Finished with scans, everything seems ok now but...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by lappeKman, Apr 8, 2008.

  1. lappeKman

    lappeKman Private E-2

    my wifes account is popping up a message when I try to change her background. The message is about not being able to find "C:Windows/privacy_danger/index.htm". The background is all white. My account is not giving me this message and I am able to change my background.

    Also we use Norton 360 and it is saying that "the web browser is not set to detect fraudulent web sites or to authenticate genuine web sites" , but it will not let me fix it.

    We did have some trojan.blackbird issues that seem to be fixed so that is good. No more pop ups and warnings about spyware. Good.

    Let me know if you can help, I will post the MGlogs.zip in the next post.

    Thanks so much for providing this procedure.

    Kman
     

    Attached Files:

    lappeKman, Apr 8, 2008
    #1
  2. lappeKman

    lappeKman Private E-2

    Here is the MGlogs.zip.

    Thanks again.

    Sorry if I should be posting this to another forum. Damn Newbs!

    Kman
     

    Attached Files:

    lappeKman, Apr 8, 2008
    #2
  3. lappeKman

    lappeKman Private E-2

    Thanks, I was very tired last night and it is very obvious (now) that I had posted in the wrong forum.

    I will repost at the malware forumn.
     
    lappeKman, Apr 9, 2008
    #3
  4. lappeKman

    lappeKman Private E-2

    Finished with scans, everything seems ok now but....

    my wifes account is popping up a message when I try to change her background. The message is about not being able to find "C:Windows/privacy_danger/index.htm". The background is all white. My account is not giving me this message and I am able to change my background.

    Also we use Norton 360 and it is saying that "the web browser is not set to detect fraudulent web sites or to authenticate genuine web sites" , but it will not let me fix it.

    We did have some trojan.blackbird issues that seem to be fixed so that is good. No more pop ups and warnings about spyware. Good.

    I started a thread in the (wrong) "New welcome" forum last night by mistake. All the scan logs are there in the thread with the same title. Sorry for the inconvenience, it was along day yesterday.

    Thanks so much for providing this procedure.

    Kman
     
    lappeKman, Apr 9, 2008
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re: Finished with scans, everything seems ok now but....

    Welcome to Major Geeks!

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    TimW, Apr 9, 2008
    #5
  6. lappeKman

    lappeKman Private E-2

    Re: Finished with scans, everything seems ok now but....

    Hey Tim,

    As I said in my first post, I have finished all the "read & run me first" scans, but posted in the "NEW Welcome" forum last night by mistake. That is where I attached all the scan logs, and I tried to post them with this thread today but it says I'm not allowed because they are already posted on the other forum. I even tried renaming them to post on this thread, but it still wouldn't allow me to.

    So all the scan logs are over in the "NEW welcome" forumn from last night under the same title as this thread.

    Sorry for the inconvenience.

    Kman
     
    lappeKman, Apr 9, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Ok...I've moved the logs ....now:

    Please disable all anti-virus and anti-spyware programs while we do the following:

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now download The Avenger by Swandog469, and save it to your Desktop.
    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

    Be sure to tell us how things are running.
     
    TimW, Apr 9, 2008
    #7
  8. lappeKman

    lappeKman Private E-2

    OK, here are the logs.

    Computer same as before. Norton is still warning me about the phishing protection, but I cannot turn it on.

    My account seems to be ok still. But again, as soon as I log in to my wifes account an error window pops up for windows internet explorer saying it cannot find "file:///C:/windows/privacy_danger/index.htm" "make sure the path or internet address is correct". Her desktop background is still white as well. Its like the desktop is trying to connect to the internet because last night I waited a bit and a message came up on the desktop background that it "could not connect to the internet".

    Thanks again, amazing you guys do this!

    Kman
     

    Attached Files:

    lappeKman, Apr 9, 2008
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:


    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now log into her account and run MalwareBytes and the C:\MGtools\GetLogs.bat file.

    Attach the three logs.
     
    Last edited: Apr 10, 2008
    TimW, Apr 10, 2008
    #9
  10. lappeKman

    lappeKman Private E-2

    Here are the three logs.

    Problems from last post remain.

    Thanks

    Kman.
     

    Attached Files:

    lappeKman, Apr 10, 2008
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please disable all anti-virus and anti-spyware programs while we do the following:

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot

    Now right click the desktop / properties / desktop tab / customize desktop / web tab ...and make sure that both boxes are unchecked.

    DO you have other accounts on this computer with administrative privileges that are used?

    Are you still having problems?
     
    TimW, Apr 10, 2008
    #11
  12. lappeKman

    lappeKman Private E-2

    Tim,

    I disabled anti-virus and ran Mgtools.analyse.exe, but no lines appeared on the list that were the same as what you want me to select.

    I havn't gone any further. I will wait for more instructions.

    Kman
     
    lappeKman, Apr 11, 2008
    #12
  13. lappeKman

    lappeKman Private E-2

    Sorry again,

    I guess I needed to be logged in to my wifes account to get those three lines to show up in MGtools.

    All done, here is the Avenger log.

    I can change her background now, everything seems good except Norton still won't let me turn on Phishing protection.

    No other accounts on the computer, just mine and hers, except when booted in safe mode of course.

    Thanks

    Kman
     

    Attached Files:

    lappeKman, Apr 11, 2008
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You may wish to pursue the Norton issue in the software section ...If you are not having any other malware problems, it is time to do our final steps:

    1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    2.
    * Click START then RUN
    * Now type "%userprofile%\Desktop\cf" /u in the runbox and click OK.
    * Note: The space between the cf and the /U, it must be there.
    3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    5. If you are running Windows XP or Windows ME, do the below:
    * Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    6. After doing the above, you should work thru the below link:
    How to Protect yourself from malware!
     
    TimW, Apr 12, 2008
    #14
  15. lappeKman

    lappeKman Private E-2

    Thanks Tim,

    Like I said before, its amazing that you guys help with these problems. I can't thank you enough for your time.

    All steps have been done.

    I will look elsewhere to figure out the Norton problem. Maybe just get rid of it because this is the second time in 6 months this has happened.

    We just picked up Forefront at work and it has already found a bunch of trojans that our previous virus protection didn't find. Maybe I'll look at that.

    Thanks again,

    Kman
     
    lappeKman, Apr 12, 2008
    #15
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome ..safe surfing. :)
     
    TimW, Apr 12, 2008
    #16

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds