Malware removal

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Bugz, Sep 9, 2006.

  1. Bugz

    Bugz Private E-2

    I'm trying to clean my computer of all malware and I'm starting to go through all your steps. This is the first post with .bat files. Thank you in advance for you help.
     

    Attached Files:

  2. Bugz

    Bugz Private E-2

    Here is bitdefender and hijackhtis logs. Thanks again for your help.
     

    Attached Files:

  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Please follow the directions in step 6 and run and attach the log from PandaActiveScan.

    Then follow the exact directions in step 7 of the the READ ME and rename HijackThis.exe as requested and then attach a new HJT log.

    Please describe what malware problems you are actually having?
     
  4. Bugz

    Bugz Private E-2

    I ran the pandaActivescan and here are the results. Now I am going to do step 7.
     

    Attached Files:

  5. Bugz

    Bugz Private E-2

    This is the new log of hjt. Thank you for your help
     

    Attached Files:

  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you knowingly install Weatherbug from MyWebSearch on your own or did it sneak in without you knowing about it?

    Before I can give you cleaning instructions, I need to know the answer to the above. We typically remove Weatherbug and we always remove MyWebSearch.
     
  7. Bugz

    Bugz Private E-2

    I knowingly installed weatherbug but not mywebsearch and if weatherbug needs to go then I can take it off. Thanks again.
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You got MyWebSearch from installing WeatherBug,

    Goto Add/Remove programs and uninstall the below:
    J2SE Runtime Environment 5.0 Update 1
    Viewpoint Media Player
    WeatherBug Browser Bar - powered by MyWebSearch
    WeatherBug


    Now install the current version of Sun Java from: Sun Java Runtime Environment


    Now Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R3 - URLSearchHook: (no name) - ~37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
    R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {C09C9904-FD44-11D6-A711-00105AC8F168} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete
    :
    C:\Program Files\MyWebSearchWB <--- the whole folder:

    Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
    Now run Ccleaner (installed while running the READ ME FIRST)
    .

    Now we need to Reset Web Settings:
    1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
    Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

    Now reboot in normal mode and post a new HJT log.

    Make sure you tell me how things are working now.

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
  9. Bugz

    Bugz Private E-2

    Here is the new hjt. Thanks again for your help. It seems to be running better thank you.
     

    Attached Files:

  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link:

    How to Protect yourself from malware!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds