having different problems since cleaning

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by thebaron, Oct 12, 2009.

  1. thebaron

    thebaron Private E-2

    Pt.1
    I followed the "read & run me first" and the malware that avast couldn't remove seems to have gone. Now, i can't update avast or flash media player, the internet keeps dropping out which is unusual. I only really use the computer for internet and movies, so i don't know if anything else is wrong. Thanks.

    log.txt is the combo fix log.
     

    Attached Files:

  2. thebaron

    thebaron Private E-2

    Pt.2
     

    Attached Files:

  3. evilfantasy

    evilfantasy Malware Fighter

    Welcome to MajorGeeks.


    Multiple antivirus warning!

    Microsoft, Kaspersky and Symantec recommend that you do not have more than one antivirus product installed and running on your computer at the same time.

    The real-time protection of two antivirus programs may conflict with each other and cause the following:

    * False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    * Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
    * Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
    * Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

    Since you use Avast please go to Add or Remove Programs and uninstall: (if found)

    • Norton AntiVirus 2005 (Symantec Corporation)
    • Norton AntiVirus Parent MSI
    • Norton WMI Update
    • Symantec Network Drivers Update
    • Symantec Script Blocking Installer
    • Symantec
    • SymNet


    Download the Norton Removal Tool (SymNRT) to your desktop.

    Once downloaded please close ALL open browsers, also save any work because this may require a restart.

    * Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup.
    * Once open Click Next
    * Accept the license agreement and click Next
    * Type in the letters/numbers that you see into the text box then click Next.
    * Then click Next and the tool will start running.
    * Once finished restart the PC.
    * Delete the 'Norton_Removal_Tool' from your desktop.




    For a good free firewall I suggest using ONE of the following.

    Remember only install ONE firewall

    1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any Ask.com options if you choose this one)
    2) Online Armor
    3) Agnitum Outpost
    4) PC Tools Firewall Plus




    Delete the copy of ComboFix and download the new version.

    Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

    Link #1
    Link #2

    **Note: It is important that it is saved directly to your Desktop

    DO NOT run it yet!

    Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

    Delete these files/folders, as follows:

    1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
    It must be Notepad, not Wordpad.
    2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

    Code:
    KillAll::
    
    File::
    C:\2o1ajagt.exe
    C:\wrsf.exe
    C:\o8tf6l.exe
    C:\WINDOWS\system32\SET10.tmp
    C:\WINDOWS\system32\set14.tmp
    C:\WINDOWS\system32\set15.tmp
    C:\WINDOWS\system32\set16.tmp
    C:\WINDOWS\system32\set17.tmp
    C:\WINDOWS\system32\set1b.tmp
    C:\WINDOWS\system32\set1d1.tmp
    C:\WINDOWS\system32\set1d2.tmp
    C:\WINDOWS\system32\set1d3.tmp
    C:\WINDOWS\system32\set1d4.tmp
    C:\WINDOWS\system32\set1d5.tmp
    C:\WINDOWS\system32\set1e.tmp
    C:\WINDOWS\system32\set20.tmp
    C:\WINDOWS\system32\set21.tmp
    C:\WINDOWS\system32\set26.tmp
    C:\WINDOWS\system32\set27.tmp
    C:\WINDOWS\system32\set28.tmp
    C:\WINDOWS\system32\set2a.tmp
    C:\WINDOWS\system32\setc.tmp
    C:\WINDOWS\system32\setd.tmp
    C:\WINDOWS\system32\sete.tmp
    C:\WINDOWS\system32\setf.tmp
    
    Folder::
    c:\program files\Common Files\Symantec Shared
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AVGEMS"=-
    "Avg7UpdSvc"=-
    "Avg7Alrt"=-
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    
    
    3. Go to the Notepad window and click Edit > Paste
    4. Then click File > Save
    5. Name the file CFScript.txt - Save the file to your Desktop
    6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

    [​IMG]

    ComboFix will begin to execute, just follow the prompts.
    After reboot (in case it asks to reboot), it will produce a log for you.
    Attach the log (Combofix.txt) in your next reply.

    Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze



    Open Malwarebytes' Anti-Malware.

    * Click the Update tab.
    * Click Check for Updates
    * If an update is found, it will download and install.
    * Click the Scanner tab.
    * Select Perform Quick Scan, then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Attach the entire report in your next reply.

    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




    Scan your computer with the ESET FREE Online Virus Scan

    * Click the ESET Online Scanner button.

    * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
    * Double click on the esetsmartinstaller_enu.exe icon on your desktop.
    * Place a check mark next to YES, I accept the Terms of Use.

    * Click the Start button.
    * Accept any security warnings from your browser.
    * Leave the check mark next to Remove found threats and place a check next to Scan archives.
    * Click the Start button.
    * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
    * When the scan completes, click List of found threats.
    * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
    * Click the <<Back button then click Finish.

    In your next reply please include the ESET Online Scan Log




    Now run a new scan with MGtools and attach the log. Using MGtools



    Next post please attach:

    • ComboFix.txt
    • MBAM log
    • ESET Online Scan log
    • New MGlogs.zip
     
  4. thebaron

    thebaron Private E-2

    Thanks heaps for the run down. Here are the logs. This is a question i know you will throw your head back and groan at but, i have a external hard drive and a usb stick and i know they must have malware or something on them. I have disabled auto run like was recomended but, how should i go about cleaning them?

    thanks
     

    Attached Files:

  5. evilfantasy

    evilfantasy Malware Fighter

    See here: Warning about Porn, Keygens, Cracks, and other Illegal Software


    For the external Hard Drive and a USB stick.

    Insert your flash drive before we begin. Hold down the Shift key when inserting the flash drive until Windows detects it to bypass the autorun feature. This will keep the autorun.inf from executing automatically.

    Please have all your removable storage devices ready for disinfection.

    Download Flash Disinfector by sUBs and save it to your desktop.

    * Double-click Flash_Disinfector.exe to run it.
    * Your desktop and icons may disappear. This is normal.
    * It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.
    * Follow any prompts that may appear.
    * The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    * Wait until it has finished scanning and then exit the program.
    * There will be no GUI interface or log file produced.
    * Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.



    You should visit Windows Update and get all critical updates including Service Pack 3. There are many security updates included with SP3.



    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds