1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

JS:FakeWarn-E [Trj], please, please help!

Discussion in 'Malware Removal' started by SweetLD215, Sep 9, 2010.

  1. SweetLD215

    SweetLD215 Private E-2

    Hello,

    I am not sure what I did, but I got something called JS:FakeWarn-E [Trj], and I cannot do anything except use Mozilla. I tried clicking internet explorer and every website generates a windows security alert with a green shield at the bottom of the screen. I tried to run Ad-Aware, but can't. I tried to run Hi-Jack this, but can't. It'll pop up for a short second, then disappear, and give me an error alert. I can't even run regular applications like paint shop pro, Microsoft Word, etc. I'm assuming you need a HijackThis log or something of the sort, but I have no idea what to run since nothing works. Please help! I truly need a functioning computer since I have an online class to attend.
     
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

  3. SweetLD215

    SweetLD215 Private E-2

    Hi there. I went to that site, but it wants me to download ESET Smart Installer. I am able to download it but when I try to install, the computer thinks it is another security threat and kicks me out of the install. :(

    Is there anything else I can run online using Mozilla that doesn't need an install?

    I can't even do a system restore because it reads that as a security threat too.
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  5. SweetLD215

    SweetLD215 Private E-2

    Safe mode was great! I was able to do a bunch of things.

    - I went through the add/remove programs and was able to remove the Viewpoint Media Player.

    - Then went to the java step and here is what I got...
    Computer will not uninstall either of the following:
    Java(TM) 6 Update 15
    Java (TM) SE Runtime Environment 6
    The error message says:
    "The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance."
    I also cannot install the latest version in safe mode which is the only way I would be able to install at the moment.

    -I ran CCleaner

    - I don't have Norton Antivirus but do have Avast; however, it doesn't work even in safemode. I think Avast may have a virus? I don't know if that's possible but it was just generating errors saying it couldn't run because of a virus.

    -I have Windows Vista
    Running on 32 bit Operating System
    Intel Core 2 Duo CPU E6550 @ 2.33 GHz (if any of that is helpful)

    -I made sure MSconfig is in normal setup mode.

    -I clicked the link and went through the list. I didn't see any of those items listed in my add/remove programs

    -I ran the Defogger program and it worked

    -I downloaded the Vista Cleaning products
    For Malewarebytes, I tried to find where to rename it from mbam-setup.exe to mb.exe, but I could not find that option.
    I got combofix.exe downloaded but it says that Avast is intereferring with it because Avast is still running. I checked and don't see anywhere that Avast is running. I even checked the task manager applications and processes and did not find it.
    RootRepeal gave me this error: "Error - FOPS DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x00000 100)" But it looks like it is working anyways.

    -Disabled User Account Control

    I ran SUPERAntiSpyware but I don't see a log saved to attach. It did find issues and I followed the instructions on the forum to get rid of everything though.

    I ran Malwarebytes and attached the results.

    I ran HijackThis and attached the results

    I have a zipfile of MGlog and attached that as well.


    I couldn't run the RootRepeal. I got this error
    DeviceIoControl Error! Error Code = 0x0

    The security error doesn't keep popping up, but Internet Explorer does not seem to work. It will only direct me to the mypoints search page. I can't go to google or any other page. Even if I type the web address in directly, it simply diverts me back to my mypoints search page.
    Also, should I get rid of Avast?
     

    Attached Files:

  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Try and complete my instructions in normal mode from now on if possible.

    Uninstall the below outdated java:

    • Java(TM) 6 Update 15
    • Java(TM) SE Runtime Environment 6

    Mirar <--- uninstall this crap.

    Mozilla Firefox (3.0.19) <--- Update this!

    If you did not deliberately set this proxy yourself then please include it in the HJT fix below:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    After clicking Fix exit HJT.

    Now download The Avenger by Swandog469, and save it to your Desktop.

    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6

    Now I would like for you to run a FRESH version of ComboFix, the one you have on your desktop is outdated.

    Download the new version, let it overwrite the old, and run it as per the instructions in the Read and Run Me First.

    Rescan with SUPERantispyware and attach the log regardless of whether it found anything or not.

    Run CCleaner.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.


    Tell me how things are running?
     
  7. SweetLD215

    SweetLD215 Private E-2

    I was able to uninstall both Javas once in regular mode.
    I can't get Mirar to uninstall by using the Add/Remove program feature in the Control Panel. Is there any other way to get rid of it?

    I updated Firefox, and at first, it would not work due to some issue with the proxy settings. I went to Tools, Network, Connection settings, and switched for "use proxy settings" to "Auto detect proxy settings for this network" and that got it to connect to the internet. Hopefully that's alright.

    I've attached log files for ComboFix, Avenger, MGlogs, and SuperAnti Spyware

    The computer seems to be doing really well. Internet Explorer even works! =) You are amazing!

    I do have a question - should I get rid of Avast or is it a good program?
     

    Attached Files:

  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Apologies for the slight delay in a response, very busy weekend at work.

    Yes, try using Your Uninstaller!

    You mentioned:
    Is this still the case? You could always uninstall and re-install to be on the safe side. Actually, looking at your logs you are using an outdated version of avast anyway. Avast 5 is the latest. So uninstall it, then carry out my instructions, and only reinstall after we are finished.

    Before we continue I need for you to get combofix.exe directly onto your desktop and NOT in the below location:
    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    KILLALL::
    
    Driver::
    ASKService
    ASKUpgrade
    Viewpoint Manager Service
    WPRO_40_1340
    
    File::
    c:\windows\system32\drivers\WPRO_40_1340.sys
    c:\windows\TEMP\TMP000000A9AC736B62FEDE478B
    c:\windows\system32\WPRO_40_1340woem.tmp
    
    Folder::
    c:\program files\AskBarDis
    c:\program files\Viewpoint
    C:\Users\New Account\AppData\Local\Temp\FCTB000060497
    c:\users\New Account\AppData\Local\xyatrbsfy
    
    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      [​IMG]

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    Install the current version of avast.

    Let me know if things are still running okay.
     
  9. SweetLD215

    SweetLD215 Private E-2

    Hi there,

    I haven't gotten to do this stuff yet (been insane at work and at school) but hopefully I'll be able to run these things tomorrow =)
     
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    No problem, I will be here floating about somewhere.
     
  11. SweetLD215

    SweetLD215 Private E-2

    Hello,

    Ok I followed your instructions. I installed the Your Uninstaller and I think it worked in getting rid of Mirar. It was a bit confusing because it gave me an error (I had the error typed up, but when I ran ComboFix, it rebooted and I lost what I typed since I didn't save it). It basically said it couldn't find it, but then it asked if I wanted to continue uninstalling since it didn't finish. I think that did the trick.

    I also installed the right combofix and got it on my desktop, and ran the MGtools. I've attached the logs.

    My computer seems to be running properly now. Hopefully all the bad stuff is gone. =)
     

    Attached Files:

  12. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi.

    Now we need to use ComboFix again
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    KILLALL::
    
    Driver::
    WPRO_40_1340
    
    File::
    c:\windows\system32\WPRO_40_1340woem.tmp
    c:\windows\system32\drivers\WPRO_40_1340.sys
    
    Folder::
    C:\Users\New Account\AppData\Local\temp\FCTB000060497
    C:\Users\New Account\AppData\Local\temp\Low
    
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      [​IMG]

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    You need to install AV.
     
  13. SweetLD215

    SweetLD215 Private E-2

    Hi there,

    I followed your instructions and attached the two logs.

    What is AV? Is that Avast? If so, I did install it.
    It is the avast! Free Antivirus
    Program version: 5.0.677
    Virus definition version: 100918-1

    Is this the right one?
     

    Attached Files:

  14. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes, so you did, I missed it. Too tired and back from work now. I'll review those last logs tomorrow after work. :)
     
  15. SweetLD215

    SweetLD215 Private E-2

    Ok, sounds great. Thank you so much!
     
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.
     
  17. SweetLD215

    SweetLD215 Private E-2

    Hi there!

    I followed your instructions. Hopefully my computer is good now. *crossing fingers*
     

    Attached Files:

  18. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Could you please go to VirusTotal.com and upload the following files for analysis:

    • C:\Windows\System32\WPRO_40_1340woem.tmp

    Could you please get this: WPRO_40_1340woem.tmp into a zipped file and attach it for me in your next post? To do this, see the below:

    Please go to start > Run and paste in the following:

    log retrievable @ C:\collect.zip


    Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    If you use Firefox browser

    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main ATF Cleaner menu to close the program.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    Don't forget the collect.zip and the VT results.
     
  19. SweetLD215

    SweetLD215 Private E-2

    Hi there!

    I'll follow the steps when I get home this evening. You mentioned the ATF Cleaner is only for Windows XP and 2000. I run on Windows Vista, unfortuantely. Does this mean I should not do that step?
     
  20. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    *slaps head* yes, my bad. Run Ccleaner. You have alot of temporary files that should be flushed out.
     
  21. SweetLD215

    SweetLD215 Private E-2

    Sorry that I'm so slow to respond. School kicks my butt quite often along with the FT job.

    I went to the site you gave me and inputted the file: C:\Windows\System32\WPRO_40_1340woem.tmp

    It said:
    File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
    MD5: dcfea580f394ca0ea1a264dffaf5af55
    Date first seen: 2009-02-19 18:36:04 (UTC)
    Date last seen: 2010-08-15 08:28:53 (UTC)
    Detection ratio: 0/42

    That was odd because I've never even been to this site so I know I've never submitted this file. I clicked reanalyze. Here are the results:

    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name:
    WPRO_40_1340woem.tmp
    Submission date:
    2010-09-26 03:26:58 (UTC)
    Current status:
    queued (#2) queued (#2) analysing finished
    Result:
    0/ 43 (0.0%)

    Antivirus Version Last Update Result
    AhnLab-V3 2010.09.25.00 2010.09.24 -
    AntiVir 7.10.12.30 2010.09.24 -
    Antiy-AVL 2.0.3.7 2010.09.25 -
    Authentium 5.2.0.5 2010.09.25 -
    Avast 4.8.1351.0 2010.09.25 -
    Avast5 5.0.594.0 2010.09.25 -
    AVG 9.0.0.851 2010.09.25 -
    BitDefender 7.2 2010.09.26 -
    CAT-QuickHeal 11 2010.09.24 -
    ClamAV 0.96.2.0-git 2010.09.26 -
    Comodo 6199 2010.09.26 -
    DrWeb 5.0.2.03300 2010.09.26 -
    Emsisoft 5.0.0.37 2010.09.25 -
    eSafe 7.0.17.0 2010.09.21 -
    eTrust-Vet 36.1.7875 2010.09.25 -
    F-Prot 4.6.2.117 2010.09.25 -
    F-Secure 9.0.15370.0 2010.09.25 -
    Fortinet 4.1.143.0 2010.09.25 -
    GData 21 2010.09.26 -
    Ikarus T3.1.1.88.0 2010.09.25 -
    Jiangmin 13.0.900 2010.09.25 -
    K7AntiVirus 9.63.2608 2010.09.25 -
    Kaspersky 7.0.0.125 2010.09.26 -
    McAfee 5.400.0.1158 2010.09.26 -
    McAfee-GW-Edition 2010.1C 2010.09.25 -
    Microsoft 1.6201 2010.09.25 -
    NOD32 5479 2010.09.25 -
    Norman 6.06.06 2010.09.25 -
    nProtect 2010-09-25.01 2010.09.25 -
    Panda 10.0.2.7 2010.09.25 -
    PCTools 7.0.3.5 2010.09.26 -
    Prevx 3 2010.09.26 -
    Rising 22.66.04.00 2010.09.25 -
    Sophos 4.58.0 2010.09.26 -
    Sunbelt 6928 2010.09.25 -
    SUPERAntiSpyware 4.40.0.1006 2010.09.25 -
    Symantec 20101.1.1.7 2010.09.26 -
    TheHacker 6.7.0.0.034 2010.09.26 -
    TrendMicro 9.120.0.1004 2010.09.25 -
    TrendMicro-HouseCall 9.120.0.1004 2010.09.26 -
    VBA32 3.12.14.1 2010.09.24 -
    ViRobot 2010.9.25.4060 2010.09.25 -
    VirusBuster 12.65.25.0 2010.09.26 -
    Additional information
    Show all
    MD5***: dcfea580f394ca0ea1a264dffaf5af55
    SHA1**: d3c432a495030b9cc3a002b42ca8b310af2f447b
    SHA256: c835dbba79593f362e1f4de8c70432276dc9deef5e578ff0dabaa8e54f688f29


    I also ran CCleaner and got the MGlogs attached. (along with that zip file).

    I did notice something odd. My Internet Explorer seems to be freezing up a bit lately - to the point I really stopped using it for the most part and stick mainly to Firefox. Well, then twice now, my computer has done something odd - once after clicking a link in google from IE (a few days ago), and once from clicking a google link in Firefox (today). The screen went black, then a blue screen popped up that I didn't have a chance to read - something about Windows finding an error and then the computer reboots itself.
    Could this have anything to do with the virus I originally had when I posted?
     

    Attached Files:

  22. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    It simply means that somebody else has submitted the same filename for analysis previously.

    Have you ever had this software installed because that is what the C:\Windows\System32\WPRO_40_1340woem.tmp file relates to, but I do not currently see it installed now, but the files still exist; and it bothers me that it didn't delete when I asked combofix to do so, also the software can be used for malicious purposes although it is legit in itself.

    WinPcap Professional

    C:\Windows\System32\WPRO_40_1340woem.tmp Rename this to WPRO_40_1340woem.tmp.old

    Download and run OTM

    Download OTM by Old Timer and save it to your Desktop.

    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.
    Code:
    :files
    C:\Users\New Account\AppData\Local\temp\32755e09-de8e-426a-b989-ace8f5588345.dmp
    C:\Users\New Account\AppData\Local\temp\3440992.od
    C:\Users\New Account\AppData\Local\temp\600447.od
    C:\Users\New Account\AppData\Local\temp\CVR2970.tmp.cvr
    C:\Users\New Account\AppData\Local\temp\CVR8160.tmp.cvr
    C:\Users\New Account\AppData\Local\temp\Low
    C:\Users\New Account\AppData\Local\temp\MAR19A7.tmp
    C:\Users\New Account\AppData\Local\temp\MAR1B6D.tmp
    C:\Users\New Account\AppData\Local\temp\MAR87C5.tmp
    C:\Users\New Account\AppData\Local\temp\MAR88CF.tmp
    C:\Users\New Account\AppData\Local\temp\MARF056.tmp
    C:\Users\New Account\AppData\Local\temp\MARF151.tmp
    C:\Users\New Account\AppData\Local\temp\MARF15F.tmp
    C:\Users\New Account\AppData\Local\temp\MARF2B8.tmp
    C:\Users\New Account\AppData\Local\temp\STS1B7C.tmp
    C:\Users\New Account\AppData\Local\temp\STS6586.tmp
    C:\Users\New Account\AppData\Local\temp\sts954d.tmp  
    C:\Users\New Account\AppData\Local\temp\STSB8D4.tmp
    C:\Users\New Account\AppData\Local\temp\zVPyrP5X.htm.part
    C:\Users\New Account\AppData\Local\temp\~DF137.tmp
    C:\Users\New Account\AppData\Local\temp\~DF3E1C.tmp
    C:\Users\New Account\AppData\Local\temp\~DF4C52.tmp
    C:\Users\New Account\AppData\Local\temp\~DF5CAD.tmp
    C:\Users\New Account\AppData\Local\temp\~DF6847.tmp
    C:\Users\New Account\AppData\Local\temp\~DF6D0F.tmp
    C:\Users\New Account\AppData\Local\temp\~DFAC9.tmp
    C:\Users\New Account\AppData\Local\temp\~DFB564.tmp
    C:\Users\New Account\AppData\Local\temp\~DFB7F9.tmp
    C:\Users\New Account\AppData\Local\temp\~DFCE20.tmp
    C:\Users\New Account\AppData\Local\temp\~DFEF90.tmp
    C:\Users\New Account\AppData\Local\temp\~DFF798.tmp
    C:\Windows\System32\WPRO_40_1340woem.tmp
    C:\Windows\System32\WPRO_40_1340woem.tmp.old
    
    :Commands
    [emptytemp]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.
     
  23. SweetLD215

    SweetLD215 Private E-2

    Hello,

    No, I haven't installed that WinPcap Professional before. I've actually never seen or heard of it. That's odd. What should I do to get rid of it?

    I downloaded OTM onto my computer. It didn't ask me to reboot and the log popped up on it's own.

    I've attached that log and MGlog too.

    Thanks!
    Michelle
     

    Attached Files:

  24. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    It's gone now ;)

    If all is still well, run Ccleaner again, and then:

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
  25. SweetLD215

    SweetLD215 Private E-2

    THANK YOU!! Those two words simply aren't enough to express my gratitude towards you for all of your help. You've been simply amazing and kept me from completely freaking out over getting this virus on my computer.

    I followed your steps so hopefully everything is good now (and hopefully IE won't choke up and smack my computer in the face again) =) I did download Opera just in case even though I have IE and Firefox.

    Thank you again. Times about a million! =)
     
  26. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Ahh, you're most welcome. :) Safe surfing!
     

Share This Page

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds