Malware Removal Help PLZ !!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by newfiesrule, Dec 13, 2006.

  1. newfiesrule

    newfiesrule Private E-2

    I have run through all the directions for posting, the panda scan crashes half way through and wont complete the scan, and the second online scan did not give an option to save the log that I could see anywhere! I know I am having probs with pop up windows etc.

    I have posted all the other logs thanks so much for your help!

    THNX
     

    Attached Files:

    newfiesrule, Dec 13, 2006
    #1
  2. newfiesrule

    newfiesrule Private E-2

    And the hijack this file.

    THNX
     

    Attached Files:

    newfiesrule, Dec 13, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    The instructions in the READ & RUN ME tell you how to create the log. Did BitDefender find any problems?

    You logs are not showing any major problems but we do have a couple things to work on.


    Uninstall the below software:
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_03
    Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME


    Now install the current version of Sun Java from: Sun Java Runtime Environment

    You did not rename hijackthis.exe as requested in step 7 of the READ & RUN ME. You need to do this now.

    Now download HOSTER and then follow the below steps.
    • Unzip Hoster to a convenient folder such as C:\Hoster
    • Run Hoster.exe, click Restore Original Hosts and then click OK.
    • Click the X to exit the program
    Now Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    C:\Program Files\My Web Search Bar <--- the whole folder

    Now reboot in normal mode
    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Now run the below to remove Windows Messenger:
    Disable/Remove Windows Messenger


    Now attach the below new logs and tell me how the above steps went.

    1. GetRunKey
    2. HJT


    Make sure you tell me how things are working now!
    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, Dec 14, 2006
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds