E2G Removal Help Needed

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by groundzero2010, Jun 14, 2006.

  1. groundzero2010

    groundzero2010 Private E-2

    I followed the directions in this post

    http://forums.majorgeeks.com/showthread.php?t=90586

    and came out a lot better than I did with other attempts to remove E2G.

    Here is my avenger log and my ewido scan log after the avenger and registry clean.

    --------------------------------------------------------------------

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\vrsmexgs

    *******************

    Script file located at: \??\C:\Documents and Settings\ttfrieei.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:



    File C:\WINDOWS\System32\askearth17.exe not found!
    Deletion of file C:\WINDOWS\System32\askearth17.exe failed!

    Could not process line:
    C:\WINDOWS\System32\askearth17.exe
    Status: 0xc0000034



    File C:\WINDOWS\System32\ei.exe not found!
    Deletion of file C:\WINDOWS\System32\ei.exe failed!

    Could not process line:
    C:\WINDOWS\System32\ei.exe
    Status: 0xc0000034



    File C:\WINDOWS\System32\filgmo.exe not found!
    Deletion of file C:\WINDOWS\System32\filgmo.exe failed!

    Could not process line:
    C:\WINDOWS\System32\filgmo.exe
    Status: 0xc0000034



    File C:\WINDOWS\system32\iniwin32.dll not found!
    Deletion of file C:\WINDOWS\system32\iniwin32.dll failed!

    Could not process line:
    C:\WINDOWS\system32\iniwin32.dll
    Status: 0xc0000034



    File C:\WINDOWS\System32\pruttct.exe not found!
    Deletion of file C:\WINDOWS\System32\pruttct.exe failed!

    Could not process line:
    C:\WINDOWS\System32\pruttct.exe
    Status: 0xc0000034



    File C:\WINDOWS\System32\prutpct.exe not found!
    Deletion of file C:\WINDOWS\System32\prutpct.exe failed!

    Could not process line:
    C:\WINDOWS\System32\prutpct.exe
    Status: 0xc0000034



    File C:\WINDOWS\System32\prutsct.exe not found!
    Deletion of file C:\WINDOWS\System32\prutsct.exe failed!

    Could not process line:
    C:\WINDOWS\System32\prutsct.exe
    Status: 0xc0000034



    File C:\WINDOWS\System32\ptech.exe not found!
    Deletion of file C:\WINDOWS\System32\ptech.exe failed!

    Could not process line:
    C:\WINDOWS\System32\ptech.exe
    Status: 0xc0000034



    File C:\WINDOWS\System32\skytown.exe not found!
    Deletion of file C:\WINDOWS\System32\skytown.exe failed!

    Could not process line:
    C:\WINDOWS\System32\skytown.exe
    Status: 0xc0000034



    File C:\Program Files\data19 not found!
    Deletion of file C:\Program Files\data19 failed!

    Could not process line:
    C:\Program Files\data19
    Status: 0xc0000034



    File C:\WINDOWS\pi1.exe not found!
    Deletion of file C:\WINDOWS\pi1.exe failed!

    Could not process line:
    C:\WINDOWS\pi1.exe
    Status: 0xc0000034



    File C:\Documents and Settings\bobby\Desktop\askearth17.exe not found!
    Deletion of file C:\Documents and Settings\bobby\Desktop\askearth17.exe failed!

    Could not process line:
    C:\Documents and Settings\bobby\Desktop\askearth17.exe
    Status: 0xc0000034



    File C:\Documents and Settings\bobby\Desktop\ei.exe not found!
    Deletion of file C:\Documents and Settings\bobby\Desktop\ei.exe failed!

    Could not process line:
    C:\Documents and Settings\bobby\Desktop\ei.exe
    Status: 0xc0000034



    File C:\Documents and Settings\bobby\Desktop\filgmo.exe not found!
    Deletion of file C:\Documents and Settings\bobby\Desktop\filgmo.exe failed!

    Could not process line:
    C:\Documents and Settings\bobby\Desktop\filgmo.exe
    Status: 0xc0000034



    File C:\Documents and Settings\bobby\Desktop\prutpct.exe not found!
    Deletion of file C:\Documents and Settings\bobby\Desktop\prutpct.exe failed!

    Could not process line:
    C:\Documents and Settings\bobby\Desktop\prutpct.exe
    Status: 0xc0000034



    File C:\Documents and Settings\bobby\Desktop\prutsct.exe not found!
    Deletion of file C:\Documents and Settings\bobby\Desktop\prutsct.exe failed!

    Could not process line:
    C:\Documents and Settings\bobby\Desktop\prutsct.exe
    Status: 0xc0000034



    File C:\Documents and Settings\bobby\Desktop\ptech.exe not found!
    Deletion of file C:\Documents and Settings\bobby\Desktop\ptech.exe failed!

    Could not process line:
    C:\Documents and Settings\bobby\Desktop\ptech.exe
    Status: 0xc0000034



    File C:\Documents and Settings\bobby\Desktop\skytown.exe not found!
    Deletion of file C:\Documents and Settings\bobby\Desktop\skytown.exe failed!

    Could not process line:
    C:\Documents and Settings\bobby\Desktop\skytown.exe
    Status: 0xc0000034



    File C:\Documents and Settings\bobby\Local Settings\Temp\ei.exe not found!
    Deletion of file C:\Documents and Settings\bobby\Local Settings\Temp\ei.exe failed!

    Could not process line:
    C:\Documents and Settings\bobby\Local Settings\Temp\ei.exe
    Status: 0xc0000034

    Folder C:\PROGRAM FILES\E2G deleted successfully.


    Folder C:\PROGRAM FILES\Windows AdStatus not found!
    Deletion of folder C:\PROGRAM FILES\Windows AdStatus failed!

    Could not process line:
    C:\PROGRAM FILES\Windows AdStatus
    Status: 0xc0000034

    Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
    Registry key HKLM\software\e2g deleted successfully.
    Registry key HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{3643abc2-21bf-46b9-b230-f247db0c6fd6} deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    --------------------------------------------------------------------

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 9:50:31 PM, 6/14/2006
    + Report-Checksum: EA2D86CC

    + Scan result:

    C:\windows\SYSTEM32\inicfg32.dll -> Adware.E2give : Cleaned with backup
    C:\windows\up9.exe -> Adware.MediaMotor : Cleaned with backup
    C:\Documents and Settings\bobby\Cookies\bobby@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\bobby\Cookies\bobby@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\bobby\Cookies\bobby@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\bobby\Cookies\bobby@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\bobby\Cookies\bobby@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\bobby\Cookies\bobby@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\bobby\Cookies\bobby@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\bobby\Cookies\bobby@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\bobby\Cookies\bobby@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\bobby\Cookies\bobby@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\bobby\Cookies\bobby@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup


    ::Report End

    --------------------------------------------------------------------

    I've tried several different programs and methods to try to get rid of this and nothing seems to work 100%. Although this is was my best attempt. Any suggestions on what I should do now?

    Bobby - groundzero2010
     
    groundzero2010, Jun 14, 2006
    #1
  2. groundzero2010

    groundzero2010 Private E-2

    Okay..I scanned my computer a couple more times with Ewido and by the third time I had no files corrupt. I even restarted and it doesn't seem to be on my computer any longer. I did a hijackthis log. Is there anything I should be worried about from this log?

    Edit by chaslang: Inline HJT log removed. READ ME not followed.
     
    Last edited by a moderator: Jun 15, 2006
    groundzero2010, Jun 14, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    In the future, please follow the directions in the sticky procedures. No logs should be posted inline like you are doing. They should be attachments to your messages.

    Also NO HijackThis logs should be posted without having run the standard cleaning procedures given in READ & RUN ME FIRST Before Asking for Support This was even given to you in the E2Give removal procedure.

    Yes there are a few other minor items in your HJT log. Run the above procedure.
     
    chaslang, Jun 15, 2006
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds