Problem encountered during malware removal re AVG

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by lavenderjade, Feb 10, 2011.

  1. lavenderjade

    lavenderjade Private E-2

    Hi folks
    my first post here-please allow for the fact that I am not very computer literate!! I hope you can help me :)

    I am running windows xp 32 bit. Problems first started when AVG free kept prompting me to upgrade to AVG 2011. I did this last week but ever since couldn't get on the internet at all or it took hours to load.

    My son needed internet for his homework so I uninstalled AVG from my computer, internet was then working fine. Unfortunately, my son managed to download some trojans. One said keylogger, another backdoor and some others.

    Anyway, I panicked and tried reinstalling AVG but it didn't appear to work. I had SuperAntispyware installed and that forund 3 trojans. I tried installing Avast, internet wouldn't work so uninstalled that & then tried Macafee trial and same thing.

    I found your malware READ & RUN ME FIRST malware removal on here and have followed it to the letter. All was good until I tried running COMBOFIX. An error message appeared saying AVG was installed on my computer and I had to remove it first. I couldn't find any traces of it in msconfig startup and there is nothing in add/remove programmes but when I did a search for files & folders on my computer using the term AVG, 401 files & folders were found.

    How on earth can I get rid of these so I can continue with the cleanup?

    I am assuming that simply deleting them to recycle bin is not going to work?

    I currently have no anti virus progamme installed (apart from the AVG rubbish all over the place) and as I was in the middle of the clean up, no antispware programme either-yikes!
     
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please attach the logs from running the Read and Run First instructions so we can see what is happening in your system.
     
  3. lavenderjade

    lavenderjade Private E-2

    Thank you-logs attached hopefully! I also attached the log from the avg uninstaller if this is any help.
     

    Attached Files:

  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I still need the log from running C:\MGTools.exe --> C:\MGLogs.zip.

    Will ComboFix run if you just ignore the message about AVG?


    Also you are way out of date with your version of SUPERAntiSpyware.
    • Please uninstall your current version (this is necessary).
    • Then download this SUPERAntiSpyware
    • Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
    • After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
    • Now run a new full scan of your system. And attach this new log.
     
    Last edited by a moderator: Feb 11, 2011
  5. lavenderjade

    lavenderjade Private E-2

    Oh ok thats weird as I downloaded SAS from here :-o

    ok will download updated version then attach logs. I didn't get as far as running mgtools as I was following the order to run them in and couldn't run combofix. I didn't try carrying on with combofix as the error box stated it would be 'dangerous to continue'

    Shall I run mgtools without running combofix?
     
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, just skip those items that you can't run and continue on with the instructions. What exactly did Combo say when it didn't run?
     
  7. lavenderjade

    lavenderjade Private E-2

    Error says

    ComboFix cannot run while AVG is intstalled
    This is due to AVG's targeting of combofix's files/processes
    It would be dangerous to continue

    Please uninstall AVG or use another tool



    (Having trouble running updated SuperAntispyware now as it is freezing-will keep trying)
     
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please go here and download and run the AVG Removal Tool.

    We can reinstall once you are clean.
     
  9. lavenderjade

    lavenderjade Private E-2

    That was the AVG uninstaller I downloaded previously-the log attached is the result of the uninstallation. Despite this, I still have AVG on my system apparantly, though it's not obvious (not in programmes, icon tray etc..)

    I also downloaded the 2009 uninstaller and tried that as I did used to have that version until I updated, same thing. After each one I tried running combofix again and got the same message. going to run new version of SAS now plus mgtools.

    I really appreciate the help, thank you :)
     
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Attach those two logs when you can and I will see what is happening. ;)
     
  11. lavenderjade

    lavenderjade Private E-2

    Attached 2 logs including updated SAS log :)
     

    Attached Files:

  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    AVG is proving to be problematic these days. What malware issues are you having, if any, as I am not seeing any in your logs?
     
  13. lavenderjade

    lavenderjade Private E-2

    Well, I guess thats a good thing there is nothing in the logs!

    My PC was infected with several trojans (according to windows security centre) at the time, my son clicked on a picture in google images. Trojans included backdoor and keylogger? but there seemed to be several. SAS got 3 of them but before I found this forum and started the cleanup, I did a system restore which is why they aren't showing up in any logs from subsequent scans perhaps?

    I have had spam sent to all my contacts through my email and third party activity in my Paypal account, whether these are linked I really don't know. Other main issue is that I cannot have any anti virus installed as I then cannot get onto the internet...so I currently only have SAS installed.

    I was worried that these trojans had secreted themselves in my system and therefore system is not secure!
     
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, that would have removed any infections as long as the restore point was clean. And since I am not seeing any malware, we can assume it was.
    You need to use a different computer and change all your online account passwords. Then go through your emails and delete any and all that "might" be the cause.
    AV software should not be compromising your ability to surf. Which AV software have you tried? I would suggest you use Microsoft Security Essential. You need to have an AV program!!!

    Any non-malware issues that still exist should be addressed in the software forum.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0

    Help Support MajorGeeks
    Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

    Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

    MajorGeeks on FaceBook
     
  15. lavenderjade

    lavenderjade Private E-2

    Thank you so much for all your help Tim, it is good to know I have no malware on my computer. If I hadn't asked here, I never would have been sure & would worry!

    After uninstalling AVG 11, I have tried Microsft essentials, Avast & the latest Macafee 30 day trial version. I uninstalled each before installing another but with every one, the internet won't load.

    I will address it in software though as I know this is for malware removal and I won't waste any more of your time.

    Once again, many thanks from a chilly but sunny London!!
     
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. But that is very curious that all AV software inhibits your ability to connect to the net. Do start a new thread in the software forum.

    Just to be on the safe side, try running this online scan:
    eSet Online Scan.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0

    Help Support MajorGeeks
    Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

    Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

    MajorGeeks on FaceBook
     
    Last edited: Feb 14, 2011
  17. lavenderjade

    lavenderjade Private E-2

    I ran the ESET online scan and have attached the log. It found 2 infections, though looks like it picked up MGtools as one, will that cause a problem?
     

    Attached Files:

  18. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No, it will not cause a problem when you run the clean up. Do post in the software forum as you need to get the issue with AV software resolved. :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds