Following malware removal on advice of website hosting co.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mobwurd, Dec 16, 2012.

  1. mobwurd

    mobwurd Private E-2

    Hey,

    I have followed the guide to removing malware and I am at step 3 one quarantine error from hitman pro but as instructed I ignored it.

    I was advised by my website hosting to come here and follow the instructions because I have had an attack on my reseller account with several sites being injected.

    The host say's they obtained root access to my account and have changed my password as a matter of course. They say that typically this is the result of my pc being infected with a trojan or keylogger of some kind.

    relevant information:
    system is a split partition with windows 7 and linux mint.
    I use bitdefender antivirus plus 2012 as my antivirus.
    Last week I was a victim of Pceu metropolitan police screen lock I followed some instructions to get rid of it. Then 2 days later I got it again but I can not pin down where from.

    Attached are the required logs.
    No MGlogs.zip was generated.

    I await your response

    Kind Regards
     

    Attached Files:

    mobwurd, Dec 16, 2012
    #1
  2. mobwurd

    mobwurd Private E-2

    I found the MGlogs.zip it was not in the folder as I expected but outside of it on the root folder.

    Apologies.

    Attached now
     

    Attached Files:

    mobwurd, Dec 16, 2012
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You have quite clean looking logs, I'm not seeing anything much at all. Let's just do this:

    Re run Hitman and have it delete Potential Unwanted Programs

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.
     
    Kestrel13!, Dec 19, 2012
    #3
  4. mobwurd

    mobwurd Private E-2

    Ok did all that attaching the hitman log for you. It quarantined some kind of emulator-mips.exe file from within my adt developer files.

    The fixME.reg file worked on the second attempt I missed the REGEDIT4 part the first time.

    Just for extra info I have secured all my sites and now monitor them daily and every single one is subject to several brute force attempts on the login daily. My hosting co is aware and also monitoring. All the passwords have been changed to 28 digits.

    Much appreciate the help.
     

    Attached Files:

    Last edited: Dec 19, 2012
    mobwurd, Dec 19, 2012
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hitman log is still showing Potential Unwanted Programs (softonic item) You need to have it delete it, and then rescan yourself to see if it still shows or not.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Kestrel13!, Dec 19, 2012
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds