ran all the steps in "Read & Run Me First malware removal guide," still have an issue

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by behappy7458, Oct 18, 2008.

  1. behappy7458

    behappy7458 Private E-2

    I went through all the suggested steps within the Malware Removal Guide and Windows XP Cleaning Procedure. My issue is the "Data Execution Protection" error from Windows only when opening Windows Explorer and only on one of the three accounts on this computer. I haven't noticed this error while using any other programs. After going through all the suggested steps, I am still having the same issue. Thank you very much for the help.

    behappy7458
     

    Attached Files:

  2. behappy7458

    behappy7458 Private E-2

    Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

    Here are the other log files.

    behappy7458
     

    Attached Files:

  3. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

    [​IMG] Welcome to MajorGeeks.com!

    First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.

    Pre-Instructions:
    Print out these instructions or save them to a text file so that you can operate with All Browser Windows CLOSED.

    Step 1:
    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    Again, make sure ALL browser windows are closed when you click FIX.

    Step 2:
    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Step 3:
    Default Security Settings

    To Default Security Settings:
    For Internet Explorer 6 users:
    Click Start > Run > type inetcpl.cpl and press ENTER, when Internet Properties comes up navigate to the Security Tab and click Default Level for the following:
    • Internet
    • Local Intranet
    • Trusted Sites
    • Restricted Sites.
    Click OK to exit.

    For Internet Explorer 7 users:
    Click Start > Run > type inetcpl.cpl and press ENTER, when Internet Properties comes up, navigate to the Security Tab and simply click the "Reset all zones to default level" button. Click OK to exit.

    Step 4:
    Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main ATF Cleaner menu to close the program.


    Step 5:
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.
     
    Last edited: Oct 19, 2008
  4. behappy7458

    behappy7458 Private E-2

    Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

    Thank you for your time. All steps were performed without any problems, and I have attached the requested files.
     

    Attached Files:

  5. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

    Step 1:
    Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed.


    Step 2:
    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Step 3:
    Let's run ATF Cleaner just as you did before.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main ATF Cleaner menu to close the program.


    Step 4:
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.
     
  6. behappy7458

    behappy7458 Private E-2

    Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

    I am still having the issue of Windows Explorer closing with a "Data Execution Error". I have attached the requested files. Thank you for the assistance.
     

    Attached Files:

  7. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

    Step 1:
    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    Again, make sure ALL browser windows are closed when you click FIX.

    Step 2:
    Now we need to use ComboFix to remove a few files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Step 3:
    Next, run ATF Cleaner just as you did before.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main ATF Cleaner menu to close the program.


    Step 4:
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.
     
  8. behappy7458

    behappy7458 Private E-2

    Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

    I finally had a chance to do through the next suggested steps. It turns out that Windows Explorer is no longer giving me the "Data Execution Protection" error. Thank you very much for all your help. Am I now able to modify the startup within msconfig? Thanks again!
     
  9. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

    First, you shouldn't be using MSconfig to manage your startup entries. See the thread below.

    Dealing with Startup Processes

    Second, if you have completed the steps in my previous post then please attach the new logs I requested at the end.
     
  10. behappy7458

    behappy7458 Private E-2

    Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

    Thanks, I'll use that when I get to that point. I am still having a problem with Windows Explorer. However, this time it only gives me the error when I movie into only a couple of folders. Do I need to perform the previous suggested steps on each user's account?
     
  11. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

    No, you need to attach the new logs I requested 4 posts ago so we can move on.
     
  12. behappy7458

    behappy7458 Private E-2

    Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

    Here are the requested files. Thank you.
     

    Attached Files:

  13. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

    First, it appears you reinstalled Viewpoint Media Player??

    Pre-Instructions:
    1. First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.
    2. Print out these instructions or save them to a text file so that you can operate with All Browser Windows CLOSED.

    Step 1:
    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    Again, make sure ALL browser windows are closed when you click FIX.

    Step 2:
    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Step 3:
    Now we need to use ComboFix just as you have been.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Step 4:
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\Avenger.txt
    • C:\MGlogs.zip
    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.
     
  14. behappy7458

    behappy7458 Private E-2

    Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

    I'm not sure how the Viewpoint Media Player was installed. I will talk to the family about not installing it should the request box come up again. I am pleased to pass on I am no longer having the problem of Windows Explorer closing with a DEP error. Only time will tell! Thank you again, you have been very helpful.
     

    Attached Files:

  15. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

    Your logs are clean! I am curious about one file so let's address this quick like.

    Go to the following website and upload this file, post the results if anything is found.

    http://virusscan.jotti.org
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds