. In a new thread like the one Im doing now? Someone is supposed to take a look at them and send me instructions? confused

Just in case I'll attach the logs here.

Well, that's it...Hope someone could help me please!! Thanks. :cool
 

5 more replies
Relevance 77.43%

This computer was initially pretty badly infested - the user had dl'd WinsSpywareProtect from a pop-up link, to help get rid of viri, grin.

Logs are attached - After running the malware removal process, AVG is still picking up infected objects, like "trojan horse generic10.BBWK, trojan horse generic10.AWCT trojan horse generic10.BFFW, trojan horse SHeur.BXJT..."

On Startup, Windows Security Center announces that the firewall is disabled, and then eventually "recognizes" XP firewall.

Thanks for your help!
 

Answer:Followed malware removal guide

Attached last 2 logs
 

7 more replies
Relevance 77.43%

http://www.computerhope.com/forum/index.php/topic,83423.0.htmlsorry to hijack could you have a look evil some time

Answer:Re: malware removal guide

First, this is not hijacking.Second, patience......

1 more replies
Relevance 77.43%

Hello,

First post here. I'm dealing with several machines in an internet cafe and for the last couple of days I've been trying to get rid of what seems to be something that reinstalls itself (?). So I decided to follow the "Malware Removal Guide" and, as instructed by this guide, here's the log generated by ComboFix. I would appreciate very much any help to identify potencial malware and remove it.
 

Answer:Malware Removal Guide

This is weird, whatever is in these PCs wont let browser connect to any antivirus or Windows website in normal mode, although I can do it in safe mode. I really need help with this. Thanks!
 

12 more replies
Relevance 77.43%

First and foremost, I'd like to thank you guys and Major Attitude for the Malware Removal Guide. I appreciate the thoroughness of it all, and the work put into this site.

Secondly, I just finished the Malware Removal guide, and I think I completed all the tasks as said, but I still think I may be infected.

Just to be clear, and in case this information helps:

My Computer:

Dell Dimension DV051
Intel(R)
Pentium(R) 4 CPU 2.80GHz
2.79GHz, 504MB of RAM
Physical Address Extension

OS: Windows XP Media Center SP2(Up to date)

Current Browser: FF(Up to date) Although, I used to use IE7 till I started experiencing some problems a few days ago and was informed to use FF instead.

I am still experiencing some of the problems that I noticed before. Mainly, it has to do with selecting text and items with my mouse pointer. IE: Highlighting text, Copy + Pasting. When I try to do some of these the functions themselves become screwy. Other problems include clicking and selecting certain normal objects such as the FireFox icon to open a window. When I try that, sometimes I either have to click twice to three times to get one open, and on IE7, it will open two windows off one click. So, in short, I believe that sometimes a single click counts as two and that specific problem can be noticed when I try to push the "Back" button on my IE browser. When I do that, it ascts as two clicks and pulls me back two pages in the history. However, now I only use FF and ... Read more

Answer:After The Malware Removal Guide:

I'm not seeing any malware ...and yes you need to uninstall MyWay Search Assistant.

The documents may be "recovered" docs from an error in Word...you can always go to help / detect and repair in Word.

And the desktop.ini as well as other files you are now seeing is because MGTools unhides system files and folders.
 

12 more replies
Relevance 77.43%

where is read and run me first guide.i can only find threads but no guide. help
 

Answer:where is malware removal guide

Here's the link:

READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker)
 

1 more replies
Relevance 77.43%

I was having major virus problems. XP with AVG showed trojans on 2/12. After running AVG, dumping virus vault, AVG never found any more, but obviously things were not right. Browsers (Firefox & IE) graphics showed as boxes only, each shutdown/startup or restart showed two error messages:
"Error loading: c:\windows\system32\pkdppxwj.dll. The specified module could not be found"
and
"Error loading: c:\WINDOWS\RKerubopituc.dll. The specified module could not be found"
Used Malware Removal Guide - ran ALL procedures, including XP Cleaning procedure.
Currently, no error messages at startup. Browser graphics now load, but machine not acting quite normal. I have a new Roxio install disk that my machine won't recognize (shows my CD drive is empty). It DOES recognize other setup CDs (like MS Office). I also get occasional white spaces with the graphic boxes that pop up down by my SysTray -- unreadable, and then they disappear after a while.

I'm attaching the appropriate log files. MGlogs.zip to follow in new message.
 

Answer:Malware Removal Guide

Final log attached.
Thanks!
 

4 more replies
Relevance 77.43%

Hello together,

i did all the steps as discribed in the Malware Removal Guide and think, my laptop is now free from virus and spyware.

A last problem occured now: neither Internetexplorer nor Mozilla Firefox can go to google.de (or gogle.com), which should be the main-page.

Could not find any word like "google" with the search-function in the forum.

My pc is a Sony Vaio VGN AR31 S with Vista Ultimate an the both harddisks use Raid 1.

All updates are done.

I have all the logfiles collected in a Zip-file (attached).

Anyone there who can help me?

attlbub
 

Answer:Malware Removal Guide

Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.
 

6 more replies
Relevance 77.43%

Hey I really need some help:
All my problems started when I noticed that my computer started redirecting my google searches. I tried to get rid of it following the guide in the forums, but it wasn't a permanent solution. It worked at first, but after a few hours it returned to its previous state. Then my computer's antivirus program, Spyware Doctor, was telling me that I had 1 threat and 2 infections of Spyware.Possible.Website.Hijack and so I started to follow the Malware Removal instructions. Everything was going well until I tried running Combofix. I did what the guide told me to do on bleepingcomputers (disable antivirus and close all windows). The first time I started the program, it told me that "Freeware implementation of REG.EXE" had stopped working and the program needed to be closed. I closed it and then tried running the program again, and this time my screen turned blue and the crash message came up. That's where I am at this point. I've been working on this all afternoon and through the evening and I don't know what to do. I need help navigating through the rest of the guide please!
Many Thanks!

P.S. Enclosed in the attachments are the SuperAntiSpyware scan log and the Malwarebytes log.
 

Answer:Need Help with Malware Removal (I tried the guide first)

Hi and welcome to Major Geeks, onigen!

I want you to read and follow these instructions: TDSSKiller - How to run

Please download aswMBR to your desktop.

Double-click aswMBR.exe to run (Vista/7 right-click and select Run as Administrator)
Select No when asked "Would you like to download latest Avast! virus definitions?"
Click the [Scan] button.
On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach)

 

9 more replies
Relevance 77.43%

First, I just want to say this is an awesome site. It's a bit intimidating to me cause I'm such an end user!

Here's the problem. Trying to work thru the malware guide and I'm stuck at SpyBot. I've used SpyBot for years so it is already installed. When I try to update, I get the "bad checksum" error. What do you mean by "choose a different server location?" A different ISP? I'm using Netscape presently, but also use IE. I just switched to using Netscape recently. I have XP.

The next thing is the TeaTimer function. When going into help to find out what it is, I learned I could deselect through the "register". I can't find the register and there is no additional help finding it that I can see.

So, please, somebody, help me get thru this. I am suffering from ABetterInternet and something else I'm not sure of at all called Microsoft.Windows.Security.InternetExplorer. This last one - I don't know if it's malware or that Netscape just hates IE.
 

Answer:Please help me get thru malware removal guide!

Hi dottsgarden!
Welcome to MajorGeeks!

The bad checksum usually refers to the mirror - the place you're downloading from. I think if you continue to get a bad checksum error, you should simply uninstall the program and reinstall it from the READ & RUN ME link. The most updated version is 1.5 and it's annoyingly slow when you double click on it to start it up, but it's the most recent one. When you do the installation, you'll see there are different choices where you can download it from and I believe selecting a different one of those is what the bad checksum refers to. See if that works. During the installation, just uncheck Teatimer.
abri
 

37 more replies
Relevance 76.56%

Hi, my machine has all kinds of problems. The worst is google constantly directing me to ads. I use Firefox and am getting popups out of nowhere too under the banner 'Mozilla advertisement' with various ads.

I followed the 'readme first' section to the letter then started going through the XP solution. Superspyware completed a scan but gave a 'runtime error' when trying to fix the problems. I think it fixed them anyway because they are listed in the quarantined part as being fixed. I got the log and have attached it here. I had to manually update definitions btw, the program kept saying my firewall is blocking it but it is not.

I then installed Spybot, same problem with the update, it wouldn't let me update so again I followed the link to get the definitons and installed them. Now Spybot won't start at all. I never even got to do a scan. I double click it and I see the egg timer for about two seconds then it's gone. Spybot doesn't load and isn't in the bar on the bottom right though spybotsd shows up as a process when I control alt delte.

I then tried malware, had the same problem with updates it said I'm not connected to the internet or my firewall is stopping it.

To be honest I just gave up at that point since I hadn't managed to run either Spybot or Malwarebytes I'm guessing there is a massive problem somewhere but have no clue what it is.

Any help greatly appreciated.
 

Answer:Big problems following the malware removal guide

Apologies for bumping this but one day later I'm on page four and received no reply from anyone. Is it because I only attached one log?

I didn't see the point doing tests without updated definitions and I DID spend hours trying to finish the read and run me first and then the XP cleaning link.

Should I try and complete the last two steps anyway and post logs will that help? Or what am I doing wrong that my post is being ignored? Any help at all would be great.
 

2 more replies
Relevance 76.56%

Ads are still popping up after going through the malware removal guide. I seem to have also this problem the only deffernce is that the popup does popup with microsoft edge while i am using google chrome. I hope you can help me as well. If I am doing something wrong by replying on this message please forgive. Thanks in advance

Ads Still Popping Up After Going through the Malware Removal Guide
 

Answer:Ads Still Popping Up After Going through the Malware Removal Guide

attached the files as requested in step by step
 

1 more replies
Relevance 76.56%

I am in the process of removing viruses, spyware etc from a heavily infected PC (a friend of a friend's). I have been following your malware removal guide (I believe I have removed 99% of the malware so far) but I have become stuck in one of the later stages. I have got as far as starting an online scan using PandaActiveScan in Safe Mode with networking. I am able to actually start the scan, but by the time it finishes, the network connection (via a pci ethernet card) has mysteriously become inactive and consequently I can't access the report log. I have timed this behaviour and the connection seems to drop after about 7 minutes or so.

The network connection has no problems in normal mode. It has never dropped in normal mode. I assign it a static IP address to my network (if that makes any difference).

Any ideas as to how I can get round this, so I can save the report log of the PandaActiveScan? Is it possible that a malware item is causing this?

Thanks.
 

Answer:Problem using Malware Removal Guide

Hi djames!
Welcome to MajorGeeks! Please run Panda in normal mode and see if you can get the report that way. Post the requested logs to us when you finish so we can look at them and make sure your computer is clean.
abri
 

2 more replies
Relevance 76.56%

Hi all,

I've been trying to fix my neighbor's netbook. Here are the specs:

Dell Inspiron 1012
Windows 7 Starter (32-bit)
Intel Atom N450 (1.66ghz)
1GB RAM

When I got it, it barely started up all the way. Explorer would crash and restart one or two times before the HD stopped crunching. Internet Explorer was her main concern because it would redirect her to a site (search.conduit.com/etc, etc) but IE would crash before it even got there. Then it would loop, reopening and crashing until I killed it with the Task Manager.

Even in the short period where I was able to click stuff in IE, all of the options I needed to change homepage or add-ons settings were greyed out. I was able to change it all with a work-around (accessing the cpl file directly) and changed the homepage to Google plus removed a bunch of unnessary add-ons (none of which were the Conduit.com stuff). This helped it load up a little better but it would still crash and loop after opening the webpage.

I tried to return it to Dell factory settings using the F8 "Repair My Computer" function at boot, but I get "parameter is incorrect" and then nothing at all until I manually shut down.

Also, I couldn't get into the Management Console or any workarounds to access the harddrives, it would either cause the computer to freeze or return an error whenever I tried to get in.

So, to rule out malware, I followed the guide. No malware was found by anything, but I am at... Read more

Answer:Malware Removal Guide logs

Hi Welcome to Major Geeks!

Can you please attach MGlogs.zip as well? It can be found at the root of C:
 

14 more replies
Relevance 76.56%

I just visited here for the first time in awhile.I was surprised to see the changes to this http://www.computerhope.com/forum/index.php/topic,46313.0.htmlI understand why SuperAntiSpyware was removed.But I was unclear of the following:1) The old list had several other tasks to do such as:-Update and remove old java-Clean the hardrive (Start, control panal)-Among other stepsIs there a new complete listing of what to do or is this literally all we have to do?2) Nothing was mentioned on Spyware blaster, should we keep or remove it?3) On a weekly basis this is what I would do:A. CCleanerB. Clear out old files on control panalC. MBAMD. Spyware blasterE. SuperAntispywareWhat now should I do on a weekly maintenance basis?4) Is AVG and Comodo alright?

Answer:New Malware Removal Guide Questions

Hi there... let me clear a few things up here...I was surprised to see the changes to thisIt's been coming for a long time. It's about time that out-of-date guide gets updated. There are so many new methods to malware removal, that having the same guide for a long time won't cut it.1) The old list had several other tasks to do such as:-Update and remove old java-Clean the hardrive (Start, control panal)-Among other stepsYes. However, since our malware removal specialists here at the forum know how to solve these common tech problems, or forward them to appropriate staff, we don't need them in the malware removal guide. It is actually too confusing for users to attempt those issues themselves. They could further damage their computer, so we prefer someone help with those issues.However, for Java update, we usually take care of that if a user's Java is out of date. However again, Java is supposed to update on its own, so we don't have to always deal with it anymore.2) Nothing was mentioned on Spyware blaster, should we keep or remove it?3) What now should I do on a weekly maintenance basis? Is there a new complete listing of what to do or is this literally all we have to do? 4) Is AVG and Comodo alright?For these four questions, reference my malware prevention guide here which will probably answer all of those questions: http://www.helpmyos.com/learn-security-f40/preventing-malware-and-being-resistant-to-the-dangers-of-the-internet-t1516.htm

5 more replies
Relevance 76.56%

Hello,

Recently I posted one or two threads and please understand it's not about bumping, but just letting everyone know my progress, I ended up fixing the system restore issue, but lets go to work.

1. I read and completed The Read & Run Me First thread and the windows xp cleaning section. I downloaded all required software and went to work. As I said before I made a few mistakes such as using msconfig and having it running on selective startup and used it to disable a few nasty little running pieces of adware i didn't want running. I also had a issue where my system restore tab went missing as I followed advice from another forum before coming here. I also ran some scans with ad aware and spybot and deleted what I found, but nothing helped.

When I found this site I decided to start over from scratch and through help from another place was able to restore my system tab and also changed msconfig to normal start up. Currently my system restore is running. Now on to the rest of the info.

I ran all checks as listed in normal mode and than safe mode and everything seems better except for two items. One is every time I start the computer I get the following message:
Restarting Your Computer is required

The computer must be restarted before updating can continue. Would you like to restart now?

This pops up everytime I start the computer now when windows load and if I hit no everything seems fine. if I hit yes it just restarts me and back to the same issue. ... Read more

Answer:Did the malware removal guide and still having problems

Here is the final log and thank you again. Look forward to your help in cleaning the rest of my system.

Josh
 

17 more replies
Relevance 76.56%

On July 6th, I downloaded a pre-cracked EaseUs Data Recovery Wizard. My firewall warmed me of malware and I deleted the package before opening it for set up. But my chrome started popping up ads and redirected links since then. For example, when I typed "bank of america" in Chrome, it used to just search in Google, but now it would search results in Google AND pop up another window with results from another search engine. It has also popped up adcash and porn sites... These have never happened before.

On July 8th, I went through all the steps Stelian Pilici posted in "Remove Cdn.adsrvmedia.net pop-up virus (Removal Guide)". I didn't have any adware program to uninstall, but I downloaded AdwCleaner, Malwarebytes Anti-Malware, and Hitmanpro. Malwarebytes' scan result quarantined Trojan Agent located in Thunder (Thunder is a download agent, but I have deleted it over a year ago...). The Trojan Agent was a registry key. Hitmanpro deleted cookies from chrome that were all ad sites (such as the ones I mentioned above). I took a look at the Chrome setting--extensions, and there were no unknown extensions.

I also read another thread and repaired modified hosts files in C:\WINDOWS\system32\drivers\etc --hosts, and deleted an extra line under
127.0.0.1 localhost ::1 (According to the thread, this should be the last line)

I now added Adblock on Chrome. No ads/other search results have popped up. Adblock shows that on July 9th (today) it has blocked ove... Read more

Answer:Ads Still Popping Up After Going through the Malware Removal Guide

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

8 more replies
Relevance 76.56%

Hi I seem to be having the same problems, pop ups and getting redirected also my home page keeps going to about.blank please could you help me?
 

Answer:Ads Still Popping Up After Going through the Malware Removal Guide

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

15 more replies
Relevance 76.56%

Hi! A friend of mine gave me your link to your Malware removal guide. I followed it thoughrouly, but Antivir still pops me a window saying I have a TR/Rootkit gen thingy. I've been scanning my computer for the last week and cannot seem to eradicate the problem.

This all started when I downloaded the latest update of Antivir, it kept popping messages about Trojans et Rootkits. I scanned with my antivirus and anti-malware softwares with partial success. Today, I followed your procedure, but it's still there. Also, I had an Autorite NT/System message that started popping up within the last days with a one minute countdown after wich it rebooted my system. Don't know if this is gone since it appears only once in a while. *sigh*

As asked on your guide, I will post my logs in 2 seperate posts.

I think I should also let you know that I am not too bad with computers, but I am far from being an expert. I hope you can help me, otherwise, I guess I will have to format the whole thing.

Many thanx in advance!!!!!
 

Answer:Malware problem - followed your removal guide

Hi again! Here is the rest of the last log. (Hope i did it correctly!)

Thanx again!!
 

9 more replies
Relevance 76.56%

and here are my results. let me know if you see anything funky.

attached:
bitdef resluts
avg anit spy
hijack this
 

Answer:Completed the Malware removal guide...

attached:
getrunkeynow
shownew
 

4 more replies
Relevance 76.56%

Hi,
I want to thank you guys from the bottom of my heart. I cleared most of the malware from my laptop with the usual programs. (Yes, I invited the Devil in). Something(s) was still in my system that would not allow me to access the Windows Update site, or update my virus and mal programs. I found this old thread "READ & RUN ME FIRST. Malware Removal Guide", and followed it to a tee. After reboot, Windows update was already downloading files.

Cheers,
Bill Campbell :major
 

Answer:READ & RUN ME FIRST. Malware Removal Guide

Welcome to Major Geeks!

And your welcome. Thanks for letting us know of your success.





bbillcampbell said:





I found this old thread "READ & RUN ME FIRST. Malware Removal Guide", and followed it to a tee.Click to expand...

While the thread was originally started a long time ago, the procedure in it is frequently updated. Thus it is not an old procedure. The date of the thread starting, does not equal the date of the last update. We don't recreate the thread each time the procedure is changed. We just edit the procedure.
 

1 more replies
Relevance 76.56%

I have followed the malware removal guide. I have attached the completed scans that i could run. I had malwarebytes program and ccleaner prior to running this. I did delete and reinstall these two programs and follow the malware removal guide.
The issues prior were less than 16% space on disk; slow; browser changes-firefoxmozilla. Error messages on malwarebytes-antimalware: Malwarebytes found a hijack display a while ago. I tried to attach the appropriate MB log, although i am not sure it is the correct one. Also,something accessed norton antivirus and i was not able to download the updates and run. I could not use system restore. The mozilla browser and computer were freezing. Did MGTOOLs find anything? Please advise. Thanks so much for taking a look.
 

Answer:I have followed Malware removal guide. Please advise

1. Please go to Jotti's malware scan

(If more than one file needs scanned they must be done separately and logs posted for each one)

Copy the file path in the below Code box:

Code:
C:\ProgramData\62247D211D.sys

At the upload site, click once inside the window next to Browse.
Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
Next click Submit file
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
This will perform a scan across multiple different virus scanning engines.
Important: Wait for all of the scanning engines to complete.
Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

2. Could you please get this: 62247D211D.sys into a zipped file and attach it for me in your next post? To do this, see the below:

Please go to start > Run and paste in the following:




%systemdrive%\MGTools\zip "%systemdrive%\collect.zip" C:\ProgramData\62247D211D.sysClick to expand...

log retrievable @ C:\collect.zip

3. Also delete all files in the below bold folders except ones from the current date (Windows will not let you delete the files from the current day).




C:\Windows\TEMP
C:\Users\hastavista\AppData\Local\TempClick to expand...

4. Now open up MBAM > update it > re scan > fix anything it finds > and attach the log it creates into your next reply.

5. Now run the C:\MGtools... Read more

4 more replies
Relevance 76.56%

Get a few messages popin up all the time, one even says it found "Trojan.W32.Looksky" have tried the malware removal guide,but it didnt seem to help fix my computer at all, in addition i wasnt able to run the panda or bitdefender online scans because of the malware.
 

Answer:Tried the Malware removal guide to no avail!

Any help with this problem would be greatly appreciated!!!
Thanx in advance
 

8 more replies
Relevance 76.56%

I did all of the scans and ran all the programs and the guide said to upload the logs. I'm just making sure that everything is alright.
 

Answer:Help with logs from Malware removal guide

and heres the last one...
 

4 more replies
Relevance 76.56%

First let me thank all of you guys for having this site online in the first place. I can't tell you how much I appreciate any help at this point.

I'm using a Dell Inspiron 6000 laptop running Windows XP Media Center Edition Version 2002 SP2.

Initially my problem was: When I connected to the Internet sometimes another window would open with a completely unrelated site. After running Norton, Windows Defender and a-squared I started looking for help online and found this site.

I found the malware removal guide and followed all the instructions. However I got a little confused when I was following the instructions and ran the CounterSpy scan before I was suppossed to. Stupid I know but I thought you should know. Other than that I followed all instructions from that point on including running CounterSpy scan when I was supposed to.

I am attaching all the logs requested.

At this point I still get the pop-ups and now I'm also getting messages poping up on my taskbar. "Security Alert: Spyware Found" There are a few different messages telling me to click on the baloon to download antispyware. I have not clicked on the baloon. I've got enough problems already. I also notice anti-spyware ads on websites that should not have them so I've also avoided clicking on those ads.

Again thank you to anyone who helps. I really appreciate it.
 

Answer:Serious Malware Problem after removal guide

Here are the other files.
I tried to upload Counterspy2.txt which is from my second scan (the one I ran at the correct time) however I keep getting a message upload of counterspy2.txt failed.
 

11 more replies
Relevance 76.56%

Ultimate Malware Removal Guide -- Purge Your PC of Junk Files!






Malware is everywhere. You can't browse on any Internet tech forum without someone mentioning this word (with disdain), usually in search of a remedy after being infected with spyware. No matter how careful you are, we’re guessing that many of you have had malware inadvertently installed on your system and may have even ended up reformatting your computer as a last resort. While that may have been the most thorough solution, it is in a sense admitting defeat. Or worse yet, you took your computer to get cleaned and was charged anywhere from $50-300 -- a high price for humiliation. But don't fret, because you can actually purge your system of malicious software for free! Just follow our comprehensive guide.



Read more at: Ultimate Malware Removal Guide -- Purge Your PC of Junk Files! | Maximum PC

Answer:Ultimate Malware Removal Guide

Thanks Shawn for the info.

23 more replies
Relevance 76.56%

I did all the steps in the Vista Cleaning Procedure thread. I'm still have issues and I dont know what to do to solve it. Ive had problems for a long time, pretty much since I got my comp. I think i double clicked on an open comp to comp wireless network at school and i think it may have something to do with it.

I know i have problems because when I'm on campus I get banned for having spyware activity. The ban is temporary (2hrs) but a pain nonetheless. The wireless network i was talking about shows up as 'uwo 2' (greasy because the school network is 'UWO ##') and is always available even if i know i'm not within range of anything.

I have Kapernsky 2009 updated and installed on my computer and my drivers are also up to date.

I can't seem to find the other logs, I searched and restarted. In the programs respective folders there doesn't appear to be anything, i don't really understand whats going on with it.

I would also note that I have had a ton of issues with my wireless card and I've had to reinstall the drivers a few times. I still have to constantly repair my connection. Its always the same thing, that the wireless capability was turned off. Ive tried changing the settings via an online fix but it didn't do anything. This last part may just be because my wireless card is just a whack product.

I would really apreciate help! I really dont want to have to wipe my computer.

Thanks in advance. ... Read more

Answer:Completed Malware Removal Guide: Please Help

Your SAS and MBAM logs are here:




"C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
supera~1.log 2009-02-25 465 "SUPERAntiSpyware Scan Log - 02-25-2009 - 16-34-19.log"

"C:\Users\David\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
mbam-l~1.txt 2009-02-25 896 "mbam-log-2009-02-25 (17-28-45).txt"Click to expand...

But the look to be clean by the size. I do not see where you ran ComboFix.

But I am not seeing any issues in your logs.
 

1 more replies
Relevance 76.56%

I am trying to help my girlfriend's laptop and followed the Malware Removal Guide instructions to step 6C. I now find myself at the 'request help' phase.

A few notes -- my girlfriend is using a laptop from Korea, so her operating system is Windows XP in the Korean language (hence some of the Korean scripts in some of the log files). I did my best in trying to negotiate my way around this laptop, but I would like to apologize beforehand if I missed anything along the way.

In my zeal to rid this laptop of malware, CounterSpy was run twice, therefore, I have pasted both CounterSpy logs together in one file. Sorry.

BitDefender and PandaActiveScan told me that this computer was still infected. I am at a loss.

Thank you in advance.
 

Answer:Step 6C of the Malware Removal Guide

Re: Step 6C of the Malware Removal Guide Part II

Here are the rest of the files.

Thanks again.
 

2 more replies
Relevance 76.56%

I've been getting some weird activity on my desktop machine running XP Pro for about the last 6-8 months.

- In Outlook express, messages will be completely blank both the message itself and the sender / subject area. Sometimes selecting the message will "fill in" the info other times it remains blank. (It seemed to have started here)

- In multiple applications as well as the OS, the secondary prompt windows that pop up when your saving / exporting etc, will be blank, or improperly laid out, or missing info/features often with garbled text, or completely sized wrong, often completely off the screen requiring multiple dragging of the window to get to the save/ cancel / feature buttons. This also occurs with the hovering windows you get when the cursor is overtop of features etc...

A restart usually corrects these issues temporarily, following the basic maintanenace guide and Malaware removal guide has fixed these problems for longer periods of time. I've run them twice in the last 3 months, however the last time I ran them, this past Friday the issues immediately started again.

Attached are the logs
-Rootrepeal would not work for me...i downloaded it twice and each time I extract it and start the .EXE file it does nothing...

Any advice will be greatly appreciated.

Thanks in advance.

Chris
 

Answer:Malware Removal Guide Logs

You are running an old version of MGTools. We will deal with that in a moment.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O1 - Hosts: 38.115.131.131 sk2.slsk.org
O1 - Hosts: 38.115.131.131 www.slsk.org
O1 - Hosts: 38.115.131.131 mail.slsk.org
O1 - Hosts: 38.115.131.131 server.slsk.orgClick to expand...

After clicking Fix, exit HJT.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
C:\WINDOWS\Temp\00a48372-2fd2-4be9-a3a8-ed4fc7f947a1.tmp
C:\WINDOWS\Temp\16bd22dc-2166-45ce-b3b5-4... Read more

3 more replies
Relevance 76.56%

I am still getting a virtumonde and a double click error on spy bot. Also i know during the scans several items were not able to be fixed. The computer is still running pretty slow. Thanks ahead of time for your help.
 

Answer:Completed Malware removal guide... Now what?

I'm new to this but I will follow your instructions to the "T".
 

10 more replies
Relevance 76.56%

i reported a malware problem earlier, as a guest, but have since become a registered user. i'm being prompted to allow the installation of an ask toolbar. i removed everything "ask" related using revo uninstaller, but continued to receive the prompt. i followed the steps in the "malware removal guide" and am submitting the requested logs for review. also, i'm confused regarding step 6. i ran HJT, but took no action when i received the results of the scan. how do i proceed in regards to the scan results? thanks for all your help, you guys are doing a great job!       [recovering disk space - old attachment deleted by admin]

Answer:Logs from malware removal guide

Hello jpb759.You have way too much real-time antispyware running. This actually giving you less protection rather than more.WinpatrolSpySweeperMalwarebytesDisable either SpySweeper or Malwarebytes and just use it as an on-demand scanner. Winpatrol should be fine as it does not interfere with anything like the others do.----------Disable SpySweeper so it does not block any fixes.You can re-enable it after we're done.To disable SpySweeper: Open Spysweeper and click Options over to the left thenProgram Options and uncheck Load at windows startupOver to the left click Shields and uncheckeverything.UncheckHome page shieldUncheckAutomatically restore default without notification.----------Disable Winpatrol so it does not block any fixes.You can re-enable it after we're done.Right-click the running icon of Winpatrol in the sytem tray and choose exit. ----------Malwarebytes is a version behind so you need to update and run it again.Open Malwarebytes' Anti-Malware.* Click the Update tab.* Click Check for Updates* If an update is found, it will download and install.* Click the Scanner tab.* Select Perform Quick Scan, then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)* The log is automatically saved ... Read more

1 more replies
Relevance 76.56%

Attached are the logs requested. runkeys.txt says there are still problems:

List of Malware found in SharedTaskScheduler
-----------------------------------------------------------------------
SpyAxe {C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}
-----------------------------------------------------------------------

List of Malware found in C:\WINDOWS\system32
-----------------------------------------------------------------------
SmitFraud in C:\WINDOWS\system32\ot.ico
-----------------------------------------------------------------------
Also, I am constantly recieving the pop up "cannot find C:\windows\system32\drivers\detect.htm"....whats this about?
 

Answer:Result from Malware removal Guide

Hi kene_kj!
Welcome to Major Geeks!

I've glanced through your logs. A lot of the infection was removed, but there are a number of files which still need to be gotten out. Please use your computer as little as possible until we have time to work up a set of instructions for you. This takes a bit of time, so thanks for being patient!

abri
 

17 more replies
Relevance 76.56%

once you have used the malware removal guide and it has worked, do delete the dowloads you have used?
 

Answer:after finished with malware removal guide

virushelp,
When you come into the Malware Forum, find the thread that you started with your name on it and post there. Alternatively, access your thread from the link if the link is e-mailed to you or from the link in your user profile which you can get to when you log on by clicking on user CP. There are a number of ways to go back to your own thread and post your further questions there. TimW is helping you and you need to go back to that thread and then hit the Post Reply button that you will see after you open that thread.
abri
 

1 more replies
Relevance 76.56%

My computer keeps changing the settings to connect using a proxy server no matter how many times I change it back. Also in google chrome after my first search I can not go to the next page or even make another search I get a blank page with a little piece of paper in the left corner of the tab at the top. Here are the reports from folowing the malware removal thread. Having a problom uploading the rouge killer log as it is in .json format.
 

Answer:Followed Malware Removal Guide and still having problems please help.

Hi and welcome.



Having a problom uploading the rouge killer log as it is in .json format.Click to expand...

Re run it again, and click on the report button at the end, it should be a .txt file
 

49 more replies
Relevance 76.27%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 75.69%

Hi, I was following the Prep guide and got as far as Step 7 and DDS wouldn't run for some reason. Quietman 7 very helpfully pointed me to RSIT instead, and that worked fine (see attached log.txt)Then i downloaded GMER.exe and I started to run it after turning off IAT/EAT, Drives/Partition other than Systemdrive, and Show All.After a couple of minutes I got a blue screen which told me something like - a program has failed and that I need to restart.I don't know what to do now. Does the log.txt provide any info?Thanks in advance,MB

Answer:Problems following Preparation Guide for Malware removal

Hi,We're so sorry about the delay. Do you still need our help?

19 more replies
Relevance 75.69%

Hi I was following "READ & RUN ME FIRST. Malware Removal Guide"
Completed till "... locate the DisableUAC.reg file in the C:\MGtools folder and double click on it."
When double clicked Spybot ? Search & Destroy poped and scaned "DisableUAC.reg" said nothing found and asked to close.
How do I go about now.
 

Answer:Help Needed with READ & RUN ME FIRST. Malware Removal Guide

XP-96943172.EXE hoping somebody would notice and help

Unable to log into safe mode when tried to do so i was asked to Press Esc to to stop loading of Sptd.sys watever i do system reboots.
Scaned with Malwarebytes there were 67 instances of malware removed them but still could not log into Safe mode.
Found the following in Startup of MsConfig
Startup Item-----Command ---------------------------------------Location
XP-96943172 ----C:\windows\system32\XP-96943172.EXE----SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iiiiii --------------- C:\windows\system32\XP-969~1.EXE -------SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Unchecked them but when ever i reboot i find them checked.
Searched the Net and found its 278.EXE Trojan/malware....
There is another Thread of mine here
" Help Needed with READ & RUN ME FIRST. Malware Removal Guide " in Forum: Malware Removal
I am struck at the Step 3 don't know how to go about, hoping somebody would notice and help
I know i cant post a new thread but I am desperate :cry please help me
 

21 more replies
Relevance 75.69%

Specs:
IBM R40 Notebook
MS Win XPP w/Serv. pk 1
Intel Pent M 1.3
597MHz
256MB RAM
40GB Hard Drive

Internet Providers:
AOL
Comcast Broadband


Good evening,
I am having problems with Malware and its apparent effects on my computer. I currently am running the latest McAfee AV (provided by AOL) with auto updates, as well as Zone Alarm (v 5.5 - free download version). I get random alerts with attempts to access my computer by .exe programs and .dll applications. Such examples include "xmlfont.exe, xmlanti.exe, dbdns.exe", etc. I have followed all suggested steps in the "How to: Spyware, Trojan and Virus Removal" guide, and I still have the following noticeable problems:
a.) I cannot access the following websites via my IE browser (using my Comcast Broadband wireless connection)
- google.com
- 53.com (Fifth Third Bank)
b.) I cannot access 53.com on either IE nor via my AOL web browser (although I can access google through the AOL browser)

c.) when I restart/turn off my computer, a warning message pops up saying " 'odbcras.exe - DLL INTIIALIZATION FAILED' The application failed to inizitialize..."

I have run the Killbox program, and have a log file created. I know it says not to post unless asked, so let me know if you would like me to send as attatchment.

Thanks for your help!

bmontana
 

Answer:Malware/Spyware/virus help - already done How to removal guide...

bmontana said:



I have run the Killbox program, and have a log file created. I know it says not to post unless asked, so let me know if you would like me to send as attatchment.Click to expand...

I believe you mean you have run HijackThis and created a log, not Killbox.

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
 

46 more replies
Relevance 75.69%

Hello majorgeeks support,

This is my first time here & bumped to this site "googling" for how to remove Trojan. I have Advanced System Care (ASC) Pro 4.0 & AVG Internet Security 2011, 30 day trial. I used Windows 7 Home Premium, 64-bit. I scanned fully my whole PC with those 2 softwares. What I found that ASC cannot remove other infections while AVG can and vice versa.

Everytime I quick scan my computer with ASC, I can read Trojan.Win32, Trojan Vundo, Adware, etc... Thus, I followed the instructions of the Sticky Post "Read & Run Me First Malware Removal Guide."

I completed all the steps until Step 8 without knowing if the Trojan & other spywares are still there. While doing this process, the SuperAntiSpyware detected 2 Trojan.Win32/Agent while MalwareByte's AntiMalware detected 2 hijacker.

Since I completed till the last step, I want to ask two things:


am I safe that trojan & other infections are no longer there? The reason I ask this, I again use ASC after completing step 8, but trojan agent, trojan vundo & others trojan are still there.

Is AVG Full internet security 2011 enough for anti-virus, anti-spyware, and firewall? The reason I ask because the guide said, ensure that you only use one software for antivirus, anti-spyware & firewall.

Lastly, I am using those 2, do I really need to use the anti-virus, anti-spyware, firewall & CCleaner (I use TFC for Temp File Cleaner) that are suggested in ... Read more

Answer:My experience on Malware Removal Guide, Needs Advice!

Welcome to Major Geeks

I'm currently working through your logs and will get back to you as soon as I have time to finishing going thru all of the information. Please be patient as there is a lot of information to check.
 

18 more replies
Relevance 75.69%

I've had a few friends who haven't been able to run SuperAntiSpyware on their computers following your guide recommendations, even when attempting to rename to "SAS.EXE" (as you suggest). This generally is because they have "a class of infection that specifically targets SUPERAntiSpyware and prevents it from running." Most of them gave up. I quickly found a solution here (some just aren't "in the know" enough to search to find such info):

http://www.superantispyware.com/supportfaqdisplay.html?faq=71

It would be great if you could link to this also instead of simply stating to rename. This is a very powerful program that some will give up attempting to run without the info contained in the link above.
 

Answer:Malware Removal Guide Suggestion for SuperAntiSpyware

Welcome to Major Geeks!

We tell people about this alternate start method when necessary, but many of the new infections that are out will still block it from running too since they will block almost any executable file. Sometimes they will allow it to run once but there after it will no longer run since permissions are changed. This is not just a problem with SAS. All protection software is getting blocked and renaming will not help.
 

1 more replies
Relevance 75.69%

You geeks are tough! Among other things I had several years of MS updates to do. Most malware is in my mailbase. Can it be cleaned?

Some advised scans did not complete:

Bitdefender indicated seemingly thousands of the same thing in mailbase, then finally hung on something innocent looking in the second and last hard drive. I ** could not get a report from it,** but i did pause it several times as it ran. It said it deleted all problems in old mail but the file never shrinks does it?

I guess I'll run it again to see what happens. I deleted some stuff on drive F.



Pandascan slowed waaay down on the mailbase. the first couple times I thought it had stopped. Third time, I finally noticed that it did a new file every few minutes. After clicking stop (it would have taken months to run at that speed based on bitdefender) and waiting a long time it put up a prompr that allowed me to get the incomplete report.

Spybot worked nicely.

CounterSpy: found some problems. It ran itself again last night after Kaspersky finished, found no problems.

Kaspersky (alternate scan due to problems with the others) ran fine.
Oops! The report file is too large:

Kaspersky_scan_report.txt:
Your file of 982.5 KB bytes exceeds the forum's limit of 250.0 KB for this filetype.

If there is a way to clean the mail base then I think everything can be done properly.
 

Answer:Spent a week on the malware removal guide

Here are the other attachments. When I boot up and check for email there is a very suspicious loong delay during which nothing happens. Afterward things happen normally. As far as I know, the viruses indicated in old email did not do anything. Evidently they could not escape from Netscape. Spyware is my big concern.
 

33 more replies
Relevance 75.69%

Over at the Software forum (see my thread "suddenly lost an application; plus, can't download anything" at http://forums.majorgeeks.com/showthread.php?t=286066), Administrator DavidGP recommended I follow the instructions in the Malware Removal Guide and then start a new thread here in the Malware Forum.

But I have to ask three questions before I can follow those instructions. I'm sorry if I'm posting these questions in the wrong forum, but I asked the first two of these questions over at the Software forum, but didn't get a response.

A little background: My brother's computer runs Windows 7 Professional with Service Pack 1, and Mozilla Firefox 29.0.1. His current security software is StopZilla AVM 2013 (product version: 6.0.0.0, file version 6.0.3.61), and of course Windows Defender and Windows Firewall.

Question 1:

Both StopZilla and Windows Defender run real-time protection, but somehow don't collide with each other.

Nonetheless, I guess I'll have to uninstall StopZilla in order to run the programs referenced in the Malware Removal Guide, rather than just disable it, right?

(Incidentally, full scans done by both StopZilla and Defender found no threat.)

Question 2:

Step 4 of MajorGeeks' Malware Removal Guide says to disable any disk emulation software.

I don't know anything about disk emulation software, but I can tell you this:

My brother was running the now mysteriously disappeared prog... Read more

Answer:questions before following instructions in the Malware Removal Guide

Nonetheless, I guess I'll have to uninstall StopZilla in order to run the programs referenced in the Malware Removal Guide, rather than just disable it, right?Click to expand...

I wouldn't actually ever recommend anyone use Stopzilla. There are FAR more superior products out there.





Is VirtualBox disk emulation software? If so, I can disable it with DeFogger.Click to expand...

Yes you should be able to.





Someone told me they thought it might not be a good idea to disable disk emulation software before running diagnostic software because the malware might be on an emulated drive. Any comments on this?Click to expand...

You should always disable disk emulation softwares before beginning our procedures, this link explains why: http://www.bleepingcomputer.com/for...lation-when-receiving-malware-removal-advice/
 

1 more replies
Relevance 75.69%

It is my intention for this post to be a general purpose guide for people needing help with malware removal. The steps listed below, when done correctly and in order, should clean your computer of all but the most egregious malware. This guide assumes that you do not necessarily have the ability to pull your hard drive and slave it to another computer for the first round of scanning. Also, this guide will ONLY reference applications that are free to download and use for personal use. I'll add screen shots and more detailed steps as time and motivation permit.
1) Download and Install Removal Tools! The following anti-malware apps are generally accepted as the best FREE removal tools right now. This list may change or it may not. If you think something should be on here that isn't please let me know.

- CCleaner - http://www.filehippo.com/download_ccleaner/ - Useful tool for cleaning out all the crap that has built up on your computer from general use. This helps to decrease the amount of files that are scanned and can greatly speed up scanning.

- Malwarebytes Anti-Malware - http://www.filehippo.com/download_malwarebytes_anti_malware/ - One of the best removal tools out there right now.

- SuperAntiSpyware - http://www.filehippo.com/download_superantispyware/ - Another great removal tool

- SuperAntiSpyware Portable Scanner! - http://www.superantispyware.com/portablescanner.html - This is the same SAS scanner and removal engine in a portabl... Read more

Answer:How-to Guide for Virus/Trojan/Malware Removal

ComboFix = Godsend for heavily infected systems.

Other than that great guide!
 

more replies
Relevance 75.69%

As you can see from the title, I have the Scorpion Saver malware on my laptop. I followed the steps of the removal guide but was unsuccessful in getting rid of the little bugger. I have noticed that my FireFox has been cleaned up, as there are no more random links all over the page, and the adds have gone away too. However, I've not been able to log into World of Warcraft because the program still remains. Any type of help would be greatly appreciated.
 
I've done:
1. Ran Malwarebytes and scanned several times, to the point no malicious objects were found.
2. I have also ran CCleaner scans, Norton, Adwcleaner, JRT, and TFC scans. All of which have come to the point of no malicious objects found.
3. I have also attempted to go to the 'Control Panel' , 'Uninstall Program' , and tryed to delete it from there, however i get a message that appears, "The feature you are trying to use is on a network resource that is unavailable", "Click OK to try again, or enter an alternate path to a folder containing the installation package 'ScorpionSaver.msi' in the bow below." Therefore, it does not work.

Answer:ScorpionSaver not being deleted even after trying Malware removal guide

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Get the latest version of AdwCleaner.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the correct version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Pleas... Read more

9 more replies
Relevance 75.69%

While using the Google Chrome internet browser, moments ago, the page I was attempting to open turned bright red and was overtaken by what appears to be a Security Essentials message. There are various smaller windows with messages telling me that my personal logins and bank information was targeted so I need to freeze my accounts and contact 1(888) 944-5964 for the urgent help needed.

Because I have had a Security Essentials message in the recent past that turned out to be nothing, I am not panicking. Last time, I did call the phone number but found that it was just a company trying to get me to pay for their clean-up services. I declined their services and, instead, went to the Major Geeks Malware Removal Guide and had an expert confirm that all was well.

Consequently, I think it is possible this alert (although it has a much more elaborate screen presentation) may also be a fake so I am back again to follow the removal protocol. I am now at the prep-step of using the CCleaner, but the supposed Security Update will not allow me to close the Google Chrome window. It just makes a dinging sound. Should I tell the CCleaner to force it to shut down?

Thanks, in advance, for any guidance that can be provided. I would like to get through the protocol ASAP in case the alert is valid!
 

Answer:Question About Following Read & Run Me First Malware Removal Guide

I am sure it is a fake alert. Go ahead and force the closure then do the requested scans and we will look at your system.
 

2 more replies
Relevance 75.69%

I ran all the malware removal steps and everything went well. I am attaching logs. I also have MGlogs.zip on my hard drive will you guys need this? Thanks for the help its worked well. Everything went in the order the directions said.
 

Answer:I ran all steps from READ & RUN ME FIRST. Malware Removal Guide

Sending the MGlogs.zip file
 

2 more replies
Relevance 75.69%

Hi,first off a big thank you to those of you who give your time to helping the likes of me, it is greatly appreciated.I have a problem with my PC that keeps directing me to websites i don't want to go to, redirecting me from search results and generally being very annoying, so I have started at step 1 and worked my way through the Malware removal guide posted here (http://www.bleepingcomputer.com/forums/topic34773.html).I have got as far as step 8 and everything has gone fine, but I am having trouble with the step 'create a GMER log'.I click the link, save the file, right click on th saved file, click 'extract all' and then it starts to deviate from the guide, perhaps because I am running Win 7?I get a window open saying 'Select a Destination and Extract Files' and it has my desktop as the destination so I click extract. I then get and icon appear on my desktop which says 'gmer' and by hovering the mouse over it i can tell it is file version 1.0.15.15530.When I double click the icon and run the program I do get a prompt from user account control asking if I want to allow this program to make changes to this computer, so I click yes and the program launches.I get a window just like the one shown in the guide appear, but the only boxes I can tick are 'services', 'registry' and 'files', all the rest are there but greyed out so I can't tick them. I am a bit stuck as to how to proceed from here, any ideas welcome plea... Read more

Answer:Preparing computer for malware removal guide

Hi,Please do the following:Download OTL and save it to your desktop.Double click on the icon to run it.Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top, make sure Standard output is selected.Under the Extra Registry section, check Use SafeListDownload the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"Double click inside the Custom Scan box at the bottomA window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"Click the Ok button and navigate to the file scan.txt which we just saved to your desktopSelect scan.txt and click Open. Writing will now appear under the Custom Scan boxClick the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topicNEXTPlease download MBRCheck.exe to your desktop.Be sure to disable your security programsDouble click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)A window will open on your desktopif an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.If no... Read more

51 more replies
Relevance 75.69%

Thanks for looking. I encountered the FBI MONEY-PACK Virus/malware. The very first thing i did was restart in safe-mode with networking and did a system restore to regain access to my laptop. i then re-installed AVG and ran a full scan. that scan came back zero threats found. I then came to major-geeks forum and followed the READ ME RUN ME malware removal guide and here are the logs that came from them. i appreciate any and all help. thanks. :major
 

Answer:Finished malware removal guide. here are my logs.

Did you indeed take action on the items MBAM found?

What's inside of these folders?


C:\ProgramData\BOINC
C:\ProgramData\dbg
C:\ProgramData\kgrefstaeuleveh
C:\ProgramData\polhktrpahmrghd
C:\Program Files (x86)\7461C2F36F3242E3BC94409AC2223634



Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.





REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F48DA960-0FD9-4BB5-9826-C0C271C6C74D}]
Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.
 

3 more replies
Relevance 75.69%

Hi,
I am doing my best to follow all the steps in the Malware Removal Guide, despite feeling exposed & vulnerable.
I am at step 4: disable disk emulation software.
I have downloaded Defogger from the bleeping computer website, but when I go to open it, I get this security warning: this file does not have a valid digital signature that verifies its publisher.
So, the freak out level has gone up somewhat.
Please advise.
 

Answer:Stymied at Step 4 of Malware Removal Guide

That's fine, just continue on.
 

4 more replies
Relevance 75.69%

I just completed the Malware Removal Guide and still have infections. I'm trying to clean my Dad's business computer which was infected with multiple viruses that were causing pop ups for software downloads. The one that was recurring in malwarebytes scans even after removal was AGprotect and tcpsr. I am attaching all the log files from running SUPERantispyware, malwarebytes, combofix, rootrepeal and mgtools. If I can get help as soon as possible that would be great because my dad received notice that his internet was going to be disconnected by his ISP since he had viruses.

Thanks
 

Answer:Completed Malware Removal Guide but still have problems

here's the other log
 

9 more replies
Relevance 75.69%

Whilst following the guide the following occurred also.

Didn't know what viruses I had so didn't use Special Removal Tools at this point

Uninstalled Viewpoint Media Player using add/remove programs

Had trouble restarting in safe mode for both accounts especially the non-adminstrator account. But was eventually able to run ccleaner and spybot on both

I was unable to run counterspy on both accounts in safe mode and only ran on administrator in safe mode. Ran counterspy in normal mode on the other account

Had to run bitedefender twice as the web browser closed down 3/4 the way through completion the first time. Ran Panda active scan twice as well as the web browser also closed down half way through on both occassions. Hence I just went onto the next step and did not run Panda active scan through to completion. These were both done in normal mode as unable to run in safemode with networking.

I know used the special removal tool for Virtumonde aka Winfixer successfully.

Logs are now attached.

Thanks heaps.

Rob
 

Answer:I've also completed Malware Removal Guide....Next Action?

More logs to accompany "I've also completed Malware Removal Procedures.. Next Action?

The rest of the logs.

Cheers

Rob
 

16 more replies
Relevance 75.69%

Hi and welcome to MalwareTips Malware Removal Forum. If you are reading this, then you are probably seeking help or feel infected. Over 5000 topic have been posted in this forum and most of them have reached a successful conclusion. Two things are certain, you will get some of the highest quality malware removal help currently available and experts that never give up. All instructions are very simple and you need only basic computer skills in order to get your problem solved along with us.

Before opening the topic, please read Malware Removal Assistance rules, and stick to it, to avoid confusion.

Also be advised:

It is not our intent to repeatedly remove malware from the same member's machines. The intent of this free service performed by volunteers is to help remove malware from your machine, educate you on how it may have happened, and how to prevent that from happening again.

We do not provide help for work/business/company computers. This forum is run by volunteers that spend their time free of charge trying to help people. We're not here to help someone earn money. If you're earning for life via infected PC or making a profit by fixing someone's PC, then you should hire someone to fix your issue.
Due to the high possibility of reinfection and illegality, we won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are a... Read more

Answer:Preparation Guide Before Requesting Malware Removal Help

** Bump to reset order **
 

2 more replies
Relevance 75.69%

What is Best Malware Protection?

Best Malware Protection is a fake system security software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?

This is a screenshots of this rogue.

Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)

1. This rogue adds a proxy server which prevents the user from accessing the internet. To remove this proxy server, start Internet Explorer. Under Tools, select Internet Options.

Select the Connections tab. Then click on LAN Settings.

Un-check the boxes under Proxy server if they are checked. This will remove the proxy server and allow you to use the internet again.

For Firefox users, go to Tools > Options > Advanced tab > Network > Settings > Select No Proxy

2. After getting rid of the proxy, restart your computer. As soon as your computer turns on, tap F8 until you reach the Advance Boot Menu. Use the arrow keys and select Safe Mode with Networking .

3. Download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3
Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, tr... Read more

More replies
Relevance 75.69%

Hello I am new to the forum.
My daughter downloaded what she claimed was an active-X add-on that ended up putting about 8 different virus/spyware/malware on my computer including cycberlog-x, worm_nucrp??, icthis.exe etc.
Following some of the reccomendations on this site and utilizing some of the online scans I was able to find and kill all of them but I have one lingering problem. One of those programs seems to have shut down all my access to the control panel, internet options and the security center. The link to the control panel is completely gone from my start/settings table. I had placed shortcuts to the control panel, securtiy center and internet options on my desktop but now when I click them I get the following error "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator"
It's like the malware has setup some kind of network and locked me out.
I went to the MSN help site and it told me to login as the administrator and click Start, Run, and then enter gpsedit.msc. When I did that that i get a "file not found" error.:cry
I know I can load programs because I was able to load Hijackthis, Spyware Doctor and a couple others but I can't uninstall anything.
Does anyone have any idea how to fix this?
Thanks in advance,
Marc
 

Answer:Tried to run the READ & RUN ME FIRST. Malware Removal Guide/ can't even do 1st step.

Re: Tried to run the READ & RUN ME FIRST. Malware Removal Guide/ can't even do 1st st

OK I was actually able to find a way to do everything but the "Add or Remove" programs.
Still have the same issue.
 

11 more replies
Relevance 75.69%
Answer:having problems with popups - have tried all in the malware removal guide

Hi and Welcome


We will also need a small explanation of what is up with your PC, do the popups have names if so what?


Also we will need the other logs as per the guide, ShowNew, GetRunKeys and Bitdefender.
 

22 more replies
Relevance 75.69%

First of all, I am pretty certain that I have malware...my main problem is that I have the blue default background saying "Warning: Spware Has infected your PC..."

I am running into obstacle after obstacle trying to perform the read & run first instructions. I first uninstalled all the listed malware programs and then tried to install the latest Java (in safe mode) and I got a message saying "The system administrator has set polices to prevent this installation". I then finished the rest of step 1 "house cleaning and setup" with no problems. I also had no problems in step 2.

I then went to step 3 "Windows XP cleaning" and had no problems downloading the tools to a thumb drive from my laptop. I then started my PC in safe mode and tried to run SAS and kept getting an error message saying "SUPERAntiSPyware Application has encountered a problem and needs to close".

I then tried to install Spybot - Search & Destroy, but when I clicked install, I got a file download error "Error sending request. The server name or address could not be resolved." Of course, at this point, I was pretty dismayed but kept pushing forward with the "Windows XP cleaning" instructions.

Well, I then went to try to install Malwarebytes Anti-Malware and it got hung up and never fully installed. This is when I decided to finally give up. So where do I go from here? Please help.


Here are my main ques... Read more

Answer:Problems with Malware Removal Guide Read & Run First

Hello, YOYOADRIAN

These instructions should help.

First:
Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
Then search for TDSSserv.sys
Let me know if you find this or not.
If you do find it, right click on it, and select Disable. Do not try to uninstall it.
Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.

Secondly:
Important Notice: A new version of SUPERAntiSpyware is out that should help with this problem from Vundo.

Please uninstall your current version (this is necessary).
Then download this SUPERAntiSpyware
Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
Now run a new full scan of your system. And attach this first log later.
Since this infection has been reappearing after a reboot, you will have to reboot again and then run an additional scan to make sure it comes back clean. Attach this second log too.

*If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run the steps in safe boot mode but make sure you tell us what you did later when you post logs.

Links are given in ... Read more

1 more replies
Relevance 75.69%

Today, out of nowhere through a random SUPERantispyware scan, I found a trojan called Trojan.Agent/Gen-Krpytik. The scan removed it, but I was worried there might have been more that tagged along with it and remained hidden. I went through the guide, here are the logs. Please determine if there are any malicious processes going through. Thank you.
 

Answer:Suddenly got malware, decided to run removal guide...

SUPERantispyware log...
 

14 more replies
Relevance 75.69%

My computer has been running slow lately, although intermittently. Sometimes takes 5 minutes to close or minimize a window. Same time lag when attempting to end a program or after clicking "restart" to restart the computer. Attached are the logs. I would appreciate some help to see if there is anything unusual in the logs. I'm afraid to use the computer because one of my other home computers was infected with a key logger and I think this one might be infected too.
It's a Vista 64 bit system so I didn't run Combofix or RootRepeal per your instructions.
Thank you
 

Answer:Slow computer, followed Malware removal guide

Your logs are clean. I would suggest that you post in the software section for further assistance.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
[*]Go to add/remove programs and uninstall HijackThis.
[*]Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
[*]If you are running Vista, Windows XP or Windows ME, do the below:
Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
Then reboot and Enable System Restore ato create a new clean Restore Point.
After doing the above, you should work thru the below link:
How to Protect yourself from malware!

 

1 more replies
Relevance 75.69%

I still seem to be having issues with pop-ups. I've attached the 5 logs from running the MGtools. Can anyone take a look and tell me if I still have problems that weren't removed?
 

Answer:I performed all the steps following the malware removal guide, but...

Here are the other two logs.
 

13 more replies
Relevance 75.69%

On 18/07/11 I went to a page from a Google search. After a couple of seconds on the page it closed and a fake anti-virus, simply called Defender, popped up and started "scanning for viruses".

Despite my better judgement, I panicked and clicked "stop scan". I immediately realised my mistake and started trying to kill it. I first tried to open Task Manager, but that instantly closed and Defender told me that Task Manager was infected with a virus. Next I tried to open command prompt, but the same thing happened. My next attempt was to try to open McAfee Security Centre, but as I moused towards the icon, it disappeared. I was starting to get desperate and was even trying stuff that obviously wouldn't work (ESC, Alt+F4, what have you).

After I eventually managed to kill it (which, unfortunately, I don't actually remember how I did), I followed the path of the shortcut it left on my desktop and put it through McAfee's Shredder, then did the same to the shortcut itself. After this I ran full scans with SUPERAntiSpyware, Spybot - Search & Destroy, Malwarebytes' Anti-Malware and McAfee; which found various Trojans, Adware and Keyloggers in both my files and registry. I continued running precautionary scans over the next few days, which picked up a few stragglers.

However, scans kept coming up empty after this, but my machine has still been running slower than usual and Zemana AntiLogger is reporting all kinds of activity. IE has... Read more

Answer:Logs from Malware Removal Guide - Just want to be sure I'm clean

I am not finding any malware in your logs. Do you use a proxy server? If not, then fix this:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = hipxy:80

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = hipxy:80Click to expand...

After clicking Fix, exit HJT.

Please explain what operations are slow! For example answer the below:

* Is boot up slow?
* Is shutdown slow?
* Is browsing/surfing slow?
* Is downloading slow?
* Is running any application?
* Is it also slow in safe boot mode?
* Also are any process showing in Task Manager to be using a lot of CPU time?
* Anything else slow?
 

5 more replies
Relevance 106.19%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 106.19%

I am following the guide to remove malware as advise in my other thread.  Can I do everything in safe mode?  Because my computer doesn't work properly in normal mode, programs never open (so I can't install superantivirus) and most time the PC never even starts up past "loading personal settings".

Answer:Questions about Computer Hope's malware removal guide

Please tell me exactly what happens when you boot in Normal Mode.

14 more replies
Relevance 106.19%

Hey I am following these directions according to this link http://malwaretips.com/blogs/sirius-win-7-protection-2014-removal/. Are all of these programs that I perform the scans in done in "Safe Mode with Neworking"?
 

Answer:Sirius win 7 2014 Malware removal guide question

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

4 more replies
Relevance 106.19%

Looking for a review of my logs please. Not sure what is slowing down my computer. I am having lots of trouble with Microsoft Office 2007, but in general it takes super long to open up any program. My computer just started doing this recently. Before it was much faster.
 

Answer:Completed Malware Removal Guide need review of logs

Additional logs from SuperAntiSpyware.
 

4 more replies
Relevance 106.19%

Original problems before following the removal guide
1. bprotector
2. Ngnix (chrome, IE)
3. Yontoo
4. Babylon (Chrome, IE)

i also had firefox but removed before running the steps.

Please see the logs attached.

After running the steps:
1. bprotector - STILL AN ISSUE
2. Ngnix (chrome, IE) - Resolved
3. Yontoo - STILL AN ISSUE
4. Babylon (Chrome, IE) - seems to be Resolved

Note: bprotector also spread to my external hard disk.
 

Answer:LOGS - after completing the READ & RUN ME FIRST Malware removal guide

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O4 - HKCU\..\Run: [MSIDLL] C:\Windows\SysWOW64\rundll32.exe msihez32.dll,pvnWkKAGtClick to expand...

After clicking Fix, exit HJT.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSIDLL"=-

[HKEY_USERS\S-1-5-21-3441783611-3546664065-2954317798-1000\Software\Microsoft\Windows\CurrentVersion\run]
"MSIDLL"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Expl... Read more

9 more replies
Relevance 106.19%

Hello!
The system slowed to a crawl about 10 days ago. My husband mostly uses it so I don't know what he was working on when it happened, but I started getting blue screen and memory dumps last Saturday 11/21/09. I've been through the Malware Removal Guide steps (thank you for such a well-laid out guide). From what I can see I have a rootkit infection, if not more, but now I'm stuck fro how to fix it.

Logs attached, thank you!

Note: I had to run Combofix twice because my Comodo firewall and Symantec AV turned themselves back on halfway through the scan and froze it.
 

Answer:System very slow, already finished Malware Removal Guide

Additional logs attached
 

8 more replies
Relevance 106.19%

Hi and welcome to MalwareTips Malware Removal Forum. If you are reading this, then you are probably seeking help or feel infected. Over 5000 topics have been posted in this forum and most of them have reached a successful conclusion. All instructions are very simple and you need only basic computer skills in order to get your problem solved along with us.

Before opening the topic, please read Malware Removal Assistance rules, and stick to it, to avoid confusion.

Also be advised:

You're being helped by volunteers who dedicate their free time (when they are available) to help you free of charge, so please have that in mind by being patient (your help request won't be overlooked) and kind and by showing some respect and appreciation to them. If you cannot control your feelings and you are not satisfied with the help in any way, then you can always reach for your pocket and pay for the expensive help in your local PC repair shop.
It is not our intent to repeatedly remove malware from the same member's machines. The intent of this free service performed by volunteers is to help remove malware from your machine, educate you on how it may have happened, and how to prevent that from happening again.
We do not provide help for work/business machines. As being said, this forum is run by volunteers that spend their time free of charge trying to help people. We're not here to help someone earn money.
Due to the high possibility of reinfection and illegality,... Read more

Answer:[MANDATORY] Preparation Guide Before Requesting Malware Removal Help

** Bump to reset order **
 

2 more replies
Relevance 106.19%

Hello. I am following the malware removal guide. My control panel will not open, so I was unable to search the programs listed in the removal guide. I continued on and got to the cleaning procedure. In the cleaning procedure it says not to continue if I can't disable the user account control which I can't disable through control panel. Is there another way to disable UAC other than control panel in vista, or am I stuck? Thanks in advance for your help.
 

Answer:Malware removal guide help-control panel issue

Good evening. Try this.
Enable or Disable UAC From the Windows 7 / Vista Command Line
 

12 more replies
Relevance 106.19%

I have been having problems with my pc and my hosting provider because of attacks to my clients that i host there. My provider redirected me to your forum and asked me to complete this malware removal guide.
While going through the guide on step Run RootRepeal , before the process of scanning was completed, my pc restarted without any warning!
I do not know if i still have any problems. I am attaching all the log files you need in 2 messages as you asked.
Windows XP SP2 (os)
Thank you in advance for your help!!
 

Answer:Malware removal guide results - problem with RootRepeal

Last log file needed to be attached. It is probably empty because before the scan was completed my computer just reboots!
 

4 more replies
Relevance 106.19%

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Hi and welcome to the Bleeping Computer malware removal forum. If you are reading this article, then you are most likely looking for a solution to a possible malware infection on your computer. Please follow these steps in order to provide information that we can use to analyze your computer's configuration. Please note that these steps may appear to be long and daunting. In reality, though, they are very simple and are only so many steps as we wanted to be as detailed as possible in the instructions.
Before you perform these steps, it is suggested that you first check to see if there is a self-help guide for infection here:
Virus, Spyware, and Malware Removal Self-Help Guides
If there is one, then you can attempt to use the self-help guide first and then continue with these steps if you feel that you are still infected.
- Backup your data!
Regardless of whether or not you have a malware infection, routinely backing up your data should be an important part of every computer users life. Whether it be a hard drive that has failed or malware that has caused your computer to become inoperable, not having your files, pictures, email, and music can be a disaster. We therefore suggest that before we move forward with this cleaning process, you first backup your data to a secure location. That secure location could be a burnable DVD, an external backup drive, or another... Read more

Answer:Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Bump to reset order.

1 more replies
Relevance 106.19%

Ok - I had a trojan try to take over my computer. It was trying to direct me to their brand of "spyware removal" software. I've run through everything in the Malware removal guide and everything seems to be working with one exception.

I'm still having trouble booting consistently into Windows (XP Pro). It will get to the screen just prior to all of the user accountings showing and will just completely start over in the boot process. Sometimes it will show me the boot to the last known good state screen and sometimes not. In any case, it doesn't seem to make a difference what I choose at that screen. Safe mode doesn't boot any better than normal, and the last known good configuration doesn't make any difference either. With all of this being said, usually after several attempts, it will boot like normal and all is good until the next re-boot.

I'm wondering if I have a hardware problem to go with my malware problems (terrible coincidence) or if my Windows installation is somehow corrupted?
 

Answer:Trojan problem --Malware removal guide completed

Additional log post
 

10 more replies
Relevance 106.19%

I have a laptop that is having various issues. It started out when my browser was hijacked and continued on to not being able to get on the internet at all and to not being able to update any programs....virus/spyware or other wise.

Many times these programs would run and then error out with Dr. Watson errors when trying to delete any found issues.

After various iterations of Safe Mode/Regular Mode, I finally got some of the programs to run. The one thing that I must do to get to the Windows GUI is to start explorer via Task Manager after every reboot. Sometimes, I must start explorer more than once before the GUI shows up.

1. SUPERAntiSpyware - ran ok. Log attached
2. Spybot S&D - never could install the latest version. Ran an older version and finally got it to update the definitions. Log attached.
3. Malwarebytes Anti-Malware - Scans ok, but fails when trying to remove found issues.
4. ComboFix - ran ok, rebooted the machine and hung. I killed the ComboFix window and started the GUI. Then I saw the ComboFix window flash by. There is no c:\combofix.txt , but did find one in C:\cf\combofix.txt that gives a warning about not having the Recovery Console installed. Log attached.
5.
 

Answer:Issues with various parts of READ & RUN ME FIRST. Malware Removal Guide

Last log file.
 

16 more replies
Relevance 106.19%

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Hi and welcome to the Bleeping Computer malware removal forum. If you are reading this article, then you are most likely looking for a solution to a possible malware infection on your computer. Please follow these steps in order to provide information that we can use to analyze your computer's configuration. Please note that these steps may appear to be long and daunting. In reality, though, they are very simple and are only so many steps as we wanted to be as detailed as possible in the instructions.
Before you perform these steps, it is suggested that you first check to see if there is a self-help guide for infection here:
Virus, Spyware, and Malware Removal Self-Help Guides
If there is one, then you can attempt to use the self-help guide first and then continue with these steps if you feel that you are still infected.
- Backup your data!
Regardless of whether or not you have a malware infection, routinely backing up your data should be an important part of every computer users life. Whether it be a hard drive that has failed or malware that has caused your computer to become inoperable, not having your files, pictures, email, and music can be a disaster. We therefore suggest that before we move forward with this cleaning process, you first backup your data to a secure location. That secure location could be a burnable DVD, an external backup drive, or another... Read more

Answer:Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Bump to reset order.

1 more replies
Relevance 106.19%

A couple of days ago I was searching a torrent site and got attacked by about 8 Trojans in the space of a couple of minutes AVG picked all of these up and quarrantined them, but ever since I have not been able to run any antivirus software, AVG opens but will not let me scan, Spybot won`t open at all ( I get an error message saying " windows cannot access the specified device,path or file, you may not have the appropriate permissions to access the item and it was the same story with a few other antivirus/spyware programs ( malwarebytes anti-malware, Avast ) I have run the Read Me, Run Me First malware removal guide and when I ran superantispyware it removed 4 trojans and 2 rootkits and then rebooted my system, at which point I got the same error message as before, preventing me from getting a log for the scan. Tried downloading Malwarebytes anti - malware running it again and had the same issue as before, it installed fine, started running and then quit a few seconds later. So after running the read me run me procedure I have the RootRepeal log, the combofix log and the MGtools log. Hopefully you guys can help because I am stumped!!!
 

Answer:Have run the Read Me, Run Me First Malware Removal Guide and I stll have problems

Re: Have run the Read Me, Run Me First Malware Removal Guide and I stll have problem

Welcome to Major Geeks!


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)

After clicking Fix, exit HJT.



Now we need to use ComboFix

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.

Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
Open Notepad and copy/paste the text in the below quote box into it:


... Read more

9 more replies
Relevance 106.19%

Title is self-explanatory, there's this adware that keeps loading up every time I open my browser and it shows ads in places it shouldn't be. No matter which antivirus programs I use or which guides, the behavior is still the same and I've ran out of ideas here. Hope you guys could help.

I attach in this post my FRST log as I know it's a requirement for this Malware Removal Guidance.

Thanks in advance.
 

Answer:Persistent Adware after using the Malware Removal Guide for Windows

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

23 more replies
Relevance 106.19%

I can't follow Malware Removal Guide as everything I try says there is no disk space. Whatever had happened, it has appeared to hide or remove both MalwareBytes and SuperAntiSpyware. I try just removing a program and I get a "Disk is Full" error. Where do I even start, or is it just a matter of reformatting the whole thing?
 

Answer:I can't follow Malware Removal Guide as everything I try says there is no disk space

Re: I can't follow Malware Removal Guide as everything I try says there is no disk sp

And did you check your hard disk to see how much free space there is?
 

5 more replies
Relevance 106.19%

Hi

I have been experiencing many problems with my computer. It started with the machine randomly shutting off, then with many of window's services being shut off (installer service, system restore functions, etc.). I can't install the software mentioned in the malware removal guide. I am also finding that windows updates, and online virus scanners are all somehow being blocked by the virus. I am not sure what to do at this point. I was using avast as a virus scanner, and I had spybot going. I have run cccleaner and spybot and safemode but I could not get counterspy installed and running.

Please help!...Im not sure what to do at this point.

thanks in advance
 

Answer:desperately seeking help! malware removal guide not happening!

Welcome to Major Geeks!


Please download HostsXpert and then follow the below steps.

Unzip HostsXpert.zip
[*]It will create a folder named HostsXpert in whatever folder you extract it to.
[*]Run HostsXpert.exe, click Restore Microsoft's Hosts File and then click OK.
[*]Click the X to exit the program
Now run this ChodeFix - How download and run


Now please follow as much of our standard cleaning procedures (given below) as possible. These are necessary for us to provide you support. Try all steps, and note anything you cannot do and explain why when you come back but you must continue on thru ALL steps.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis​Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​
When you return to make your next post, make sure you attach the follow... Read more

16 more replies
Relevance 106.19%

Hi everyone,

I would really like to get some feedback from you. What is your opinion on the guide? What can I do to make it better? I want to make the guide as user friendly as possible. Please give me your feedback, ideas, and suggestions. Thanks.

Guide: http://www.selectrealsecurity.com/malware-removal-guide/
 

Answer:Virus/Malware Removal Guide for Windows [Feedback]

RE: Malware Removal Guide for Windows [Feedback]

personnaly i will remove SAS (it going down) and MSE (not fantastic), and replace them by Comodo Cleaning Essential (designed to be run in very infected environment, the only cons is its huge definition database to download) and Emsisoft Emergency Kit or Norton Power Eraser.

And you didnt mention Malwaretips !!!!! Boooo ^^
 

19 more replies
Relevance 106.19%

When load step 7 it load the window and nothing ever happens after that ever just stay in the dos window. What do it do now?

Answer:Preparation Guide For Use Before Using Malware Removal stuck on step 7

Hello.In this case, please substitute the logs generated by the following program for the logs generated in Step 7 of the Prep Guide. Following this, continue to follow the remainder of the Prep Guide, and include in your new topic that you were unable to run DDS.Please download OTL from one of the following mirrors:Location 1Location 2Save it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Check the boxes beside LOP Check and Purity Check.Push the button.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.These logs should be included in lieu of DDS logs in your new topic in the Malware Removal forum.[/list]Hope that helps.~Blade

1 more replies
Relevance 106.19%

any help from anyone will be muchly appreciated, thanks
items will be atached below
 

Answer:i did the malware removal guide as shown but computer still sluggish and pop ups?

I am not seeing any malware on in your logs...but I suggest that you run SAS and MBAM on all user account. You should not allow all users to have admin. privileges.

Please attach the logs named for each user if they show any malware.
 

1 more replies
Relevance 106.19%

the computer operating system is in Jap
 

Answer:HDD smart scan virus still around even after following the malware removal guide

Well,1 file in common file is not in my fix..which may look legit...too many malicious files to kill so we may run combofix after this fix to ensure we got them all...Also,your hosts file is infected..we will have it disinfected after this fix.
Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.5 or better installed please disable it for the duration of this run

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O4 - HKCU..\Run: [OEoaybPJrs.exe] C:\ProgramData\OEoaybPJrs.exe (JFF)
O33 - MountPoints2\{e4577e31-6244-11e0-b554-8c736e059aa5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{c7614b86-9f13-11e0-b548-8c736e059aa5}\Shell\AutoRun\command - "" = G:\LaunchEDS2.exe
[2012/07/11 21:27:31 | 000,251,128 | ---- | C] (JFF) -- C:\ProgramData\9rtx3MMMMsosbQ.exe
[2012/07/09 23:58:57 | 000,251,128 | ---- | C] (JFF) -- C:\ProgramData\hHHwUqAqlQVV3w.exe
[2012/07/08 18:50:39 | 000,000,679 | ---- | M] () -- C:\Users\FMVBIBLONFG70\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/07/08 18:50:41 | 000,000,160 | ---- | M] () -- C:\ProgramData\-nC0jTorqrPY6zSr
[2012/07/11 21:45:10 | 000,000,256 | ---- | M] () -- C:\ProgramData\9rtx3MMM... Read more

5 more replies
Relevance 106.19%

Hi,

Please see my logs attached, following execution of steps in chaslang's Malware Removal Guide and WIN 7 Malware Removal / Cleaning Procedure. I have NOT attempted to run RootRepeal as I am on 64 bit Windows!

Do I now remove all Programs you told me to install in the WIN 7 Malware Removal / Cleaning Procedure, before completing steps 5, 6 and 7 or do I wait a few days, even though the logs appear to be OK (for Super AntiSpyware and MBAM at least, as I can't tell with the other 2 programs)?

Note: ***When I was running MGTools, a window for Trend Micro HiJack This appeared T&Cs. Seemed like I needed to do this before MGTools could complete is analysis.

Important to note I am still experiencing and have been for some time, the following problems:
1. Programs periodically unresponsive when trying to open them (including Task manager). Have to restart my laptop regularly to clear this issue.
2. Google Chrome of late has been running slow and at times unresponsive. A little box comes up giving me the option to kill open browser pages. I often get an open tab in Chrome displaying "This webpage is not available" too.


Cheers.
 

Answer:Logs attached for review (after following Malware Removal Guide)

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run


Please also download MBRCheck to your desktop

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
It will show a Black screen with some information that will contain either the below line if no problem is found:
Done! Press ENTER to exit...

Or you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.

 

3 more replies