1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Infected computer, w/ questions on XP cleaning

Discussion in 'Malware Removal' started by ahurwich, Dec 17, 2010.

  1. ahurwich

    ahurwich Private E-2

    Hello,

    I followed a link to an NSFW site the other day and soon afterwards got a popup notification along the lines of "Windows system inspection has found an error" and then my browser started randomly opening windows to "anti-virus" purchase sites and redirecting google links to them as well.

    I've been running through the Windows XP cleaning procedure, but seem to have gotten stuck on running combofix. I think it's because I'm not properly disabling my AV, but here's what's happening, anyway: I run combofix, it says "McAfee VirusScan Enterprise is still active, disable it". I thought I had disabled it, so doubled-checked (and found on-access scanning, and all other 'disable'-able options set to "disabled") and clicked OK. Combofix runs until it gets to this screen: http://www.bleepstatic.com/combofix/en/autoscan.jpg and then just sits there for 30 minutes at which point I manually close it. I tried running MGtools, hoping it was just something with Combofix, but MGtools also froze after about a minute of scanning through my files.

    Logs from Superantispyware and Malwarebytes' attached. Should I just uninstall McAfee at this point and start over, is there a better way to disable than described above, or something else? The "How to Disable your AV" section on MajorGeek doesn't seem to cover my version of AV.

    Thanks for your help!
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, try uninstalling McAfee. Did you try running Combo and MGTools in safe mode? Have you tried renaming them?
     
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Also I think this might help you, give it a go.

    Go to TDSSKiller and Download TDSSKiller.zip to your Desktop

    • Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
    • Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor.
    • Allow the application to run and a window will open showing that it is TDSSkiller from Kaspersky
    • Click Start scan
    • It will run rather quickly and will notify you of whether anything is found or not.
    • Follow the instructions to delete/quarantine if asks you what to do when if finds something.
    Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )
     
  4. ahurwich

    ahurwich Private E-2

    Thanks guys. I figured out how to disable my AV to the point where combofix doesn't complain about it running and Windows security center complains about it being turned off.

    However, still haven't gotten combofix or MGtools to run successfully--same issue as earlier. I tried renaming it, running it in safe mode, and re-downloading it saved as a different name, with no effect. I didn't uninstall my AV because I thought that might not be the problem, although can if you still think it may be worth doing.

    I did successfully run rootrepeal and TDSSKiller--logs attached. Thanks again for the help thus far, and let me know how'd you like me to proceed.
     

    Attached Files:

  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    We could still uninstall Mcafee and then try running Combofix /MGTools again, however TDSSKiller found something that should have solved your problem. Describe to us how things are running at this point please.

    But we still need to see if any malware remains, so either uninstall Mcafee and run Combofix and MGTools... or...

    Download OTL to your desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Attach both of these logs into your next reply.
     
  6. ahurwich

    ahurwich Private E-2

    OTL run, logs attached.
     

    Attached Files:

  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Download HostsXpert and then follow the below steps.
    • Unzip HostsXpert.zip
    • It will create a folder named HostsXpert in whatever folder you extract it to.
    • Run HostsXpert.exe by double clicking on it.
    • Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).
    • Click Restore Microsoft's Hosts File and then click OK.
    • Click the X to exit the program

    Now try and run Combofix and MGTools (without uninstalling mcafee) Any luck? :confused
     
  8. ahurwich

    ahurwich Private E-2

    DL and ran HostsXpert successfully, but still error on combofix.

    Also, noticed that the clock on my computer freezes during combofix running along with all icons/start menu when I try to open task manager, or use other misc. windows things.
     
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Uninstall Mcafee and try again?
     
  10. ahurwich

    ahurwich Private E-2

    Uninstalled, but no change on combofix :(
     
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Run OTL again as instructed in post #5 (no need to redownload of course)

    Run this and attach the results.

    Using ESET's Online Scanner

    Tell me how things are running?
     
  12. ahurwich

    ahurwich Private E-2

    Things are running better--the computer was noticably slower before I started with a few of these scans, but now seems to be more on par with its usual speed. Haven't had the popup windows recently and a cursory google search/link clicking doesn't redirect me to "AV" sites. Of course, I've only been online for a few minutes since the scan finished.

    Logs attached--ESET did find some stuff. OTL didn't produce an Extras.txt file this time--normal?
     

    Attached Files:

  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    OTL reports that MGTools did run so please attach this log:
    C:\MGlogs.zip
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It also reports that the log will be incomplete. ;) MGtools should be rerun since TDSSkiller likely fixed the reason why it could not run properly.
     
  15. ahurwich

    ahurwich Private E-2

    Hmm. MGtools still seems to just sit there. Log attached in case it's at all useful.
     

    Attached Files:

  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, it only had the one log. Let's see if we can get it to run properly:

    Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

    cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
    GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
    ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
     
  17. ahurwich

    ahurwich Private E-2

    Ran GetRunKey command, and MGtools booted up, sat there and froze the computer as it's been doing previously.

    Ran ShowNew, it ran seemingly ok with no error messages and left me at the C:\MGtools> prompt.
     
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes because you have no available free disk space. Your logs from OTL showed the below:
    Code:
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 1.83 Gb Free Space | 4.91% Space Free | Partition Type: NTFS
    Drive D: | 542.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    You have ZERO space on drive D and the 1.83 GB of space on drive C is too small for many things to run possibly including MGtools and even many things that Windows needs to do. You need to free up disk space.
     
    Last edited: Dec 18, 2010
  19. ahurwich

    ahurwich Private E-2

    I can do that--how much free space will it need to run successfully?
     
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Don't bother with any of this. The problem is free disk space as I mentioned below.
     

Share This Page

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds