Please Review Logs, Steelworx Incursion Maybe Fixed

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by huntin, Feb 10, 2016.

  1. huntin

    huntin Private E-2

    Hi, I had one of the steelworx infections I think, I'm just adding logs as this isn't my computer and I want to give it back clean. Can someone take a quick look and see if we got it all? I've never uploaded the logs before but been through the procedure a few times. i think i accidentally ran mgtools twice and also tdss killer earlier then later :(
     

    Attached Files:

  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Re run Hitman Pro, enable/activate the free trial and let it remove all that it finds.

    Can you upload the log from running Malware Bytes please?


    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.

    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Paste the following code under the [​IMG] area. Do not include the word Code.
    Code:
    :Files
    C:\Users\Owner\AppData\Roaming\InetStat
    C:\ProgramData\f46b151d-5d31-1
    C:\ProgramData\f46b151d-3e97-0
    :Commands
    [emptytemp]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it into a text file to UPLOAD into your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.




    Give Ccleaner a run, not the reg scanner, just the cleaner itself to be rid of a few temp files floating about.

    Don't forget the log from Malware Bytes.
    Re run Hitman yet again (just a scan) and upload fresh log.

    How are things running?
     
  3. huntin

    huntin Private E-2

    oops forgot mb log. running hitman pro now. will continue with list.
     

    Attached Files:

  4. huntin

    huntin Private E-2

    I've done the hitman pro, told it to remove things, I'm having some trouble saving a log. the little text highlights but doesn't respond when i click it. it says it removed a bunch of things, and i should restart to complete removal. I will allow it to restart and continue with OTM
     
  5. huntin

    huntin Private E-2

    now windows is installing updates too.. bleugh I did not expect that. I was halfway through the microsoft security essentials install i should've restarted first.
     
  6. huntin

    huntin Private E-2

    hitman sent me a "fail" response after restarting windows. #37 or something. not entirely sure. not sure if you want by the minute updates like this but if it's not going to give me a log i'm worried all this information will be lost.
     
  7. huntin

    huntin Private E-2

    hanging on "[empty temp]" instruction on OTM.

    ( will it hang forever or will it give up at some point? i don't know. Screen keeps turning off. Do I need the screen to remain active? Can I let the computer go to sleep/hibernate? bleugh they say a watched pot never boils but a watched program hanging? will it boil? man i hate waiting. 1 hour later and done with other stuff)
    giving up, moving on to next instruction.
    ctrl alt del has lead me to a black screen with my little blue swirly circle. think im gonna force restart.
     
  8. huntin

    huntin Private E-2

    Computer has the ! mark next to shut down like there is windows updates waiting to be restarted. I feel an urge to restart windows after I finish off the todo list, I'm a little worried that I should avoid it..

    Still can't make a log file in hitman. i've attached the log from OTM.
     

    Attached Files:

  9. huntin

    huntin Private E-2

    hitman said no new errors found, so theres that. gonna restart windows and disable MSE if its running and try again with a hitman log.
     
  10. huntin

    huntin Private E-2

    after rereading some of your literature I'm regretting doing everything on your list first with a half finished install of microsoft security essentials. i let it finish, ran windows update a few times, a few updates succeeded, a few failed, I figured I'd try everything on your list again without microsoft security essentials in case it was blocking anything. I've finished everything now, Hitman logs for some reason are not working now that I've activated a trial, not sure whats going on there. I've attached the second attempt OTM, which I assume succeeded the first time, it was much smoother the second time around.
     

    Attached Files:

  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Do this... Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
     
  12. huntin

    huntin Private E-2

    kk here is log
     

    Attached Files:

  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    OK, so tell me what issues remain, if any.
     
  14. huntin

    huntin Private E-2

    seems to be perfect! what's the procedure now to clean up? i run cleanup in the mg files?
     
    Kestrel13! likes this.
  15. huntin

    huntin Private E-2

    Scratch that. i reenabled UAC using the .bat file, then i ran the clean.bat file. I'm happy with it. thankyou for your help, I'm glad I posted, I might not have realized there were trace elements left.

    :D
     
    Kestrel13! likes this.
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Here are the final steps just so you have them. I'm glad all is running well. ;)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

    7. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds