Malware found in restore files

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by jcdgl, Mar 8, 2010.

  1. jcdgl

    jcdgl Private First Class

    My virus program (antivir) reported 6 viruses or unwanted programs this morning all were in restore files TR/spyagent.bdrd and TR/FakeAV.Ado.

    My computer was acting up the other day and after cleaning it up with AdvancedCare and CC Cleaner (which i use all the time) it was worse so I decided to go back and restore it to the day before. Now it seems to chug alug even more. It is taking forever to load programs and to disconnect from the internet I also get the hour glass alot with i am doing things on the internet (facebook)

    I think I need you help. I have just printed the Read and Run me page and I will start some of that when I get home from work today. I recently changed my email but have updated that on your system
     
    jcdgl, Mar 8, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Attach the logs when you are ready.
     
    TimW, Mar 8, 2010
    #2
  3. jcdgl

    jcdgl Private First Class

    I got the first log done last nite. The scan took 2 hours (and found nothing) so i did not get much more done I will keep working at nite until i can get it done. thank you
     
    jcdgl, Mar 9, 2010
    #3
  4. jcdgl

    jcdgl Private First Class

    jcdgl, Mar 9, 2010
    #4
  5. jcdgl

    jcdgl Private First Class

    jcdgl, Mar 9, 2010
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to give me the exact path to the file. I am not seeing any malware in your logs.
     
    TimW, Mar 10, 2010
    #6
  7. jcdgl

    jcdgl Private First Class

    not sure if this is what you need.. i quarantined the file so that i could click on properties c:\cleanup\MGtools.exe cleanup is the folder that i stored all my logs so that it was easy for me to find. if i click on the file i get the warning. now that i have quarantined it MGtools has gone back to a zip file
     
    jcdgl, Mar 10, 2010
    #7
  8. jcdgl

    jcdgl Private First Class

    antivir showed several warning this morning that were detected over nite i guess. I did a print screen of the warning and was trying to send it to you as an attachment but it will not up load but it says TR/DropAgent.bsiw C:\system volume \Restore and then a very long line of numbers will this help you
     
    jcdgl, Mar 11, 2010
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The only way to remove system restore files that are infected it to toggle system restore. If after doing that you get any warnings from antivir, please give me the full path to the file. (Obviously any of the MGTools files are not malware!)
     
    TimW, Mar 11, 2010
    #9
  10. jcdgl

    jcdgl Private First Class

    Thank you Tim after i toggled the system restore the warnings stopped, by the way i was getting them every 2 hours according to my log on antivir. I ran a virus scan last nite and it was clean except for 2 files that could not be opened. I never really read the logs of the scans before so that may happen all the time. However, the problem seems to have been solved....Thanks to you guys again. I recommend you to anyone i know is having problems.
     
    jcdgl, Mar 12, 2010
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    TimW, Mar 12, 2010
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds