Malware Removal

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by zompton, Nov 14, 2007.

  1. zompton

    zompton Private E-2

    I am having trouble getting my virus sc ans to come up clean. Many different scanners give different result so ill let the attachments speak for themselves. I have experienced only one pop-up but im trying to eliminate this problem before it becomes one.
     

    Attached Files:

  2. zompton

    zompton Private E-2

    more attachments...
     

    Attached Files:

  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Why are you running your PC with no antivirus and without a true bidirectional firewall???

    Where is the requested log from AVG Antispyware?

    You have HijackThis installed exactly where the READ ME specifies not to install it. You have it here:
    I:\Documents and Settings\Patrick Clifford\My Documents\Virus Scanners\analyse.exe

    You need to have it here:
    I:\Program Files\HijackThis\analyse.exe

    Note: HijackThis is not a Virus Scanner.

    Please install HijackThis properly and then do the below:


    Download HostsXpert and then follow the below steps.
    • Unzip HostsXpert.zip
      [*]It will create a folder named HostsXpert in whatever folder you extract it to.
      [*]Run HostsXpert.exe by double clicking on it.
      [*]click the Make Writeable? button.
      [*]click Restore Microsoft's Hosts File and then click OK.
      [*]Click the X to exit the program
    Boot into safe mode and delete the below files:
    I:\WINDOWS\system32\memsys.dll
    I:\WINDOWS\system32\winup.exe
    J:\Program Install Files\ComboFix.exe


    Now attach a new HijackThis log.
     
  4. zompton

    zompton Private E-2

    I cant find the avg report, and sorry about the hijackthis, its fixed now. I cant afford anti-virus right now, but i believe Army Knowledge Online offers free sympmantic and mcafee for active military, would that be good to try?

    I cannot boot into safemode because when i hit F8 i then have to choose safe mode and for some reason at the boot process my PC will not recognize my keyboard (its a zboard?) I also tried MSconfig but i did not find a boot.ini tab like the instructions said to locate.

    I tried "del I:\WINDOWS\system32\memsys.dll" and "del I:\WINDOWS\system32\winup.exe" in the command prompt but it said the file was not found. The combofix.exe is an old virus program i used but i deleted it anyhow. Anything else i should try or must i buy a new keyboard?

    Could you explain what exactly HostsXpert does and what it did for me? I read the explanation but i don't understand too well.
     

    Attached Files:

  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    NO! We give you plenty of free and very good antivirus choices in one of our sticky threads. See this: How to Protect yourself from malware! It also give a few good free firewalls.

    I will give you steps below to try and delete the files.

    It is not an anitvirus program. It is a specialty tool for removing certain malware. However yours may have been infected. In addition it does not pay to keep old versions around since the program is updated frequently and you always need to use the current version. But it should only be used when recommended by an expert because as I said it is a specialty tool.





    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Check the 'Input script manually' box.
    • Click on the magnifying glass icon.
    • Copy everything in the Quote box below, and paste it in the box that opens:
    • Now click the 'Done' button.
    • Click on the traffic light icon and OK the prompt.
    • You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt
    Now run Ccleaner!

    Now attach the below new logs and tell me how the above steps went.

    1. Avenger
    2. ShowNew
    3. HJT


    Make sure you tell me how things are working now!
     
  6. zompton

    zompton Private E-2

    That avenger is a nice program, thanks. Its seems to have cleared the files...
     

    Attached Files:

  7. zompton

    zompton Private E-2

    I forgot to run CCleaner before i made those log files. I ran CCleaner now, shall i re-make the log files? Im also trying to install one of the recommended virus scanners but its says i have "trend micro anti virus" already installed. Thats is the online virus scan i have been previously using, but i cannot find its files or find it in add/remove program. Should this be a problem since its only an online virus scan? Can i just continue to use that rather than install anti virus on my computer?
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not necessary.

    You do not have TrendMicro installed. You do have left over from HouseCall you could delete. Delete the below folder:
    I:\Documents and Settings\Patrick Clifford\.housecall6.6

    Which antivirus were you trying to install? Try again after removing the above folder. An online scan is not the same as a full antivirus application so it should not matter if you have run an online scanner.

    No!!!!!! You need an active antivirus program to protect you. An online scanner provides no protection.

    You also need to uninstall the below old Sun Java Version.
    Java(TM) SE Runtime Environment 6
     
  9. zompton

    zompton Private E-2

    Im installing the PC Tools Anti-Virus. I deleted that folder and it still gave me the same message, but I installed it anyways since its not actually an AV program. Thanks alot for all the help.
     
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. If you are not having any other malware problems, it is time to do our final steps:
    1. If we had you run Avenger, you can delete all files related to Avenger now.
    2. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    3. If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    4. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds