Logs from the read and run programs

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by jgeving88, Dec 17, 2008.

  1. jgeving88

    jgeving88 Private E-2

    finished running the 5 scans and things are better now, i could not even see the folder options to unhide the folders, i can see it now. should i unhide and rerun all the scans? still having some problems, mostly when i click to a new page i will have to reload a couple times to get the page opened, seems like it does that on all my computers here so might be the isp. thanks for looking.
     

    Attached Files:

    jgeving88, Dec 17, 2008
    #1
  2. jgeving88

    jgeving88 Private E-2

    one more log...just got a warning from avg while opening the attachment page, trojan fake.alert so still some problems on the system.
     

    Attached Files:

    jgeving88, Dec 17, 2008
    #2
  3. jgeving88

    jgeving88 Private E-2

    after i posted all scans i tried to open my office software, it ran before the scans but now it will not open. there was an error after the combofix i think. it is pretty crucial to get that back up, should i roll back the scans? can i do that? the software connects two other computers and the infected is the "server" for the system, controls my electronic billing and collections
     
    jgeving88, Dec 17, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Go to
    remove the .vir extention (rename) and copy and paste it back into the system32 folder.

    NOw tell me what this is:
    C:\jwab.exe

    Use windows explorer to find and delete:
    C:\WINDOWS\system32\rbk2948.bak
    C:\WINDOWS\system32\rbk294b.bak
    C:\WINDOWS\system32\rbk2950.bak
    C:\WINDOWS\system32\rbk2953.bak
    C:\WINDOWS\system32\rbk2958.bak
    C:\WINDOWS\system32\rbk295b.bak
    C:\WINDOWS\system32\rbk2960.bak
    C:\WINDOWS\system32\rbk2963.bak
    C:\WINDOWS\system32\rbk2968.bak
    C:\WINDOWS\system32\rbk296b.bak
    C:\WINDOWS\system32\rbk2970.bak
    C:\WINDOWS\system32\rbk2943.tmp

    Now reboot and tell me how things are running.

    Then run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
     
    TimW, Dec 20, 2008
    #4
  5. jgeving88

    jgeving88 Private E-2

    Im not sure i fully understood the first part, i just renamed the file by deleting the vir extension. deleted the other stuff, the computer seems to be running really good. I think im clean or at least cleaner. before i couldnt do a websearch for avg or other viruses, now i can. i gotta admit i got antsy and ran another SAS before i got this message and it found and cleaned a rootkit, after that i've had no problems, cannot find the jwab now either.
     

    Attached Files:

    jgeving88, Dec 22, 2008
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I see you renamed the file ( C:\Qoobox\Quarantine\C\WINDOWS\system32\oledb32.dll), but did you right click it ( oledb32.dll ) and choose copy and then paste it back into the C\WINDOWS\system32\ folder?

    One last thing to do:

    Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.

    If you use Firefox browser

    * Click Firefox at the top and choose: Select All
    * Click the Empty Selected button.
    o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    * Click Opera at the top and choose: Select All
    * Click the Empty Selected button.
    o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main ATF Cleaner menu to close the program.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Dec 23, 2008
    #6
  7. jgeving88

    jgeving88 Private E-2

    I cannot delete the java stuff still. i get an error message about transforms...on the runtime environment it says installation source not available. the error message is

    Error applying transforms. Verify that the specified transform paths are valid.
     
    jgeving88, Dec 24, 2008
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    This is just a problem with the installation files. Please do this:


    • Download the Microsoft Installer Clean Up utility file and save it on your desktop
    • Double click on executable file. The installation process will start. Follow the instructions accordingly
    • Once installation process is over, go to Start -> All Programs -> Run Windows Install Clean Up utility
    • This will launch the Windows Installer Clean Up utility dialog box
    • Under the Installed products list, select the desired JRE version that you want to remove
    • Click Remove and Exit
    Now see if you can uninstall them.
     
    TimW, Dec 24, 2008
    #8
  9. jgeving88

    jgeving88 Private E-2

    perfect, thanks for everything.
     
    jgeving88, Dec 26, 2008
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are quite welcome...safe surfing. :)
     
    TimW, Dec 26, 2008
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds