Computer Support Forum

Working through Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure

Question: Working through Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure

Hello all, let me thank you in advance for your time on this.
I am working on my mother's computer (Aspire 6gig ram, 1T HD, Pentium)
She has been unable to access her email for a while now, and I took an initial run at the issue with HighjackThis. (I'll attach the logs)
HJT recommended a series of fixes, which I checked, only to find that they didn't go away.
I then turned to this faithful site.
I have run the Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure.
Attached are those logs.
As always, all advice and attention is greatly appreciated.
Thanks.
-Dave.

Relevance 100%
Preferred Solution: Working through Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Working through Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure

Added the log files.
Thanks.
-Dave.

2 more replies
Relevance 79.17%

Hello my log files, sending, according to your instructions.
I appreciate your comments.
Thank you.
 

Answer:Vista & Windows 7 Malware Removal/Cleaning Procedure - My Logs

Welcome to Major Geeks!

Please attach the logs from the below scans which were also requested:

Hitman Pro
TDSSkiller
MGtools
 

3 more replies
Relevance 100.04%

Hello,

I have Windows 7 on my HP laptop. One or two times every week Windows freeze completely, and I have to reboot my laptop by pressing power button.

I have run Malware Removal/Cleaning Procedure. SuperaAntiSpyware detected and removed Trojan and Browser Hihacker Tubby. I rerun SAS and it shows, that everything was clean.

This is my two logs.
 

Answer:Malware Removal/Cleaning Procedure

I have run Malware Removal/Cleaning Procedure. SuperaAntiSpyware detected and removed Trojan and Browser Hihacker Tubby. I rerun SAS and it shows, that everything was clean.Click to expand...

Would still like to see the logs from those if you don't mind. Thanks.
 

29 more replies
Relevance 98.81%

I see that this is a somewhat common problem on the forums here. I ran the programs in the Windows 7 Malware Removal/Cleaning procedures and still have my Firefox address bar hijacked by searchqu. Before finding your forums I tried on my own with CCleaner and Spybot Search and Destroy. I know enough to be dangerous on a pc and that is about it. I can follow directions though and would appreciate any help. I have enclosed the logs from the Windows 7 Malware Removal/Cleaning procedures.
 

Answer:searchqu still around after Malware Removal/Cleaning Procedure

Here are the other 3 logs that were on the forum section sticky
 

8 more replies
Relevance 98.81%

Hi!

I hope you can help me, I completed the cleaning process but I am still having some problems.

Friday September 7, 2012 I was watching a movie on Netflix in full screen mode when the screen minimized and I saw that my Norton Anti virus icon had a red x on it.

I clicked on the icon and it said my virus and spyware definitions are not up to date, and that my computer was at risk. I ran an update, and it said the problem was not fixed. I clicked on the support icon expecting to be taken to the Symantec website for support, but an error window came up saying this was not a trusted site. I have copied and pasted the error message here:

The site's security certificate has expired!
You attempted to reach www-secure.symantec.com, but the server presented an expired certificate. No information is available to indicate whether that certificate has been compromised since its expiration. This means Google Chrome cannot guarantee that you are communicating with www-secure.symantec.com and not an attacker. Your computer's clock is currently set to Monday, December 10, 2012 11:15:42 AM. Does that look right? If not, you should correct the error and refresh this page.
You should not proceed, especially if you have never seen this warning before for this site.

The date is September 10th not December 10th as stated above!

I did not proceed, but instead got a support number from Symantec by a Google search and called them. After 90 minutes of remote access to... Read more

Answer:Windows XP Malware Removal/Cleaning Procedure

Welcome to Major Geeks!



MizVic said:





The site's security certificate has expired!
You attempted to reach www-secure.symantec.com, but the server presented an expired certificate. No information is available to indicate whether that certificate has been compromised since its expiration. This means Google Chrome cannot guarantee that you are communicating with www-secure.symantec.com and not an attacker. Your computer's clock is currently set to Monday, December 10, 2012 11:15:42 AM. Does that look right? If not, you should correct the error and refresh this page.
You should not proceed, especially if you have never seen this warning before for this site.

The date is September 10th not December 10th as stated above!Click to expand...

It may be September 10th, but your computer clock is set to Dec 10th which is why you got that message. You logs all show you clock to be set to Dec 10th. Fix your clock and then see what happens.
 

8 more replies
Relevance 97.99%

I was hearing ads play in the background of my computer.. even when nothing was open. I tried several other things before I came across this site. I followed all of the steps that were given and ran all of the programs that I was asked to download one at a time. I really hope that this solves my problem.

I do have one question though. When I ran hitman, it found 6 threats.. I ignored them as requested. Is someone going to let me know what needs to be deleted out of there?

I appreciate the help.
 

Answer:attatching log files from MG Malware Removal/Cleaning Procedure

Hello A.R.Cloud,

- Rescan with HitmanPro and allow HitmanPro to repair all the items it found. The repairs should require a reboot. Go ahead and reboot and then attach a NEW HitmanPro scan log when finished.
 

1 more replies
Relevance 97.99%

I had the FBI virus and it was deleted or disabled by a friend.

Now however, I have an "Encryption" virus that is encrypting some of my files and telling me to download a fix. I have not done this of course.

Also, before I started your procedure, I tried to run Restore but found that all restore points were deleted except for the current day.

I have followed all of the steps and instructions on your Windows XP Malware Removal/Cleaning Procedure.

My logs are attached
 

Answer:Logs from Windows XP Malware Removal/Cleaning Procedure

Can you attach the log from running Hitman please?

By the way, I cannot open your MGlogs.zip, it appears to be corrupted.
Can you run MGTools.exe again and attach the new log please?
 

18 more replies
Relevance 97.99%

I keep hearing random ads in the background even when nothing is open on my computer. I tried Vista & Windows 7 Malware Removal/cleaning Procedure and followed every step but I keep having the same problem.

I have these attachements below.

RKreport[1].txt from RogueKiller
Malwarebytes' Anti-Malware log
HitmanPro
MGlogs.zip - normally it is C:\MGlogs.zip


Please help. Thanks.
 

Answer:Audio Ads Virus - tried Malware removal/cleaning procedure

Welcome to MajorGeeks, jinejlee

I want you to read and follow these instructions: TDSSKiller - How to run
Please download aswMBR to your desktop.

Double-click aswMBR.exe to run (Vista/7 right-click and select Run as Administrator)
Select Yes when asked "Would you like to download latest Avast! virus definitions?"
Click the [Scan] button.
On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach)

Let me know if you are still experiencing the same problems after completing the above steps.
 

7 more replies
Relevance 90.2%

Hello there on major geeks, firstly thanks for reading this, also thanks for all the help you have given me in the past, as its work for me.

I am following the instructions on how to Vista Cleaning Procedure, for the virus called Trojan dns changer, i have managed to run the SUPERAntiSpyware, and it did find a few things, but now i cannot load Malwarebytes Anti-Malware, i have managed to install it, after re naming it following the instructions Rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
It will not run a scan at all, it just will not load, up it doesn't even say anything , like there is a problem loading it doesn't even come on the screen loading and say there is a problem loading.
I am novice but i do follow the instructions, i even printed all the pages off this site to follow the instruction on how to remove malware.
this Trojan is really bad , its taken my windows explorer over, seem to have better run of it for the moment, on Mozilla , as for anything else nothing. i will not let me open spybot-sd either.
It is also telling me,the dns is wrong. I know whats causing the problem,its just that i really am stuck, when the things i need to use to remove the problem,will not load.
hope you understand what i have written, and thanks for any help you mite have for me. Arnie
 

Answer:trojan dns changer Vista Cleaning Procedure, Malwarebytes Anti-Malware

DomLuc said:





You have already posted this in the Malware Removal Forum so really you need to wait for an answer there, since as your system is malware infected there are no software solutions outside of that.
Having said that, you need to follow the Read & Run Me First guide (that you are in the middle of) very carefully and try to complete *EVERY* step and not stop on just one. Even if that means using a CDR or USB to download programs on another machine as it explains, and even if you need to launch in Windows Safe Mode as it explains, or even running online scans, as it explains.
When you have attempted to complete every step, it is then that (having made careful note of problems you had) you post all the logs of the steps that you did manage to complete in a new thread there (which you have already started) along with those notes on problems, and any question you have.
You will then get answers and further directions from MajorGeeks trained, expert Authorised Malware Moderators.
If they judge the need for a software solution, then they will direct you back here at their discretion.

Good luckClick to expand...

thanks for that , didn't realize i had posted it in 2 places. as for doing every step a mean every step, that's all i have done for the last 2 days, i know what i have to do and i follow everything to the letter, i gace done it all before, as i said, i printed out all the things i needed to do and followed them to... Read more

15 more replies
Relevance 90.2%

Hello there on major geeks, firstly thanks for reading this, also thanks for all the help you have given me in the past, as its work for me.

I am following the instructions on how to Vista Cleaning Procedure, for the virus called Trojan dns changer, i have managed to run the SUPERAntiSpyware, and it did find a few things, but now i cannot load Malwarebytes Anti-Malware, i have managed to install it, after re naming it following the instructions Rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
It will not run a scan at all, it just will not load, up it doesn't even say anything , like there is a problem loading it doesn't even come on the screen loading and say there is a problem loading.
I am novice but i do follow the instructions, i even printed all the pages off this site to follow the instruction on how to remove malware.
this Trojan is really bad , its taken my windows explorer over, seem to have better run of it for the moment, on Mozilla , as for anything else nothing. i will not let me open spybot-sd either.
It is also telling me,the dns is wrong. I know whats causing the problem,its just that i really am stuck, when the things i need to use to remove the problem,will not load.
hope you understand what i have written, and thanks for any help you mite have for me. Arnie
 

Answer:trojan dns changer Vista Cleaning Procedure, Malwarebytes Anti-Malware

arnie4 said:





Hello there on major geeks, firstly thanks for reading this, also thanks for all the help you have given me in the past, as its work for me.

I am following the instructions on how to Vista Cleaning Procedure, for the virus called Trojan dns changer, i have managed to run the SUPERAntiSpyware, and it did find a few things, but now i cannot load Malwarebytes Anti-Malware, i have managed to install it, after re naming it following the instructions Rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
It will not run a scan at all, it just will not load, up it doesn't even say anything , like there is a problem loading it doesn't even come on the screen loading and say there is a problem loading.
I am novice but i do follow the instructions, i even printed all the pages off this site to follow the instruction on how to remove malware.
this Trojan is really bad , its taken my windows explorer over, seem to have better run of it for the moment, on Mozilla , as for anything else nothing. i will not let me open spybot-sd either.
It is also telling me,the dns is wrong. I know whats causing the problem,its just that i really am stuck, when the things i need to use to remove the problem,will not load.
hope you understand what i have written, and thanks for any help you mite have for me. Arnie

i am adding this myself to go with the information i alrea... Read more

25 more replies
Relevance 82%

I have been having trouble with my Word 2007. Thinking it was a driver conflict I reinstalled my mouse driver and found it was working UNTIL I rebooted the next day. Constantly flicker cursor making it very difficult to locate where you are in the document.

Went through the procedures to Step 4 in "Malware Removal/Cleaning Procedure" for my Win 7 Pro (64x) Service Pack 1 and still have the same problem. Attached are the reports this procedure suggested I send to you.

Should I remove any of these items in the reports or wait for your analysis?
 

Answer:Reports on removal/cleaning procedure NEW

Welcome to Major Geeks!

Well you have a bunch of junkware that was installed. We will clean the rest of this up but I cannot say that this will have any affect of Word. You may have to work out problems with it in the Software Forum.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3...M=2&UP=SP48695356-99B3-448A-A029-2AC28FB98CEF
R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.3\ytdToolbarIE.dll
R3 - URLSearchHook: MixiDJ V45 Toolbar - {d2cf9842-af95-48cd-b873-bfbb48cd7f5e} - C:\Program Files (x86)\MixiDJ_V45\prxtbMixi.dll
O2 - BHO: CrossriderApp0012767 - {11111111-1111-1111-1111-110111271167} - C:\Program Files (x86)\Tiger Savings\Tiger Savings-bho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: MixiDJ V45 - {d2cf9842-af95-48cd-b873-bfbb48cd7f5e} - C:\Program Files (x86)\MixiDJ_V45\prxtbMixi.dll
O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD T... Read more

5 more replies
Relevance 80.77%

My computer's browsers, IE and Firefox, starting acting strangely, mainly running slowly on different wireless networks and not responding periodically. I haven't made any changes to my system lately (such as install a new program) or had other suspicious behavior (such as pop-ups or redirects) but I thought I'd run the malware removal procedure, just in case since the problem started suddenly. The browsers are running at normal speed now, but I am posting my logs because Hitman Pro flagged some files that I am not familiar with as threat. I followed the forum's instructions exactly; the files have been ignored, and that is all. My question is if I should take further steps. Thank you.
 

Answer:Computer slowdown - ran cleaning/removal procedure

From your logs it looks like you may have uninstalled McAfee but it did not completely uninstall. Thus we will fix that along with cleaning up a little more junkware.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

After clicking Fix, exit HJT.

Please download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box

Code:

:Processes
explorer.exe

:Files
C:\ProgramData\Babylon
C:\Program Files\McAfee.com
C:\Windows\TEMP\*.*
C:\Users\Lindsay\AppData\Local\Temp\*.*
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : [URL]http://www.aartemis.com/web/?type=ds&ts=1385263391&from=cor... Read more

5 more replies
Relevance 77.9%

I was downloading movies using bittorrent. I deserve whatever virus I got. First thing I did was delete BitTorrent. I really need some help removing this thing.

It freezes at random times. Also when restarting it freezes. Sometimes I have to restart 3-4 times before it will load up completely without freezing. Computer runs very slow as well. At first I couldn't toggle between programs at the bottom. I would have to minimize one, and then restore another. I also couldn't right click on programs down in the taskbar.

I tried to solve the problem myself at first by checking which one looked like a virus in my Task Manager. I searched for the .exe and then went into safemode and deleted it. It said it had been created on November 29th. The .exe was called THEEE4.EXE. When I got back to windows there was another file in there, newly created, made up of random numbers and letters 6 characters long. It was in the C:\WINDOWS\Temp folder.

Anyway, that's all the information I can think of, here's my .zips and .txt's
 

Answer:Some sort of Malware. Not solved by cleaning procedure

Hi JLong!
Welcome to Major Geeks!

No one deserves a virus or any other bad thing to happen to them.



1)Please go to add/remove programs and uninstall the below:

J2SE Runtime Environment 5.0 Update 10"
J2SE Runtime Environment 5.0 Update 3"
J2SE Runtime Environment 5.0 Update 6"
J2SE Runtime Environment 5.0 Update 9"
Java(TM) 6 Update 2"
Java(TM) SE Runtime Environment 6 Update 1



2)Reboot after uninstalling the above.

3)Install the current version of Sun Java from: Sun Java Runtime Environment You still have not done this.

I will get back to you with other instructions after I've had a chance to look through your logs. This can take time, so thanks for your patience.

abri
 

7 more replies
Relevance 77.9%

My Dell Inspiron 1420 (Vista SP 1) suddenly started running sluggishly after I woke it up out of hibernation yesterday. It won't open programs such as System Restore and MSWord, but it runs Firefox and CCleaner without a problem. Task Manager shows up in the tray but won't open as a window.

It also locks up when I try to shut it down, and I've had to force it manually. It boots up fine.

I've defragged recently, cleaned the registry, cleaned out temp files, run scans with SpyBot. Then I followed the instructions on the malware removal guide in this forum, and nothing seems to have changed. I wasn't able to run the SUPERAntiSpyware program (stalled on the "preparing to install" dialogue), but the other three programs seem to have worked fine. I've attached those logs here.

Also, I don't know if this is relevant, but two new processes try to run at every start-up: "apntex.exe" (which I understand to be related to the touchpad driver) and "services.exe".

Thank you for any advice you can give me!
 

Answer:Malware cleaning procedure attempted, still have problems

Welcome to Major Geeks!

Your logs are clean. Thus you are not having malware problems. I suggest that you post in the Software Forum. I do see a very large memory dump file that indicates you had a system crash:
Code:

2009-03-14 21:54 . 2009-03-14 21:56 310,825,039 --a------ c:\windows\MEMORY.DMP

We need to cleanup from running the READ & RUN ME:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /u
Notes: The space between the combofix" and the /u, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
You can ... Read more

3 more replies
Relevance 76.67%

I need a little help with checking the logs.
Before the procedure I was experiencing crypt trojans that just kept coming back with each removal.
I don't know if it's still here after running the vista cleaning procedure.
I skipped the Combofix and Rootrepeal steps because I have 64 bit.
 

Answer:Help on Vista Cleaning Procedure. I ran it.

Welcome to MajorGeeks, lazybomb

Please update the database definitions for both Malwarebytes & SUPERAntiSpyware and re-run them, as they were outdated.

Now download Sophos Anti-Rootkit 1.5 and save to a location you will be able to find such as your desktop

Run sar_15_sfx by double clicking on it.
Click Accept to agree to the EULA
Click Install (if you wish to change the default installation location do so here but remember where you install to, the default is C:\SOPHTEMP)
Once it finishes copying files, exit the installer

Running the scan

Navigate to the location that you installed the software to (Default: C:\SOPHTEMP)
Run the sargui Application by double clicking on it. (Note: if using Vista or Windows 7, use right click and select Run As Administrator).
Ensure that all three of the options are checked
Click Start Scan
Once the scan is complete, close Sophos Anti-Rootkit by closing the scan window and clicking Exit in the main window

Do NOT click 'CLEAN UP CHECKED ITEMS' or attempt to have Sophos Anti-Rootkit fix anything unless specifically instructed.

Finding the logs

Click on Start --> Run
Type in %TEMP%\sarscan.log and press enter
The log file will open in the default editor (probably Notepad)
Click File --> Save As and save the file to your desktop or other location for easy retrieval.

Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Pl... Read more

1 more replies
Relevance 76.67%

Step 5 of the Vista Cleaning Procedure ends with the instruction " go to step 5". And shouldn't the reboot for re-enabling UAC be after the "Toggle System Restore" instructions if malware if found?
Thank you guys for this website. The Malware Removal procedures are long and laborious but worth every bit of the time spent following them.
 

Answer:Vista Cleaning Procedure

Welcome to Major Geeks!





cam330 said:





And shouldn't the reboot for re-enabling UAC be after the "Toggle System Restore" instructions if malware if found?Click to expand...

Yes it could be however what we were worried about was the few people who do not follow all steps right away. We have had some that do not immediately toggle System Restore. Thus we are concerned with getting UAC enable properly as quickly as possible. Perhaps I will add a note to step 5 to the effect that you can wait to do the reboot in step 6 if you are going to immediately run step 6.





cam330 said:





Thank you guys for this website. The Malware Removal procedures are long and laborious but worth every bit of the time spent following them.Click to expand...

Thanks!
 

1 more replies
Relevance 76.67%

Before I ask for help with my malware problem, I'm doing as I'm told and going throught the 'Read and Run Me First' programme. At the 'Malwarebytes Anti Malware' link, downloading the programme (from the USA OR the Australian site) results in my AVG detecting a trojan threat.....'Trojan HorsePSW.Banker5.ZOY' and wont allow me to install it.
IS it safe ? What would you suggest please. I've suspended operations !

Erland
Manchester UK
 

Answer:Vista Cleaning Procedure

Welcome to Major Geeks!

Malwarebytes is not infected. AVG is just having another false detection which is quite common. If you are having malware problems, you need to finish the instructions and attach your logs.
 

5 more replies
Relevance 76.26%

Hi, my computer has been infected by malware/spyware.

I started Vista and Win 7 Malware Removal/Cleaning Procedure today. There were no problems when I ran the Rogue Killer application. Then, I ran the Malwarebytes-Anti Malware scan and successfully removed the objects which it detected. I restarted my computer when prompted to restart after the scan. But now when I login to my User-account - I get a dll error (I have posted a screen-grab as an attachment) After I click ok/cancel the desktop screen hangs/freezes. How do I finish the Malware/spyware cleaning procedure? I would appreciate any help. Thanks in advance.

ps: My computer runs on Windows 7 Ultimate OS & I have ESET smart security anti virus.
 

Answer:Computer repeatedly hanging and cannot complete malware/cleaning procedure

Are you able to complete the cleaning procedures in safe mode at all?
 

29 more replies
Relevance 75.85%

I visited this forum for a guide to routine maintenance and cleaning of my computer. I did not have any major problems to speak of, but I wanted to go ahead and go through the "Basic Computer Maintenance" and "Vista Cleaning Procedure" because I'm not naive enough to believe that just because there aren't any noticeable problems I am not infected with malware in some way. I also thought the cleaning would help optimize performance. I made it through all the steps in the Maintenance and Cleaning threads and was feeling pretty good about cleaning up my computer; however, shortly after finishing I noticed that my Windows Security Center service has been turned off. When I try to turn this service back on I get a message saying, "The Security Service can't be started" (see: screenshot1). I tried consulting google and found several pages with some suggestions, but I just keep running into more error messages. I tried starting the Security Center through services.msc and got a combination of error messages (see: screenshot2 and screenshot3). I also tried doing a system restore from multiple different restore points, but none of them were able to complete successfully. I would appreciate any help you guys could offer me regarding this problem. As far as I know I followed all of the recommended procedures word for word - let me know if there's something I did wrong. :confused THANK YOU!!
 

Answer:Problems after Vista Cleaning Procedure

Welcome to Major Geeks!





drum_bum04 said:





I made it through all the steps in the Maintenance and Cleaning threads and was feeling pretty good about cleaning up my computer; however, shortly after finishing I noticed that my Windows Security Center service has been turned off.Click to expand...

What specific thread are you referring to what you say Maintenance and Cleaning threads. We do not have a thread with tha title in this forum. We do have a Vista Cleaning Procedure though and it is part of this thread: READ & RUN ME FIRST. Malware Removal Guide

Is this what you meant to say you ran?

Exactly what things have you done up to the point where you noticed this issue?






drum_bum04 said:





When I try to turn this service back on I get a message saying, "The Security Service can't be started" (see: screenshot1). I tried consulting google and found several pages with some suggestions, but I just keep running into more error messages. I tried starting the Security Center through services.msc and got a combination of error messages (see: screenshot2 and screenshot3). I also tried doing a system restore from multiple different restore points, but none of them were able to complete successfully. I would appreciate any help you guys could offer me regarding this problem.Click to expand...

This is a fairly widespread problem (and I don't mean the READ & RUN ... Read more

7 more replies
Relevance 75.85%

I have followed the windows vista cleaning procedure
My computer still show a security alert
Most windows update does not want to install
I attach a copy of Hijack log
I have highlight the think that I fond suspicious
I would like to know what chalang think about my log
Defender automatic update do not work also

Need some help?
Thank you
 

Answer:windows vista cleaning procedure

Welcome to Major Geeks!

The cleaning procedure does not ask for a HijackThis log. Especially one in a PDF file.

Please attach the logs that were requested in the procedure which was



Step 4: Do You Still Have Problems

Yes, I?m still having problems
DO NOT run the READ ME again!!!! Please attach your logs as given below.
If you do not already have a thread started, start a new thread otherwise post the following in your original thread. Clearly describe in detail the problems you are having and how long ago they started. Think about what you were doing at the time.

Now you need to attach (See: HOW TO: Attach Items To Your Post ) the below logs created while running the above scans
SASlog.txt log from SuperAntiSpyware.
Malwarebytes Anti-Malware log

ComboFix.txt (normally C:\ComboFix.txt)
MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.
You will need to post 2 messages to attach all four logs since only 3 attachments are allowed in any single message. Post all of them in one thread.
Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.

Click to expand...


 

7 more replies
Relevance 75.03%

hi,
i ran through the read & run post step by step and am now running through the vista cleaning procedure, the problem is when i get to the combofix step, i need the vista installation disc, to access 'vista recovery enviorment' which i don't have.

is there a way around this??

i've been on to my notebook manufacturer (acer) to try persuade them to mail me a copy of vista, no reply yet!


also the mgtools.exe prog. won't download as an executable, it's comming in as attachment_2.php???


thanks in advance
d.lynch
 

Answer:prob's running vista cleaning procedure

d.lynch.irl said:





hithe problem is when i get to the combofix step, i need the vista installation disc, to access 'vista recovery enviorment' which i don't have.

is there a way around this??Click to expand...

Just continue without the Recovery Environment.





d.lynch.irl said:





also the mgtools.exe prog. won't download as an executable, it's comming in as attachment_2.php???Click to expand...

Disable your popup blockers and also make sure that when you login to MGs that you click the Remember Me box. Also if using a download manager, don't use the download manager.
 

5 more replies
Relevance 75.03%

Hi, I was following this website's guide for Cleanup for Vista, and have run into a problem I have no idea how to handle.

I did everything as it was described, but a problem arose after I had run combofix. SuperAntiSpyware and Malwarebytes reported that they didn't find any problems.

I then went through the directions for running ComboFix. It got to step 50 and shortly after that it said that it was going to restart windows, so I let it. As windows was shutting down, some sort of error message came up that said something about a problem with a file named something like "catchme..." It closed before I could write down the name. It hadn't said anything on that walk through about a restart at this point so I was confused.

When windows started back up Combofix was open, saying that it was preparing the log, but all the stuff in my startup was starting too, including AVG. I had disabled it before I ran ComboFix, but when windows restarted, so did AVG, and the icon didn't have that little warning triangle on it, so I knew the resident shield was enabled. I am not sure if this is what messed things up. Again, there was some sort of error message somewhere after the restart involving something else with the word "catch" in it somewhere, but I was really confused at this point.

So I thought maybe that things were ok, and I would just attach the log and see what all of that meant.

However, when I moved on to the next step, my comp... Read more

Answer:Problem half way through Vista Cleaning Procedure

alphasixty said:





Any help is appreciated. I really need some. I assume that if I do not get a response in 12 hours or so, I will probably try to go back to the restore point created before Combofix ran.Click to expand...

Normal reponse time is 2 to 5 days depending on how many of us have been around. Right now we are running at about 2 days since a few of us have been around more due to have days off from work. System Restore would be what we suggest anyway but you may find that it give a similar message. Let us know.

ComboFix did not really find or remove anything of significance. Just some junk in the Recycle Bin and an autrun file for drive F.


Why were you running the cleaning procedure to begin with?
 

1 more replies
Relevance 73.8%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 73.39%

After running the Vista cleaning procedure, these are the logs I have left from root repeal and mgtools. I have a suspicion that I have unresolved issues from the other scans as my cpu meter is all over the place even when I'm doing nothing.

Thanks for the help!
 

Answer:Root Repeal / MG Tools logs from Vista Cleaning Procedure

You neglected to attach the logs from ComboFix, SAS and MBAM.
 

1 more replies
Relevance 72.16%

May I begin by saying I have made progress and been helped however indirectly by the posts here on your fine forum. I respect and appreciate your help in solving my and other users' problems. Thank you very much!

I am in Kenya and have been trying to solve some of the malware problems at a computer lab at a college. Much of the software has been corrupted or infected with whatever and I am beginning by working on this machine. After reinstalling a copy of windows given to me by the school, I have noticed that the task manager and regedit have been "disabled by administrator".

I have followed the full process listed at the Windows XP Cleaning Procedure topic and have also tried to use Spybot to no avail and have used Ad-Aware to some minor success.

After renaming a copy of regedit.exe I was able to gain partial access to the task manager - that is, it closes right after it opens - and regedit.exe - same problem.

I have run all of the malware detection and deletion programs multiple times and keep getting detected problems, which I (theoretically) delete, to find that more are to come next time I run SAS or Ad-Aware or Malwarebytes. I have posted the logs requested plus the log of Ad-Aware, AVP, and exehelper in an attempt to find some benevolent soul on majorgeeks to help.

I will try to answer back in a timely manner, but I may not be able to due to network outages that happen here every other day. Sorry about that, you can't ask much for rur... Read more

Answer:Malware problem after removal procedure - Win XP SP1

And the other logs I did not include:

Thank you once more!
 

4 more replies
Relevance 71.34%

Greetings from England!

I have a problem with my P.C in that sometimes It begins to just start acting as though it is loading something, however I have not instructed it to do so, and on the face of it, nothing actually seems to be happening apart from a huge slowing down of the entire system. For instance, I can be searching the web and my hard drive will begin to act as though it is loading up a programme in the back ground, and at its worst, can take up to ten minutes to sort itself out!!

Also, on average, from surfing the web for five minutes, I can have 5 different pop ups appear!!

I followed the README procedure and it seemed to get rid of alot of crap, however the problems still persist. I have attached my logs as requested.

Many thanks in advance!!:wave
 

Answer:Malware removal procedure followed..However problems persist:(

and the last attachment
 

4 more replies
Relevance 71.34%

*i had some problems with my avira antivirus interfering with the first scans directed by the MG malware removal procedure. i had disabled all the avira measures including firewall, but the next time i checked they were all enabled again; i noticed it when doing the malwarebytes removal, and it wanted to remove registry things but avira stopped it. only after this did i uninstall avira, and then i ran malware bytes again (i only remembered after i reran it i did that the instructions say not to repeat steps), but this time no detections were found. so even though i thought i had disabled the antivirus, it may have been active up until after the malwarebytes scan step, ie during the roguekiller and malwarebytes scans
**i am missing the txt logs of the mbytes scans and only have the xmls, could not upload them, i am not sure where they went but i did search for them

So here are my logs, i followed all the instructions. The problems i am having are 1) very intrusive adware is in my chrome browser on search engine results pages (google/yahoo) and also on ebay. at one point my chrome browser was prevented from installing an adblock extension, and after speaking to some techs i believe it was the malware causing a problem, though i have been able to install it since.

i also had trouble copying files to a usb flash drive. files copied to the drive from my computer were inaccessible, and the folder and file icons were replaced with blank ones, and all files and folders were the sa... Read more

Answer:i did the malware removal procedure need help, have logs and info

Rerun Hitman and have it remove all it finds.

Now do this to reset Chrome:

Reset Chrome to Defaults

Reboot and rescan with Hitman and attach the new log. Tell me how things are running.
 

9 more replies
Relevance 70.11%

Hi, reading this forum has been so helpful and I wanted some advice on getting rid of malware. Two nights ago I got the ctfmona.exe trojan (bugs on the screen/blue desktop/dialog box saying I was infected). I ran a Norton scan which found it and partially removed it than had me manually delete it from the registry. I then I followed the instructions on http://forums.majorgeeks.com/showthread.php?t=35407 and http://forums.majorgeeks.com/showthread.php?t=139313. My computer seems to be working fine, but I'm just really worried there is a key logger hiding somewhere. Other websites have talked about needing to reformat you computer and still not knowing for sure if you've gotten rid of it. I was just wondering if there is any way to know for sure if I'm in the clear? I'm attaching my logs. This may not be important but I thought I should also mention I went through the whole process once and realized I hadn't deleted all old forms of Java so I did deleted them and went through the 5 scans again. For this reason virtually all the scans were clear this second time, when the first they had indeed found malware. Thanks in advance for the help.
 

Answer:Ran malware removal procedure but still question about key loggers (logs included)

Re: Ran malware removal procedure but still question about key loggers (logs included

last log
 

5 more replies
Relevance 68.06%

Hi - I'm posting this to continue the post that I started in the other forum. Summary:I'm working on a friend's computer running Windows XP Professional, SP3.I first ran Malawarebytes Anti-Malware, Super Anti-Spyware, Spybot Search and Destroy, all in safe mode and got rid of mostly everything. Subsequent scans report that there are no more problems. After that I ran AVG Virus scan and there were no viruses. Per request, I posted the MBAM and SUPERAntiSpyware logs in the previous post.I then ran a DrWeb CureIt scan and posted that log to the prior post.Currently I'm having some trouble getting rid of "PC Confidential". I looked under the add-ons for IE8 and saw a 2 instances of PC Confidental, and 1 instance of PCCBHO.dll. I deleted the registry key associated with all of those entries, and deleted the entire folder (program files/winferno/pc confidental) containing the PCCBHO.dll file. PC Confidential still appears under the "Tools" menu in IE8, and also appears in the context-menu when I right-click on a file.I was instructed to post here. For some reason I can't run the DDS Tool. Therefore, I installed HijackThis and ran a system scan. Here's the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:15:16 PM, on 7/27/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WI... Read more

Answer:Cleaning Up After Malware Removal

Hello and welcome to Bleeping Computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest ve... Read more

2 more replies
Relevance 67.24%

I got a message yesterday and this morning when I started the computer and clicked to go online from my anti-virus program and something about a bad browser add-on called CBrowserHelper Object.

I have been having issues with the computer suddenly shutting down on me (sometimes after it has been on for less than an hour and other times when it has been on for a few hours). But when I turn the computer back on there is no message about the computer having been shut down improperly.

I was thinking that perhaps is is getting too hot since I know that hard drive is good (brand new one in fact and it passed all the hard drive tests) and since the battery on this laptop is really old I do not use it anymore and just keep it plugged into an outlet. I do keep the laptop elevated and the stand it is on has a fan running to help keep airflow to the underside of the laptop. I have eneded up getting a small fan and putting it behind the laptop and keep that running as well to keep the laptop cool and then it does not shut down on me (at least not yet) which is why I was thinking that there might be an issue with the cooling of the laptop. It is a Gateway M1629 running Vista Home Premium 32 bit operating system with 3GB of RAM and an AMD processor.

However, After getting that message yesterday and this morning I figured I had better run the Malware steps here. I already run spyware and malware scans a few times a week and they found nothing. Unless the last step found some... Read more

Answer:just ran all steps for malware removal and cleaning

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode.


Search-Results Toolbar <<< Uninstall this.


Re run Hitman Pro and have it remove everything APART from:





Miniport ____________________________________________________________________

Primary
DriverObject . . . : 876B6688
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 00000000 +0
IRP_MJ_SCSI . . . : 884451F8 +0
Solution
DriverObject . . . : 876B6688
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 00000000 +0
IRP_MJ_SCSI . . . : 85C88A2C \SystemRoot\system32\drivers\ataport.SYS+18988Click to expand...


And the entry on the Repairs tab is okay too I believe.



Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.


Now run the C:\MGtools\GetLogs.... Read more

17 more replies
Relevance 67.24%

New member and followed instructions but uncertain where to go from here.
attaching files
Questions such as RoqueKiller..do not fix, when do they get fixed
Set up firewalls and plan to restore system
 

Answer:Windows XP Malware Removal/Cleaning

Greetings, Trouble911, and welcome to MajorGeeks.

I strongly suggest that you perform all of the steps listed in the Read & Run Me First guide, then start a new thread in the Malware Removal Forum and attach the requested logs to your first post(s) in that thread.

Good luck!
 

7 more replies
Relevance 67.24%

I've just finished malware removal with the 'fantastic' Chaslang and he recommended that I post here for a registry clean up.

I also have to ask why C:\WINDOWS\system32\msiexec.exe is running?
I keep getting a pop up for MS Office 2000 SR1 telling me I'm trying to install a feature which is on the master CDrom disk. It happens very often when I'm surfing.

Once again, thank you in advance for your assistance - it is very much appreciated.

Stuart
 

Answer:Need help with registry cleaning after malware removal

Hello Sutartie485.

Well it seems that possibly your MS Office 2000 may still be installed in your PC.
Few questions first. Do you use MS Office 2000 at all? If not, I'd suggest removing it, and that should fix that issue, if you do. We can still assist. Also, why the MSIexec.exe is running, its probably due to the fact of why its prompting you for an install Medium. MSIexec.exe is used for installing/uninstalling programs. Its used also for when installing with the .msi extension.

Hope this sheds some light.
 

6 more replies
Relevance 66.83%

Hey there! :cool First off thanks for making a site like this and keeping it up to date and having consistent and constant responses to all of the world's computer problems!

OK, so I'm currently going through the "Vista Cleaning Procedure" at the end of the "Malware Removal Guide" that I've already gone through. I've done everything to the T according to your instructions and I'm stuck on the RootRepeal program.

The problem is as follows: I'm able to install and then run RootRepeal and it will run for a good 30 min. and then it gets to this point:



I'm including 2 other pics to show the program is indeed frozen due to "error" see-through box I'm receiving. I've waiting for over a few hours before posting. :zzz I believe I'm suppose to be able to see this "error" box however the program is not displaying it correctly as you can see above. Here are two more pics to show processing is at idle and program is still running and responding:





I've been able to run SUPERanti Spyware, Malwarebytes, and Combofix just fine. I've attached there logs to this thread. I have not continued past the RootRepeal procedure as of yet so I have not run MGtools.

What should I do from here? :confused Thanks a ton in advance!
 

Answer:Using "Vista Cleaning Procedure" - RootRepeal Freezing

Using "Vista Cleaning Procedure" - RootRepeal Freezing - Adding MGTools Logs

Hey there :wave, I've gone ahead and ran MGTools and attached them here for an addition to my other post. The other post is named the same minus " - Adding MGTools Logs".

Hope this helps to figure out why RootRepeal is freezing on the winsxs folder. I'm also going to try and slim down that folder with the Service Pack Clean-up tool (Compcln.exe). I'm hoping this will be OK. :cool
 

9 more replies
Relevance 66.42%

I have finished the malware removal process. Computer still extremely slow. some programs run slower than others. Seems to have moments of freezing. Especially unkind to facebook. Kicks out of it when responding to status/posts.

I have attached the logs except for the HITMAN log. I get a message in attachments saying that it is larger than allowed for this thread.

View attachment TDSSKiller.3.0.0.19_30.01.2014_12.15.44_log.txt



View attachment RKreport[0]_S_01302014_113134.txt



View attachment MGlogs.zip



View attachment mbam-log-2014-01-30 (11-41-29).txt



Thanks
 

Answer:finished the malware removal/cleaning process

Uninstall the below programs. If you do not find them or they will not uninstall, just keep going.
BabylonObjectInstaller
BeFrugal.com Toolbar
CWA Reminder by We-Care.com v4.1.22.3
DealCabby
getsav-in
Java(TM) 6 Update 29
Mobogenie

Now install the current version of Sun Java from:

Go here for 64 bit OS = Sun Java 64 bit Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.
Go here for 32 bit OS = Sun Java 32 bit Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.

Please download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box

Code:

:Processes
explorer.exe

:Files
C:\Users\Anita\AppData\Roaming\newnext.me
C:\Windows\tasks\BeFrugal.com Toolbar.job
C:\Windows\tasks\Driver Booster Update.job
C:\Windows\tasks\SLOW-PCfighter64-Anita-Notification.job
C:\Windows\tasks\SLOW-PCfighter64-Anita-Startup.job
C:\ProgramData\BeFrugal
C:\Program Files (x86)\Microsoft Security Client
C:\Program Files (x86)\Mobogenie
C:\Program Files (x86)\MyPC Backup
C:\Windows\TEMP\*.*
C:\Users\A... Read more

3 more replies
Relevance 66.42%

Hi, I will have to post more than once in order to upload all logs on a problem that started appearing approximately 8/15/2012.

1) Clearly describe in detail the problems you are having:

1st Symptom: When I reboot my Lenovo-E87C63AA, at Windows XP User Login prompt I receive the following dialog:

svchost.exe - Application Error

The instruction at "0x7c919af2" referenced memory at "0x00000010". The memory could not be "written".

Click on OK to terminate the program

Click on CANCEL to debug the program.

2nd Symptom: attempting to install new programs or uninstall a program leads to a timeout where the scroll bar indicator times out and stops moving forward while the Windows Task Manager shows the Task Status as "Running".

3rd Symptom: Tried booting into F8 Safe Mode and could not unless running this function from MSCONFIG.

4th Symptom: System Performance is slow, especially when shutting down and restarting. Windows Task Manager Page File Usage typically exceeds the physical 2GB RAM

2) and how long ago they started:

Approximately when Microsoft Security Essentials detected and Quarantined Adware:Win32/Adkubru on 8/15/2012 and Trojan:Win32/Comisproc on 8/21/2012 and Exploit:Java/CVE-2012-0507.CG on 08/24/2012.

I recall having a web browser Adware/Malware appear approximately this same time. Frankly I use so many browsers such as Safari, Chrome, Firefox and IE I do not recall how I removed this.

I am m... Read more

Answer:Windows XP Malware Removal Cleaning Post #1

Windows XP Malware Removal Cleaning Post #2

Edit: Logs
 

15 more replies
Relevance 66.42%

Hi,

Under House Cleaning in the Malware removal prep guide it says to Empty ALL Quarantine type folders for antivirus and antispyware applications.I ran AVAST and I have several infected files quarantined. Avast! warned me that some of them may be system files and that I may not want to remove them; so I just quarantined them. My question is which, if any, of these files should I delete from the quarantine/Virus Chest? I have listed the files down below including the "non infected" ones Avast placed in the Virus Chest.

The Virus description on each is "WIN:MalOb-F [Cryp]" and their location was C:\System Volume Information\_restore...(followed by a long number that looks like a software key).

9 of the files are of this type:

A0099467.DLL
A0099468.DLL
etc.

3 are these:

A0100542.EXE
A0100543.EXE
bwjcfmfa.exe

Those are all in the Infected folder. However when I click 'All Chest Files' on the left under Categories, 3 other files show up below the infected files I listed above:

kernal32.dll
winsock.dll
wsock32.dll

When I check the properties of these last 3 files kernal32.dll,
winsock.dll, & wsock32.dll the Virus Description is blank.

Thanks in advance for any help you can provide. It is greatly appreciated.
 

Answer:question regarding House Cleaning for malware removal.

Welcome to Major Geeks!

Just ignore the emptying of quarantine files and continue all the way thru the rest of the instructions. Attach the 5 logs when you finish.
 

1 more replies
Relevance 66.42%

Hello, i followed the steps and here are my logs, i hope you can help. Thanks for your time
luis
p.s. i have two more logs that i need to post
 

Answer:logs from malware removal/cleaning procedures

laonofre said:





Hello, i followed the steps and here are my logs, i hope you can help. Thanks for your time
luis
p.s. i have two more logs that i need to postClick to expand...

i hope i uploaded the mg log correctly
 

13 more replies
Relevance 61.91%

I followed the xp cleaning procedure few months back and want to do the same now. I have the following software installed as part of the previous cleanup procedure - superantispyware, spybot -search & destroy, malewarebytes, combofix and MGtools. My question is, do I need to reinstall all these softwares or can I update them to the latest signature and use them. Also, should I be using RootRepeal instead of spybot-search & destroy.

Appreciate your help
 

Answer:xp cleaning procedure

68gman said:





I followed the xp cleaning procedure few months back and want to do the same now. I have the following software installed as part of the previous cleanup procedure - superantispyware, spybot -search & destroy, malewarebytes, combofix and MGtools. My question is, do I need to reinstall all these softwares or can I update them to the latest signature and use them. Also, should I be using RootRepeal instead of spybot-search & destroy.

Appreciate your helpClick to expand...

You need to update SUPERAntiSpyware and Malwarebytes to current program versions and database versions.

CompboFix and MGtools should not have been kept on your PC at all. After completing our cleaning process, these should have been uninstalled. You will have to download and run the current versions.

Yes we need the RootRepeal log too! We do not ask for you to run Spybot in our cleaning process nor do we need logs from it.
 

1 more replies
Relevance 61.91%

I'm sorry if I shouldn't have started a new thread, but I'm not too familiar with forums.

I initially started investigating the problem because my mouse was acting up - not selecting blocks of text as expected, registering multiple clicks, closing down multiple apps at a time. It may still be that my mouse is dying, but that behaviour is still occuring, even after finding and removing some malware. If it's relevant, i switched from AVG 8.5 to Avira - but that was after the infection.

At present, the only symptom I can spot is the odd mouse behaviour, but I'm pretty sure something still isn't right.

thanks in advance, i really appreciate that people give up their time to help others.
 

Answer:Followed the cleaning procedure, but..

Sorry for posting a reply, I tried to find how to edit my post, but couldn't find how to, or any explanation of how to do that.

I forgot one thing in my initial post - which is to say that MsConfig was not there when I tried to run it, and I don't have install discs or another machine from which I could copy it.

The other thing is, I'd really like to know either way whether it looks like there's any malware on my PC. Like I say, it's still misbehaving in the way that led me to suspect an infection in the first place, but nothing seems to show up, that I can see. Could it be something more run of the mill than malware?

Thanks
 

2 more replies
Relevance 61.91%

I am still having problems!
Ads are still popping up.

The SuperAntiSpy thingie won't print out a log for me. :-( but I have the log for Combofix and MGTools.

I attached both of these. Is there anything else I can do?! Before I take it to the nearest BestBuy and spend money to let them do it??

Oh, my husband's gonna kill me... :cry

Please help!

Thanks!
 

Answer:Used Win XP Cleaning Procedure Now what?

Please install:
Java Runtime 6

Do you know what this is:
C:\Program Files\Common Files\baruh
If not...delete it.

Please disable all anti-virus and anti-spyware programs while we do the following:

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {F56EBF5E-36DF-4219-84D1-58BAF3C66D80} - C:\WINDOWS\mllmmmjh.dll
O4 - HKLM\..\Run: [cbabyyvuro] Rundll32.exe "C:\WINDOWS\system32\ddccccyw.dll",s
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exeClick to expand...

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xInsIDE"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cbabyyvuro"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F56EBF5E-36DF-4219-84D1-58BAF3C66D80}]Click to expand...

Now download The Avenger by ... Read more

6 more replies
Relevance 61.91%

I have followed all of the cleaning procedures outlined in the malware removal thread.
What should my next step be?
Thank you so much for any help.


Below are my results


combofix log
ComboFix 09-05-20.A0 - Les Cooper 05/20/2009 21:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2597 [GMT -4:00]
Running from: c:\documents and settings\Les Cooper\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

Edit by chaslang: Inline ComboFix log removed. READ & RUN ME FIRST. Malware Removal Guide sticky not followed properly.
 

Answer:followed cleaning procedure... now what

Welcome to Major Geeks!

Per the instructions in the cleaning procedure, you must ATTACH logs. Inline logs will be deleted. Also you must attach ALL of the logs we requested. The below is a direct quote from the procedure. You need to ATTACH those 4 logs.



Step 3: Do You Still Have Problems

Yes, I?m still having problems
DO NOT run the READ ME again!!!! Please attach your logs as given below.
If you do not already have a thread started, start a new thread otherwise post the following in your original thread. Clearly describe in detail the problems you are having and how long ago they started. Think about what you were doing at the time.
Now you need to attach (See: HOW TO: Attach Items To Your Post ) the below logs created while running the above scans
SASlog.txt log from SuperAntiSpyware.
Malwarebytes Anti-Malware log
ComboFix.txt (normally C:\ComboFix.txt)
MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.
You should attach all of your logs to one message after you have completed all scans.
Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.
Also DO NOT BUMP your thread to try and get a faster answer. This will actually significantly delay getting an answer. See this: Don't Bump! It Only Hurts You!!!

Click to expand...


 

1 more replies
Relevance 61.91%

I am trying to fix a friends pc thats in a bad way,
its constantly sending data out over Ethernet and
the icons in the control panel don't do anything when you
double click them,

I have done all the steps in "read and run me first"
I am now trying to install super anti spy-ware but when
I double click the installer nothing happens, I am guessing
this is related to problem with the control panel icons

I have tried to also install in safe mode but still the same
problem

Any help would be great :cry
 

Answer:Cant Do The XP Cleaning Procedure

Welcome to Major Geeks!

Just skip SUPERAntispyware and continue. PLEASE NOTE: The cleaning procedure steps of the READ ME changed late yesterday, so please make sure you refer to the current online copy before continuing. ComboFix has been removed at this time from the READ ME steps.
 

1 more replies
Relevance 61.91%

My aunt's computer doesn't have any noticeable problems, but I suspect most computers to be infected with something, and my first scans found things, so I came here again to run the Read Me Run Me list.

Let me know if I missed a step, I'll go back and do it as soon as I can.
 

Answer:Ran cleaning procedure for XP

And posting MG tools log because it's one more file than the attachments allow...
 

7 more replies
Relevance 61.09%

Hello,
Wow, I am really over my head here... I have never tried to remove viruses, worms, etc. before.

It started around 2 days ago. I downloaded a few freeware FTP programs as well as a few freeware Website publishing programs. I messed around with a few of them and then I had to leave. I come back a couple of hours later and I have error messages and pop up balloons warning me of
C:/Windows/wml.exe files
Abebot
worm.Win32.NetBooster
TrojanDownloader.exe files

as well as many more.

I have already done the windows xp cleaning procedure posted by chaslang; as well as downloading all four programs. Followed through with all the steps and it has helped a lot! But I am still having issues with one window that keeps coming up. White and red colored, stating that either C:/Windows/wml.exe- Abebot, or a TrojanDownloader.exe file.

Otherwise all the startbar warning balloons have stopped as well as the pop ups that say anything about worm.Win32.NetBooster, and the warning messages about Someone hacking into my computer..blah.blah.blah..

Thanks for the help,
mschoettger
 

Answer:Windows XP Cleaning Procedure

Hi mschoettger,
Welcome to Major Geeks!

Please do the following.

Begin by running CCleaner in the default setting with the Windows tab as the one on top. CCleaner was installed as part of the READ & RUN ME which you worked through.

Next download HostsXpert and then follow the below steps. [/B]
Unzip HostsXpert.zip
It will create a folder named HostsXpert in whatever folder you extract it to.
Run HostsXpert.exe by double clicking on it.
click the Make Writeable? button.
click Restore Microsoft's Hosts File and then click OK.
Click the X to exit the program

After you finish the above, please go to Removing Zlob aka SmitFraud, SpySheriff, Infections and follow the instructions. This will produce two logs, both called rapport.txt. Please allow the tool to run and produce the first log. When it completes rapport.txt, attach the log here before continuing with the cleaning procedure. If you don't do this, the second part of the procedure will overwrite the first log and the information will be lost.

When you finish the above, I would like for you to go to Windows XP Cleaning Procedure and find the link for MGTools. Your tools did not run correctly. This may be because of the infection that is on your computer. Please go ahead and reinstall them as per the instructions. If it asks you if you want to install over the existing ones, say yes. After it completes downloading them, have them run as instructed and attach the new set of logs which will be called... Read more

1 more replies
Relevance 61.09%

Hi,

I'm having several problems with my PC, running XP Home Edition.

Firstly google links were being redirected to other spam sites, and now 'xp internet security' is suddenly on my computer. I was going through the 'Perform these steps' thread, however when I got to the pouint of using Malwarebytes, after the reboot, thats when the internet security programme appeared and since then I can't open Malwarebytes or any other programmes. Now an 'Open with' box comes up for every programme I try to run.

What should I do now?

Thanks in advance for any help.

Charlie
 

Answer:Trouble with the XP cleaning Procedure

Update: I can't get anything to run on my computer now, I'm writing from my laptop at the moment.

Most Programmes, when I try to open them come up with the 'Open With' box, however others like itunes simply won't open at all.
 

9 more replies
Relevance 61.09%

I did the XP cleaning procedure. Things seem so much better except automatic updates are still failing. Attached are the logs.

Thanks in advance for your help.
 

Answer:Cleaning procedure done. Am I clean?

...and I think this is the combofix log?
 

5 more replies
Relevance 61.09%

1) i cannot run Malwarebytes Anti-Malware after i have downloaded it. it crashed during the scanning process. i have tried reinstall, and downloading it again but nothing works.
2)i cannot download combofix.exe and root repeal at all. i cant open the link.
i have tried other link too. but none are working.

i'd be forever grateful if you guys will help me. my yahoo instant messenger was attacked by virus a few days ago. it crashed and keep sending random links to my contact list. can you help me...please...
 

Answer:i have run these Windows XP Cleaning Procedure but

ms vaughn stump said:





1) i cannot run Malwarebytes Anti-Malware after i have downloaded it. it crashed during the scanning process. i have tried reinstall, and downloading it again but nothing works.
2)i cannot download combofix.exe and root repeal at all. i cant open the link.
i have tried other link too. but none are working.Click to expand...

Try completely shutting down Avira and then download and run these tools again. Otherwise download them using another PC and copy to this one using a CD or flash drive.


You are way out of date with your version of SUPERAntiSpyware. At least 6 program versions behind and about 560 database versions out of date!!!!!
Please uninstall your current version (this is necessary).
Then download this SUPERAntiSpyware
Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
Now run a new full scan of your system. And attach this new log.

Also MGtools did not run properly for you, this was also probably due to Avira getting in the way. Make sure Avira is shut down, then close any other unnecessary windows while doing the below so that you can see that popunder from TrendMicro HijackThis that may occur and requires your acknowledgement by clicking on the Accept button TWICE.


Now run the C:\MGtools\GetLo... Read more

1 more replies
Relevance 61.09%

I'm following all the steps to clear my computer of whatever has gotten to it. I've made it all the way to the cleaning procedure (I did have to go into Safe Mode though).
I have a Compaq Presario 6000 that runs Windows XP Home Edition.
I can't get to the internet in the Safe Mode and I have my son's laptop to save the files that need to be downloaded and I have a flash drive; however, I don't know how to download the files directly to the flash. When I click on download it asks if I want to save the download (and I'm using Mozilla), but it saves it to that. Could you please tell me how I can save it to the flash?:-o
Thanks!
Debbie
 

Answer:Help saving cleaning procedure

Never mind...I found it in another thread in this forum. I'm sure I'll be asking for more help though!
You all are great...don't know what I'd do without you with help on my computer!
 

2 more replies
Relevance 61.09%

Hello, A friend directed me to the Windows XP Cleaning Procedure page on your site and I have followed all the steps and believe I have my logs ready to go. . . but then in browsing your site, I see that there were two steps I should have done previously that I didn't know existed ("house cleaning & set-up" and "enable view of hidden files"). Not sure if I need to re-run the five tools. . .

I originally ran these tools because my computer (which runs Windows XP) is slow, locks up and I constantly have problems with non-responsive programs (especially Outlook). Sometimes when I try to shut down my pc, it just won't happen and I have to do a hard boot (I think that's what it's called).

So, after running the five tools I'm wondering if I need to remove the five items that Malwarebytes put into quarantine? Also, I don't know if I have a 32 bit or 64 bit machine (I believe I was supposed to specify one or the other).
 

Answer:help after using Windows XP cleaning procedure

4th log Re: help after using Windows XP cleaning procedure

Here is the 4th log.

Thank you to whomever read this and helps!

Michelle
 

5 more replies
Relevance 61.09%

I scanned with SAS, even though I selected to save a log none was saved. I included MG and MBAM logs. I followed the cleaning procedure steps.

This application tries to run when Windows(Vista) starts.




Open File - Security Warning
The publisher could not be verified. Are you sure you want to
run this software?

Name: ...iehiller\AppData\Local\ljqyxlvnr\ejxudlktssd.exe
Publisher: Uknown Publisher
Type: Application
From: C:\Users\reggiehiller\AppData\Local\ljqyxlvnr\ejx...Click to expand...

This pops up in AVG when I start Firefox.




Found Tracking cookie. Yieldmanager
C:\Users\reggiehiller\AppData\Roaming\Mozilla\Firefox\Profiles\3bzj0oi5.default\cookies.sqliteClick to expand...

This is the error message when I try to open Google Chrome.

This webpage is not available.

The webpage at http://www.google.com/ might be temporarily down or it may have moved permanently to a new web address.

More information on this error

Safari and Explorer won't run either.


Please let me know if there is something else I can do to somehow save a SAS log. Or if there is any information I left off that's needed.
 

Answer:Cleaning procedure problems

Hello & welcome.

1. Your copy of MalwareBytes needs updating, please open up the program, locate the update tab > let it update > re-scan > fix all it finds > and attach the log it creates into your next reply.

2. Please go to Add/Remove programs and uninstall the following software:

Java(TM) 6 Update 18

3. Are you set up to use the following proxy? If not then please include it in our fixables below:




R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555Click to expand...

4. Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 - HKCU\..\Run: [ydjevxgm] C:\Users\reggiehiller\AppData\Local\ljqyxlvnr\ejxudlktssd.exeClick to expand...

After clicking Fix exit HJT.

5. Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the are... Read more

5 more replies
Relevance 61.09%

I just did the Malware removal process but Sophos is still picking up Troj/Virtum Gen

Here are my logs:
 

Answer:Vundo still around after cleaning procedure

MG log
 

8 more replies
Relevance 61.09%

I have had to threats popping up for about 2 weeks on my AVG 8.0
Trojanhorse downloader generic8.glk
Trojanhorse backdoor generic_r.EA
I did the above procedure and have attached the logs as requested.
Any help would be greatly appreciated.
Thanks in advance,
Rex
 

Answer:XP Cleaning Procedure and still same problem

Sorry, forgot the attachements.
 

7 more replies
Relevance 61.09%

Hi!

I am running Windows Vista Home Edition x64 with 4GB RAM.
My Security Software is: Ad Aware, Avast, Comodo and Microsoft Security Essentials. I also downloaded Spybot and Spyware Blaster.

A few days ago Windows Update gave me an 80070002 error message and I couldn't update. I tried everything I found on the internet for this error but couldn't fix it. Then I thought it could be malware so I followed your guide to try to fix it.

Obviously I couldn't update before the cleaning procedure, and MSConfig didn't let me start on normal mode (it would always change to selective after clicking on apply).

I ran the programs and they stated my system was clean, so I didn't want to bother you with it (scans were run yesterday), and i continued looking around for solutions, I found that perhaps i couldn't update because my trustedinstaller.exe file was gone (and still don't know where to get it back). I reenabled disc emulation software (which i disabled and enabled according to defogger procedures) but now it says it needs SPTD and i should turn kernel debuggers off. I tried reinstalling sptd (which went successfull), and tried reinstalling daemon tools but it gives me an error message 14.

I tried disabling all services that weren't from microsoft as suggested in daemon forums and then i got a message from avast that i had a rootkit in windows/system32/vfsfpservice.exe, and it asked me if i wanted to delete so i said yes since i... Read more

Answer:Problems with Cleaning Procedure

Welcome to Major Geeks!





Deli00 said:





My Security Software is: Ad Aware, Avast, Comodo and Microsoft Security Essentials.Click to expand...

You should never install more than one antivirus program. Having Avast, Comodo, and Microsoft Security Essentials (MSE) installed would be 3 and this is an absolute no no and could cause many problems!! Howver I do not see Comodo and MSE installed based on your logs. I do see leftovers from Comodo but it does not seem to be running.





Deli00 said:





A few days ago Windows Update gave me an 80070002 error message and I couldn't update. I tried everything I found on the internet for this error but couldn't fix it. Then I thought it could be malware so I followed your guide to try to fix it.Click to expand...

Most Windows Update issues are not due to malware and yours seems to fit this statement as your logs are clean. I suggest that you post in the Software Forum. Do note however your HijackThis log looks rather strange in the O23 ( services ) section. Having you been playing around/tweaking with your Windows services. If so, I highly recommend against this. This is one of the most frequent causes for people having problems like you describe.





Deli00 said:





I tried disabling all services that weren't from microsoft as suggested in daemon forums and then i got a message from avast t... Read more

3 more replies
Relevance 61.09%

Let me first explain how I got to this point.

Another user on this PC was attempting to use QuickTax 2007, but once the program was opened, an "Internet Explorer Script Error" pop-up appeared, with all the lines which were supposed to detail the error blank. This also appeared a few times on startup when a Norton AntiVirus subscription reminder would appear (Norton has since been uninstalled). The only way to get rid of this is to press "X" in the window - the "Yes" and "No" buttons do not function. After pressing 'X", the script error dialog pops up again and again, you have to close roughly 20 instances of it before it finally disappears. When this occurred with QuickTax, it wouldn't disappear at all.

Now, whether this is malware or not, I'm not sure. I did a bit of searching and from what I can understand it may have something to do with IE and ActiveX controls. At the moment, Internet Explorer does not work properly: as soon as it's opened it hogs up all resources and is unresponsive. I have to end the process via Task Manager to get rid of it.

In light of this, I decided to uninstall Norton & install Comodo Personal Firewall, Comodo BOClean, Comodo AntiVirus, Spybot Search & Destroy with TeaTimer turned off and Spyware Blaster with full protection (this would give me the same setup as on my other computer, which was previously cleaned of malware thanks to this site). Comodo AntiVirus was the o... Read more

Answer:Followed Read & Run Me + XP Cleaning Procedure, need help

2pro4show said:





Now, whether this is malware or not, I'm not sure.Click to expand...

No your problems are not due to malware so you will have to work them in the Software Forum. However I do have some steps for you to take. They are not directly related to what you are complaining about. They are just left overs like Norton/Symantec not getting removed properly and other junk.

Run this Norton Removal Tool (SymNRT) and then reboot!!!! Then run it one more time.


Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines (some may be gone already after running the Norton removal) but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\... Read more

7 more replies
Relevance 61.09%

hey. this is the second time i come here and do the procedure. first time worked great, but after a while i got the same problem back.

Every time i open the computer i get a "windows explorer has encoutered a problem..." error. I cant open any explorer feature, as in internet (using firefox works), my computer, or any folder from the desktop. sometimes drwatson debugger appears with an error.

whats doing this? how can it be solved?

I use windows xp sp2, Nod32 is my antivirus and Online Armor my firewall. I use a router that has NAT as protection.
I've got spyware S&D immunization and Spyware Blaster, as you recommended.
thanks in advance. logs attached.
 

Answer:Cleaning procedure didnt help

another log.
 

4 more replies
Relevance 61.09%

The problem started when I opened an attachment from someone who I thought i trusted. The problems have not stopped since then. I went through the whole procedure and installed/ran everything and am attaching the logs. The problem i am currently having is that after logging in i get lots of Data Execution Prevention error and have to start explorer manually by running Task manager. Thanks a lot in advance
 

Answer:Need help, completed cleaning procedure

Last of the logs.
 

15 more replies
Relevance 61.09%

First, thank you in advance. For my in-law's computer, got notice from Windows Security Essentials on trojan DOS/Alureon.A. When problems persisted, ran your sticky - TDSSKiller and MBRCCheck logs attached. TDSSKiller apparently generated two logs as it required a reboot and continued after reboot (third log will be from the running of it in the Read & Run Me First section in next post).

Then ran read and run me first - logs will be in next post.

Things appear to be okay for now, but would really appreciate someone taking a look to see if there is more to do as along the way, additional things were detected.
 

Answer:logs after cleaning procedure

And here are the logs from the read and run me first procedure - MGTools was not able to be downloaded to the root, but was DLed to the desktop on the same drive as the root.

Thanks again.
 

11 more replies
Relevance 61.09%

I had pop ups galore. Most from Spyware 2009. And other things not working correctly, including my antivirus. So, I came here to see how to fix my computer.
I ran everything listed, started from the sticky "HJT Tutorial - DO NOT POST HIJACKTHIS LOGS." Then finished at the "Windows XP Cleaning Procedure" post.
Everything seems to be running good.
My question is, can i go back to selective startup in MSCONFIG?
And afterwards can I go ahead and toggle my System Restore Point, to delete previous points and start a new one?
Or should I post my log files to let someone here make sure i am clean?
Thanks,
Scott
 

Answer:Followed Windows XP Cleaning Procedure

Welcome to Major Geeks!





wado66 said:





My question is, can i go back to selective startup in MSCONFIG?Click to expand...

No! You should not be using MSconfig as a long term startup manager. Didn't you read step 1 of the READ & RUN ME. The below was given



Read this to better understand why not to use MSconfig: Dealing with Startup ProcessClick to expand...





wado66 said:





And afterwards can I go ahead and toggle my System Restore Point, to delete previous points and start a new one?Click to expand...

Are you sure you are clean? Since you did not attach the 4 requested logs, we cannot answer that for you.
 

1 more replies
Relevance 61.09%

...and would like someone to please lookover the logs to insure it's all clean.

My initial scanning found over 500 viruses.

Thank you,

Marnin
 

Answer:Finished cleaning procedure...

That isn't surprising as you have no AV program installed!! And I have to assume that your MBAM log was taken before you fixed what it found???

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
C:\dnxbo.exe
c:\documents and settings\Hope\Local Settings\Application Data\okol.exe
c:\program files\Common Files\ocena.exe
c:\documents and settings\All Users\Application Data\yquwevyqu.com
c:\documents and settings\All Users\Application Data\yquwevyqu.com
c:\program files\Common Files\pituje.scr
c:\documents and settings\All Users\Application Data\culo.sys
c:\documents and settings\All Users\Application Data\culo.sys
c:\documents and settings\Hope\Application Data\cubarepire.dll
c:\documents and settings\Hope\Application Data\cubarepire.dll
c:\documents and settings\All Users\Application... Read more

6 more replies
Relevance 61.09%

I was able to follow every step of the Windows XP Cleaning and the Read Me First section. I am attached my logs, but my AV-Kaspersky says I still have malware in my recycle bin, which is password protected and in my system restore.

I received my first virsus when I was using google and click on an link and tons of the virsus detected stuff popped up. It looked like is was part of microsoft. I unplugged my network cable immediately. Then my computer worked ok still. That was 4 weeks ago. Then about 2 weeks ago my nephew went to a website called kohit.net and then that is when my AV detected virsus...tons of them. (FYI:I did advise him to never use that site.)

Anyway, my computer is extrememly slow and my AV keeps detecting a hacker from site too. I have attached my logs and I combined 2 of the logs due to the 4 attachment limit.

Thanks!!!!

Please help!!!!!!
 

Answer:XP Cleaning Procedure logs

Welcome to Major Geeks![QUOTE=tammyjoey;1382362]I am attached my logs, but my AV-Kaspersky says I still have malware in my recycle bin, which is password protected [/QUOTE] Not sure what you mean. Did you password protect your Recycle Bin or are you saying that Kaspersky is saying there is password protected malware in your Recycle Bin?


The cleaning procedure remove any malware that you had. We do have some minor things to do and we will restore one file that ComboFix should not have deleted. However your slow PC issues are primarily due to what you are running at lack of adequate memory to run current versions of Windows and all the software you have running. Your logs shows the below:



Total Physical Memory 512.00 MB
Available Physical Memory 190.55 MBClick to expand...

You need at least twice this much memory. That is you should have at least 1 GB.

Don't worry about things in system restore. We will remove them when we get to final steps. If Kaspersky is finding problems elsewhere, you will have to attach a log showing what is being found since nothing shows in your logs.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {FDD3B846-8D59-... Read more

3 more replies
Relevance 61.09%

Have followed procedure for removal of Malware type installer that creates message for Viruses Detected! message and hijacked desktop with the square icon in the center. No blue screen background; white instead. This procedure http://forums.majorgeeks.com/showthread.php?t=139313 worked perfectly and my computer is running better and better as time goes on. Thanks to whoever came up with this, (Major Attitude I presume) and at some point when I am working full time I'm going to send a donation. I do regular maintenance almost to the letter as described in the maintenance tips section already, and there is some helpful information there as well, but I do have some questions.

My questions are as follows:

1. I have had this one before, right after a complete format and install within a week, only with the blue screen and yellow lettering and it was much worse, so I wiped out my hard drive and reformatted/reinstalled XP again, (fortunately I didn't have anything important saved at that point so it wasn't a big deal to reinstall) but I have no idea what kind of anti-virus protection to use. Microsoft's Windows Defender is useless and the firewall slows it down too much, but at this point I don't want to have to reinstall XP again so I need some kind of effective AV protection. I have not visited any suspicious websites, however I am aware that this stuff can come in through something as seemingly innocent as MSN Hotmail or other supposedly &quo... Read more

Answer:Windows XP Cleaning Procedure

Hi JFH and Welcome to Majorgeeks

1. I would advise you to read this guide on How to Protect yourself from malware! as it has what applications many of us use here at Majorgeeks.

Just a eg. I use AVAST for Antivirus, Spywareblaster to add known bad sites to the blocked lists of IE and Firefox which do stop these known bad site sand activeX exploits from running, as I have Vista and its Defender is much better than XPs I use that and the Vista Firewall, but a good Firewall for XP is PC Tools, and a antimalware program is Comobo BOClean.

Yes Firefox does add some more protection as it doesnt allow ActiveX to be run which is where most IE issues and malware can come from, but dont rely on Firefox to keep you secure as its not from webpages all malware comes from.


2. You add your logs to this thread and all information on how to do this is in the Read Me Guide at Step 3


I would also advise keeping your Windows XP fully upto date always with any Service Pack ( SP3 at present ) and with any critical security updates from Windows Update.

Yes if you backup your PC thats infected then the backup will also have the infection, but if its just important files and folders, then scan them with your AntiVirus before backing them up and you should be fine.
 

3 more replies
Relevance 61.09%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 60.68%

I'm about to replace an Intel stock cooler with an Arctic Cooling Freezer 7 Pro cooler on my quad-core system.i have the cleaning info (Arctic Silver ArctiClean kit) and the cleaning procedure (using lint free cloth...etc)My Question: On what surface/where do I put the CPU whilst cleaning it/removing the old thermal compound ? I want to make sure that its pins are not damaged.

Answer:correct cleaning procedure of an Intel CPU ?

Have you still got the little case that the cpu came in? It has antistatic soft foam, and if you take care not to press too hard, you should be fine....Failing that, a folded soft teatowel to create a cushion should work too. That compound is pretty easy to remove unless you have been suffering overheating issues.

8 more replies
Relevance 60.68%

Hi,
I was performing the Windows XP Cleaning Procedure (post http://forums.majorgeeks.com/showthread.php?t=139313)
But It failed on running the combofix software;due to AVG 8.0 could not be stopped and combofix requires to do so.
I reboot and tried to unistall the software:
when trying to uninstall AVG I get the following message,

Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005

The original problem was that windows is slow when booting up (about 6 minutes) this problem began about 1 month ago, I have uninstalled itunes because it loads up a lot of memory but it hasn't improved a bit since uninstall. So I was going for the general performance maintenance but it get stuck there, the previous software checked have not found anything except Malaware found 9 registry Keys Infected; 1 Registry Value Infected; and one file infected (all related to popcaploader.dll ); that were fixed with the same software.

I have a sony vaio VGN FS742/ w
Windows XP
1.73 GHz
1.99 Ram
Im using about 48% of space of my HD.
 

Answer:Issue with MG windows XP Cleaning procedure..

Please help, if you could provide any help it would be great, now the computer is even slower then it was before.

thanks

Yanet HM.
 

5 more replies
Relevance 60.68%

The problems started after my browser locked up while on the internet. I had previously used MalwareBytes and it fixed my problems, so I tried it again this time (before consulting the READ AND RUN ME post, which I found afterwards). So I ran MalwareBytes and it deleted multiple items. However, my internet explorer no longer opens and while browsing in Firefox random sites will open in new tabs and google links will go to random sites. (Also, my computer warns me that the Internet Explorer Firewall is disabled upon startup). These problems still continue after following the Windows XP Cleaning Procedure.

I apologize for having to run SUPERAntiSpyware twice. The first time took a very long time and then got locked up while scanning my external hard drive. So I re-ran it on just the external hard drive a few days later.

MalwareBytes found nothing new this time, but I will also include the old log file with the previously deleted stuff. (When I did the initial MBAM scan it asked me to reboot to complete the removal, which I did, and then it seemed to have errors after it rebooted, and I had to reboot again.)

I had no luck with ComboFix. It would get to the point where it says "scanning for infection." Usually takes 10 minutes but could easily double. I left it for an hour or more and it did nothing.

No luck with RootRepeal either. After double clicking it would say "Initializing, please wait." Then windows virtual memory would get too low and noth... Read more

Answer:Still having problems after READ ME and cleaning procedure

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The red is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
 

11 more replies
Relevance 60.68%

I cannot figure out how to attach the MGlog or Malware log, but I did the first few attachments. Check it out. I did all that cleaning because my PC was slow, and I kept getting hanging apps, "needed to close, send report" freezing, etc. Thanks for the really great tools to clean up with. They were amazing and free! :wine The puter does seem faster, the MGtools ran again when I opened it this AM. Thanks 4 help
 

Answer:Results from the READ ME FIRST XP Cleaning procedure

goofygrandma said:





I cannot figure out how to attach the MGlogClick to expand...

The same way you attached the other logs. Just put C:\MGlogs.zip into the box in the Manage Attachments form and click upload. We need this log to continue.

The Malwarebytes log is in the below folder:

C:\Documents and Settings\username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\

Where username needs to be replaced by your actual user account name.
 

17 more replies
Relevance 60.68%

When I boot my computer and it loads windows and associated programs I always get an IE window from Trend Micro saying anti-spyware product is no longer supported (I have attached screen shot in Startup Error and Norton Error.doc). Also when I try open Norton Internet Security 2005 I get an error stating an error has occurred (also attached in Startup Error and Norton Error.doc) I attempted to look on the Norton Technical Support Knowledge Base but had no luck. Finally when I try to install Norton Antivirus 2005 I get an internal error (also attached in Startup Error and Norton Error.doc).

I have also attached the logs from the Windows XP Cleaning Procedure.

Thanks in advance
 

Answer:Windows XP Cleaning Procedure Logs

I apologize but I had to break the Startup Error and Norton Error.doc into two seperate jpg files to meet size limits for upload. Sorry for confusion
 

2 more replies
Relevance 60.68%

Hi all,
Thank you for all these information,you help very much with my WORM_BAGLE.KO trouble.Read and apply all your instructions.

First I remove the HDD from my laptop,put it in an usb case. But the main partition (C:\) was missing.But I scan the other partition (D:\)with trojan remover.Nothing found.
I put the HDD back and try to open safe mode, unsuccessful on it. But system opened with option "Directory services mode" in safe mode.
Trojan Remover found the virus in safe mode.

System restarted, but ZoneAlarm (not a win32 application) and Wireless Network (wireless zero configuration disabled, i try to start it with "services" but no way ) dont work either.System slowed,internet very slowed.

Housecall and Kaspersky scanned without any threats but still infected and I can not able to repair.

I attached the logs,system scanned in order :
1) trojan remower 6.6.7
2)Combifix
3)MGTools
4)SuperAntispyware

Please help me to take my comp back,

Thanks in advance

Regards
 

Answer:BAGLE.KO Problem-Cleaning Procedure Done

Hi alpercan,
Welcome to Major Geeks!

Your computer isn't in normal startup mode. Please go to Start / Run and type in msconfig and hit the enter key. In the Window that opens, check the Normal Startup and click on apply and ok. After you switch to normal startup mode, please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.

Please do not continue starting new threads.
Thanks.
abri
 

8 more replies
Relevance 60.68%

Hi.

I was able to download all the tools (superantispyware, malwarebytes, combofix, rootrepeal, and mgtools) and put them on the proper folders. it took a while before i was able to finally install malwarebytes but i got it installed.

i am able to run superantispyware, and even encountered the internet connectivity problem. the "repair" button won't run because of some error but i was able to finally repair it through winsockxpfix.exe

the problem comes when i run malwarebytes. i am able to get as far as clicking the "scan" button sometimes but it just stalls. i've tried several times but it still just stops. sometimes, it displays the error "malwarebytes is already running" but it really isn't. i tried running exeHelper before malwarebytes, as recommended by an article in bright hub but it still didn't help.

i tried running the other tools - combofix, rootrepeal, and mgtools - but they don't run either. after a bit, they just stall and i'm back on the screen with the wallpaper again.

attached is my SAS log.

thanks in advance.
 

Answer:can't go beyond the first step in windows xp cleaning procedure

Welcome to Major Geeks!

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator

You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif
Once you've gotten one of them to run then try to immediately run the following.
Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then double click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the c:\avplog.txt file that is will hopefully create as long as the malware does not block the batch file from running. (See: HOW TO: Attach Items To Your Post )
Also please try running the below online scan:

http://www.superantispyware.com/onlinescan.html

Reboot immediately after scanning if it finds and removes anything. Let me know if anything was found. See if you can save a log with it.

Then try running these instructions: Using MGtools

Attach the below logs when finished with all of the above:

C:\avplog.txt - from AVPfind
a log from online ... Read more

33 more replies
Relevance 60.68%

There is a way to automatize the cleaning with command-line options?Something like: combofix.exe -display_lang=en -dont_check_updates -ignore_expire_date -dont_display_the_warning -dont_install_recovery_console -dont_open_log_at_the_end -delete_Qoobox_folder_at_the_endEdit: Sorry, I noticed now that it may be the wrong forum, move to the correct forum, please.

Answer:Automatize virus cleaning procedure

Combofix by sUBs was never intended to be used in the way that that software such as SuperAntispyware or Malwarebytes Antimalware is done. There are several excellent reasons for this Disclaimer shown when you start the program:Some that I have observed:? About 1 in 100 times the computer will not longer be able to boot after running Combofix. This requires experienced hands to restore the system to bootability.? There are several malware infections that "target" Combofix. Experienced Helpers are aware of these infections, and take steps to remove them prior to the use of Combofix. If you do not, various things can happen depending on the infection -- from Combofix being unable to run, to the deletion of the folder C:\Windows\System32, requiring a clean install to repair.? Combofix makes some rather significant changes to the internals of XP and Vista in order to work. It has to be removed with special instructions to fully and safely revert these changes. Experienced Helpers are aware of how to accomplish the uninstallation of Combofix.? The real power of Combofix comes not as a general purposed malware remover. It is rather modest in that capacity. Combofix is powerful because it provides to the experienced Helper a convenient and powerful front-end to Scripts. It is because of its scripting strengths, and its unique reporting capabilities, that you see Combofix often recommended. But not because of its abilities as a general malware scanner.? Many malwa... Read more

2 more replies
Relevance 60.68%

I am currently working on the Read Me First Guide and I am at the part where I am to do a SAS scan. In the instructions it asks me to disable my wireless internet connection before scanning. Is this absolutely necessary because my brother had set up the wireless. I do not know anything about disabling or enabling it back.

Thank you
 

Answer:Question about the initial procedure for cleaning

You can skip that part. This is not always crucial.
 

1 more replies
Relevance 60.68%

I think whatever I've picked up is causing the SAS installer to crash. It keeps giving the "______ has encountered a problem..." error message. I really appreciate you guys' effort, and I always follow the full READ & RUN FIRST instructions before posting, but I'm STUCK!
 

Answer:Stuck On Step 1 Of XP Cleaning Procedure

Duh, coulda searched the forums first. Disregard this post. : /
 

1 more replies
Relevance 60.68%

I just ran the cleaning procedure on my son's laptop. I need to use it this coming weekend to run a gps moving map and found it to be incredibly slow and full of a lot of malware so here I am!

I could have removed a few (most likely) useless programs but contented myself with removing a ton of stuff from the startup folder because of the re-boots required in the cleaning procedure.

Thanks you very, very much for your services!

I hope I attached the correct file from the MGTools folder.
 

Answer:Cleaning procedure logs attached.

Here are the logs.
 

9 more replies
Relevance 60.68%

Hi,
I did clean some parts of my machine but some infected quarters still remain. Maybe i'm missing one step or something because each time i'm running a scan, he founds new threats. Here are the logs as requested. Thank you very much for your time.

G

Can't seam to find the sys log. ill scan it again N post it in a few...
 

Answer:Did all the steps With XP cleaning procedure, still having issues.

Why am I not seeing any u
You need to attach your log from running SAS, which is here:




C:\Documents and Settings\Bureau\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
supera~1.log 2010-04-27 1026 "SUPERAntiSpyware Scan Log - 04-27-2010 - 16-37-17.log"Click to expand...

What is this> c:\windows\Lmokea.exe? If you don't know, delete it.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::
RenV::
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Fichiers communs\Adobe\ARM\1.0\adobearm .exe
c:\program files\Fichiers communs\Java\Java Update\jusched .exe
c:\program files\HP\HP Software Update\hpwuschd2 .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe

File::
C:\Documents and Settings\Bureau\Local Settings\Application Data\c7vdif
C:\Documents and Settings\All Users\Application Data\c7vdif
C:\Documents and Settings\... Read more

5 more replies
Relevance 60.68%

Hi,

I have printed everything, gone through all the hoops downloading Spybot, Superantispyware, Malwarebytes, combofix.exe and mgtools.exe. I successfully ran Superantispyware, but Spybot does nothing when I click on it, and same with Malwarebytes so I am stopping before I get more jacked up. I am attaching the log from SAS.

Here is my issue. I am fixing a friends laptop. Too much pron surfing. I removed 12 viruses (used Sysclean from trendmicro), they were mostly trojans from the system which was crippled by Joke_blue screen. Anyhow all that is gone (I am pretty sure). What was harder and I don't believe is gone is Anti Virus Pro 2008 or similar. I deleted all registry, start up, ran hijack this, trendmicro sysclean (from dos not online version) scanned registry again. Now windows loads normally without the gag screensaver and everything looks good until you try to use the browser. It starts but Once you try to google or yahoo something, it sends you to other places. Cannot access Microsoft update, Adaware, Trend Micro or even your forum here. Nothing will go beyond initial search and when you try typing an address in directly a second window pops up and goes to asiuoqgusdbaksd.com which redirects you to some other site. And now certain executables simply wont run. Firefox wont even start either.
 

Answer:Windows XP Cannot follow Cleaning Procedure

Please run the MGTools.exe and attach the resulting logs: C:\MGLogs.zip.
 

9 more replies
Relevance 60.68%

I ran through the procedures in READ & RUN ME FIRST. Malware Removal Guide and my pc is a billion percent better. Thank you so much.
I do not have any apparent issues that I know of right now but they may crop up yet.
Here are the logs as requested. Could some one reveiw them and advise if I need further surgery?
I have also noticed that other members are being saked to remove some of the software that was loaded during the process. Is that necassary?

For a while I could not get Combofix to run until I renamed it (CFix.exe) as per the instructions for the Malwarebytes program. Is that common?
 

Answer:Windows XP Cleaning Procedure completed

I am not seeing any malware in your logs. What are you using for Anti-virus software?

If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /uninstall, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.




Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it... Read more

1 more replies
Relevance 60.68%

My tower was infected with several viruses and rootkits, most of which seem to have been removed by using the procudures outlined in "Windows XP Cleaning Procedure". I was able to run all the tools except for 'RootRepeal'. I've attached all the logs from the other tools. Please have a tech superstar review them and let me know what else needs to be done to add finality to the cleanup. It appears to me as if the tower is running correctly now, but I'd like to be sure I'm not missing anything. I await your reply. Sincerely....
 

Answer:just finished running almost all of WXP CLEANING PROCEDURE

now having difficulty with this error when trying to install Acrobat Reader 9 and Office 2003: Product: Adobe Reader 9.1 -- Error 1402.Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. System error 5. Verify that you have sufficient access to that key, or contact your support personnel.
 

5 more replies
Relevance 60.68%

Step 4: Toggle System Restore

* You only need to Toggle system restore if malware had been found during the cleaning procedures. If no malware was found, there are no infected restore points to worry about, thus you can skip to the next step.
* Once you are sure all malware problems have been removed follow the below steps:
o Disable System Restore ( see Disable And Enable System Restore)
o Now reboot your PC
o Now Enable System Restore using the same link as aboveClick to expand...

What do I use to scan while scanning with System Restore turned off? Only CCleaner or all 4 of the cleaners I downloaded? Thanks in advance!
 

Answer:Windows XP Cleaning Procedure Question

You are not supposed to be turning off System Restore to do scanning. I'm not sure what you are trying to accomplish. Step 4 comes after steps 1 thru 3 not before.
 

5 more replies
Relevance 60.68%

My machine appears to be infected by some virus which occassionally redirectes a google search (once every three or four) to either google.analytics or some other sites. I recently completed the README as well as the Win XP cleaning procedure. It doesn't seem like I have this problem at work, although I don't surf the net as much there (could the issue be in my router?).

The next step in the post instructed me to post my logs here, which I am doing now. Please share your thoughts. Thanks!

Mark

PS I will post the log for ComboFix on a subsequent thread. Only can fit four per thread.
 

Answer:Still infected. Already ran the READ ME and XP cleaning procedure

Here is the log from Combo Fix.

I wonder if my next step should be to "Toggle System Restore."

Mark
 

17 more replies
Relevance 60.68%

Hi

I have been having internet/malware, etc. problems. I have Windows XP Media Center Edition. I found Windows XP Cleaning Procedure posted by Chaslang and followed those steps. It says to post the logs for checking. Then I can do toggle system restore. Before I ran all of the suggested programs I tried doing a system restore, but couldn't because when it tried to restart i would get a blue screen stating fatal system error and that the windows logon system process system failed with a status of 0x00000000 (0x00000000 0x00000000). ..or something like that..so the system restore wouldn't work since it wouldn't shut down properly.

I also searched in google and when i clicked on links it would take me to a different site than the link i clicked on.

After running the suggested programs by chaslang, I believe it will restart properly now, so I'm inclined to pick a system restore point. But it tells me to toggle system restore...will this delete all my restore points? even good ones/uninfected?

I also have Trend Micro PC-cillin Internet Security... and now that i have run all of the spyware/malware, etc programs indicated by chaslang, google links seem to work properly and i believe it will restart properly..but i still have received a notification by Trend Micro saying that a trojan or some malware has been detected. So I feel like after running all those, the Mal Vundo or virtumonde? or something is still in my pc somewhere...?

I will a... Read more

Answer:Windows XP Cleaning procedure log check

Here is another log attached. Any other information needed to help with my problem?

Thanks





dgbarger said:





Hi

I have been having internet/malware, etc. problems. I have Windows XP Media Center Edition. I found Windows XP Cleaning Procedure posted by Chaslang and followed those steps. It says to post the logs for checking. Then I can do toggle system restore. Before I ran all of the suggested programs I tried doing a system restore, but couldn't because when it tried to restart i would get a blue screen stating fatal system error and that the windows logon system process system failed with a status of 0x00000000 (0x00000000 0x00000000). ..or something like that..so the system restore wouldn't work since it wouldn't shut down properly.

I also searched in google and when i clicked on links it would take me to a different site than the link i clicked on.

After running the suggested programs by chaslang, I believe it will restart properly now, so I'm inclined to pick a system restore point. But it tells me to toggle system restore...will this delete all my restore points? even good ones/uninfected?

I also have Trend Micro PC-cillin Internet Security... and now that i have run all of the spyware/malware, etc programs indicated by chaslang, google links seem to work properly and i believe it will restart properly..but i still have received a notification by Trend Micro saying that a trojan or s... Read more

8 more replies
Relevance 59.86%

Thank you for your help. Three days ago my computer started redirecting all search engine results. The computer is also noticeably slower of late.

I completed the entire read and run me process, with the exception of combofix. I repeatedly tried to run combofix, however it would lock up the computer. It would show a green progress bar which would fully progress, but then not ever move beyond that. I would be forced to power off / on the computer.

Thanks again to those so generous with their time.

Best,
John B.
 

Answer:Completed XP Cleaning Procedure - Logs Attached

1. This is seen on your desktop, what is it? Combofix renamed?




asdf123.exeClick to expand...

2. Now download The Avenger by Swandog469, and save it to your Desktop.


Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Do not change any check box options!!
Copy everything in the Quote box below, and paste it into the Input script here: part of the window:




Folders to delete:
C:\WINDOWS\47FB62DF832D485F95FCC93BB08B8FE3.TMP
C:\Documents and Settings\The Battons\Local Settings\Application Data\lxjlvmlddClick to expand...


Now click the Execute button.
Click Yes to the prompt to confirm you want to execute.
Click Yes to the Reboot now? question that will appear when Avenger finishes running.
Your PC should reboot, if not, reboot it yourself.
A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

3. Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.





REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-... Read more

15 more replies
Relevance 59.86%

Hi all

Got a very nasty virus and for several hours was not able to access my drives. Kept getting a win32 error when i did so.

I learned it was a type of worm virus (aurorun.ini) and used teh full cleaning procedure for windows xp found on this fantastic site. Thankfully the pc now seems to be running amazingly and i just wanted to thank all the contributers here.

I am posting my logs to get any follow up advice etc that you deem is necessarry.
 

Answer:nasty infection. Completed win xp cleaning procedure.

the rest of my logs are here
 

4 more replies
Relevance 59.86%

:banghead
I have been trying to follow the XP cleanup procedure since yesterday to no avail.
I left my computer in good working order Thur. evening.When I return home Fri Morning it is frozen.I immediately try a reboot and windows explorer does not stay on.Worst yet no task bar or start menu to even attempt a system restore.Tried that through safemode with command prompt no go either.Headache!!

I decided to use the cleanup procedure as it worked quite well in the past.

No go!The following occurred:

Because I had no explorer or start menu to work with I was stuck with using the Windows Task Manager to start programs.Eventually downladed Ultra Explorer to give me some assistance.

I was able to start the CCleaner and found no infections.Starting in safe mode was a pain as the same issue was occuring there as well.
I then proceeded to the clean up procedure.

I downloaded Super Antispyware and installation was a problem as a Windows Installer Error kept occurring.At some instances I tried to repaire the registry and this proved problematic as well as I kept getting the error Co Create Instance error 0x..........

This morning I was reading a thread in the forum where it was advised to continue with the procedure despite issues so I followed through.

I installed and ran Spybot S&D with no errors or infections being detected.

Next to Malwarebytes that was just as probelmatic as SAS.No installation could be completed.

I ran the comboFix with no issue ... Read more

Answer:Explorer.exe not functioning/XP cleaning procedure problematic

Is Spyware Doctor a paid for or trial version? If trial, uninstall it.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)Click to expand...

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.





REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[-HKEY... Read more

3 more replies
Relevance 59.86%

Hi thanks for your attention.

my problem it's that when i enter my pc or my documents or explorer the AVG antivirus pops up a window saying that a trojan horse generic10.het was found on system32/comre.dll

i'm in step 2 of windows cleaning procedure so i've already made the SUPERAntiSpyware scan and here is my log file so please tell me if it's ok to delete all of this files in quarantine.

thanks you are a very professional people.
 

Answer:SUPERAntiSpyware log file (step 2 of Win XP Cleaning procedure)

Yes, you can delete them from quarantine ....but you need to finish the instructions and attach the other requested logs.
 

19 more replies
Relevance 59.86%

Computer still seems to have hiccups. Computer will get really slow at times. Hard to work on anything. Firefox opens really slow sometimes.... I also get a few timeouts a week when on the web, it i hit refresh a few times the site will load. this happens on large sites like google cnn and others..
 

Answer:Windows XP Cleaning Procedure done--logs attached

last log
Thanks
 

4 more replies
Relevance 59.86%

Hello:

Followed Windows XP Cleaning Procedure per the posting. Per the instructions for ComboFix, can someone help guide me in the use of this application? Should I begin by attaching the logs created thus far?

Your help is much appreciated.

Capjack
 

Answer:Help with ComboFix as part of Windows XP Cleaning Procedure

Just download it to you desktop and double click the ComboFix icon. When done you should have these logs to attach:
SAS
MBAM
ComboFix
C:\MGTools.exe ----> C:\MGLogs.zip.
 

1 more replies
Relevance 59.86%

Hello!
I don't really have a malware problem that would disrupt my work with PC, but since I have had some malware on this PC before, I decided to do everything thats on Malware Removal Guide. I am running Windows XP.

Malwarebytes Anti-Malware found a few infected files and removed them, but nothing too serious I think.

What bothers me is that I could not run Combofix and RootRepeal. I dont know if that is an indication of some problem so I'm asking for an advice.

I have attached logs and picture from Combofix. It does not really crash at this point, it just wont move any further, also it disconnects my internet connection and I have to re-enable it manually. I tried to run it 2 times, same result both times.

As for RootRepeal, It crashes when I start scanning. I tried to run it 2 times. First time it completely crashed my PC, had to restart manually, second time it gave me BSOD.

I have to add that I have had Combofix and RootRepeal on this PC before (OS has not been reinstalled) and both of them worked as far as I can remember (combofix worked definitely). I removed them by left click, delete, empty bin. I have no idea if this is even relevant.

Big thanks if someone can look into this!
 

Answer:Some software from Cleaning Procedure guide not running

I am not seeing any malware on your system. Did you disable all AV and AS software and any firewall you have installed when you tried to run ComboFix?
 

5 more replies
Relevance 59.86%

Hi newbie here... so I hope I'm in the right place
trying to clean my PC (def has spy,adware,trojans etc...)
following info from other site attemping a Windows XP Cleaning Procedure. So far I ran CCleaner, SUPERAntiSpyware, SpyBot - S & D, Malwarebytes Anti-Malware & attempting to use ComboFix exe
my problem is w/ Windows Recovery Console...I got a refurbished PC for Christmas...
so I do NOT have a windows CD... I went to http://support.microsoft.com/kb/310994
& downloaded approp. o so I thought ...but b4 I could save it directly to desktop it went to
c:document..1\PREC370\local..\temp\IXPOOO.TMP\makeboot.exe
it asked for 6 floppy disks -(which I do NOT have)!
I didn't know what to do so I x'd out???
SO
1. How do I Un-Do this?
2. download correct one???
or just cleanout my PC
any & all help much appreciated

btw have 2nd older PC that (after running spybot has 139 infected items-which i can't delete or get rid of B/C when i get to that step it freezes up on me & I get "Not Responding" message??

Answer:Windows XP Cleaning Procedure, advising use of combofix??

As stated by the author of ComboFix in more than one place...

http://www.techsupportforum.com/f50/...lp-305963.html

http://www.techsupportforum.com/f100...ml#post1829551


Quote:




I made ComboFix but there's a valid reason why we don't ask you to run ComboFix from the onset. ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop. So, we ask user to first run preliminary non-invasive scans like DDS & Gmer, to bring back some logs. With this logs we can determine the infections present & decide whether to deploy ComboFix.




Also present in the ComboFix disclaimer is the statement that this tool is not to be used in an unsupervised environment.



Before requesting assistance for malware removal help...

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 59.86%

Have run the procedures set out in the Windows XP Cleaning Procedure but still have a problem in that internet explorer is redirecting me to a false site when I try to log on to my online banking at www.nwolb.com.

I attach the logs
# SAS.log log from SuperAntiSpyware.
# Malwarebytes Anti-Malware log
# log.txt from Combofix

MGlogs.zip to follow
 

Answer:Windows XP cleaning procedure not sorted my problem

Here is the MGlogs.zip file
 

12 more replies
Relevance 59.86%

I had a persistent problem with this: "Malware.Trace from HKEY_Local_Machine\Software\Microsoft\WindowsNT\CurrentVersion\Network\UID, Unable to remove Malware.Trace from UID registry". It kept returning immediately after each Mbam scan.

I decided to run the Windows XP Cleaning Procedure as detailed here on Mbam and followed READ & RUN and everything else step-by-step.

After completing the procedure for combofix.exe and the resulting restart, the computer will not start properly, not even in safe mode. I get as far as the Windows user name and password prompt, click ok, my wallpaper loads and then nothing else.

When trying Windows Recovery Console a message reads: "Windows could not start because of a computer disk hardware configuration problem.

Could not read from the selected boot disk. Check boot path and disk hardware.

Please check the Windows documentation about hardware disk configuration and your hardware reference manuals for additional information."

Any help would be greatly appreciated. Thanks
 

Answer:XP will not start after running combofix.exe in XP Cleaning Procedure

magster said:





After completing the procedure for combofix.exe and the resulting restart, the computer will not start properly, not even in safe mode. I get as far as the Windows user name and password prompt, click ok, my wallpaper loads and then nothing else.Click to expand...

Does it revert back to the login screen or does it just sit there with nothing but your wallpaper? Does pressing CTRL-ALT-DEL bring up Task Manager?





magster said:





When trying Windows Recovery Console a message reads: "Windows could not start because of a computer disk hardware configuration problem.Click to expand...

Are you sure you are booting to the Recovery Console? Are you using your Windows bootable CD or are you trying to run the Recovery Console installed before running ComboFix? Do you have your CD?

Have you tried what is mentioned here? http://support.microsoft.com/kb/314477
 

1 more replies
Relevance 59.86%

Hi - thanks for taking the time to look over this.

Here are my PC details:

O/S - Windows XP Home SP3
Anti Virus - McAfee SecurityCentre v9.3 (incorporating VirusScan 13.3, Personal Firewall 10.3, Anti-Spam 10.3)
Anti-spyware - SuperAntiSpyware Free Edition

I have a problem that began on Friday 27th March at around 18:30 GMT. The problem was initially characterised by IE spitting out loads of popups - I even have details of these popups, as for some reason Google recorded them in my search history. I had left the computer, and only realised something was wrong a few hours later.

I have had issues with spyware before, and (perhaps unwisely) decided to use hijackthis to see what the issues were, and if I could fix them. I ran the program and checked the results against information at the following links:
http://www.bleepingcomputer.com/tutorials/tutorial42.html
www.systemlookup.com

Some of the items that appeared were not recognised by any of the assistance sites or by the auto analyze at hijackthis.de. I have records of the first hijackthis log, as well as subsequent ones. I attempted to 'fix' these using hijackthis, and while several of the O1 problems went (briefly), some of the more worrying O4 ones eg:
[garijofigo] Rundll32.exe "C:\WINDOWS\system32\viridipe.dll",s
returned immediately after performing another scan.

I'm wishing now that I had just gone and tried to get professional help for this at that point, but of cour... Read more

Answer:Results of Windows XP Cleaning Procedure - logs

Welcome to Major Geeks!

Your PC is very badly infected. Even your Windows system files have become infected which may explain why you are having addition problems like with DEP. In reality the most secure thing you can do is to format and reinstall since you system really may not be cleanable. We can try to clean it if you wish but you need to be aware of two things

The act of cleaning it may result in making it unbootable since some system files may wind up being removed because the are infected. Thus you should backup your personal data immediately before you lose it. DO NOT back up any executable files.
Even if we appear to have cleaned your PC and it seems to be working properly afterwards, it really cannot be trusted or considered reliable because we may not have found everything.
Let me know in which direction you would like to proceed.
 

3 more replies