Need help, completed cleaning procedure

You have a new form of malware which we are seeing more of.....unfortunately it infects system files ( and the backups in your i386 folder) so that if we tried to remove them, your system would be unbootable. I am going to give you a few things to remove that may allow you to then copy your data and files to a cd before you reformat and reinstall your OS.

download The Avenger by Swandog469, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

 

It's not a problem.....we are just trying to get the obvious malware removed so you can save your data and files before you reformat.

* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

 

Yes.....sniff, sniff...:cry I did say reformat. Look at your combo log. That indicates just two system files that are infected and from what we have seen, this means that none of your system files are trustworthy. We could have you replace them from your xp cd, but there are just too many to make that an alternative.

So copy your data and files to a cd.......then reformat.

You could try doing a system restore to a point way before this infection....and then run the scans again to see if that worked.

 

You should be able to just reformat the C drive which is where windows is located. After the reinstall to that drive, run the tools again so we can be certain.

 

No problem.....we'll be here.

 

I would recommend keeping both SAS and MBAM and run them on occasion as backup scanners. If you partitioned, make sure you include them in the scans. You can remove MGTools.exe, MGTools folder and the MGLogs.zip as well as ComboFix.

You are welcome.....and I hope you do not run into this problem again.

 

What do you mean by you "installed windows again"? Did you do a repair install or did you reformat the hard drive and install? DOing a repair installation when you have malware ( which you don't) will not remove the malware.

Your logs are clean....MBAM found one item, which is typical depending on your surfing habits. And it is why we suggest you keep it.