Add/Remove Malware Programs?

The uninstall list is updated all the time with real malware items and also rogue tools. It is just hard to keep up because there are so many and the creators constantly change names of tools just to make it hard to keep list like this current.

"Frontier Browser Assistant", "Frontier Search Helper", "URL Assistant" - You probably have a Dell PC and this crud was probably install on it when you got it. Frontier is related to the MyWay family which has long been on the malware list of things to remove. It is not a major problem (i.e., not really malicious) but it is not something most people really want. Uninstall it. The URL Assistant (from Dell) may just come back. Try uninstalling and see what happens.


"RegistryCleaner Version 4.0" - This may be a valid tool. Did you install it? Did it come with the PC? What company name appears to be associated with it?

The below items are classified as malware (and are added to the list now) and you should uninstall and then run the READ & RUN ME and attach all 6 logs.
"Weather Services", "SpamBlockerUtility Browser, Weather and Wowpapers Tools", and "SpamBlockerUtility Email Toolbar".

 

Try the below instead.

Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

Yes try safe mode with networking to see if it works.

Is there an antivirus application installed? Did you run a full scan with it (in either normal or safe boot mode)? If not, try that.

Get the below logs preferably from normal boot mode but safe mode is okay if that is all you can do.

Download GetRunKey.Zip and ShowNew.Zip from the below links and extract all files from both ZIP files into a folder of their own. You can extract both ZIP files into the same folder. Like C:\MGTools While these tools will run from your Desktop, we strongly recommend that you DO NOT extract them to your Desktop. Please install them where recommended. Do not run the scans yet!!!

• Using GetRunKey
• Using ShowNew

Also install HijackThis properly and rename as requested in step 7 of the READ ME and attach a log from it too.

 

Does the PC run without shutting down if you stay in safe mode?

Try to get the logs I asked for in message # 4.

 

Okay it looks like CounterSpy removed your remaining malware issues.

Let's just fix a few other unnecessary items!


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O3 - Toolbar: (no name) - {A93A3CC9-BA23-4d0d-9440-6A0148362B7E} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

After clicking Fix, exit HJT.

Delete the below folder if found:
C:\Documents and Settings\Carmen Omstead\Application Data\Registry Cleaner

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Are you have any malware problems now? If not, do the below to remove the CounterSpy trial software.

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

 

You're welcome. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!