Re: Safe mode, trojans, Personal AV

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Lorihop, Aug 21, 2009.

  1. Lorihop

    Lorihop Private E-2

    Computer running slowly, started updating and running virus and spyware programs. Discovers Personal AV on computer which I followed some directions to uninstall. Now I am booting in Safe Mode with Networking as if I boot normally might take 30 min. or get to log-in and then a blank screen.

    Followed Read Me and downloaded programs.

    Ran CCleaner on all users.

    SuperAntiSpyware - nothing, stopped working screen
    Malwarebytes (changed to MB.exe) - stopped working screen
    ComboFix - stopped working screen
    RootRepeal - ran and log
    McTools - ran, rebooted, ran GetLogs.bat- log

    After running I think RootRepeal, Mozilla Foxfire gets page load error, but able to use Internet Explorer.

    Sometimes the programs crashed and gave me error 0x80000003.

    Really hope for some help, been working for two weeks on it.

    Lori H
     

    Attached Files:

    Lorihop, Aug 21, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re: Safe mode, trojans, Personal AV

    I don't know what you have done in the past, but the little amount that you have gotten in the MGLogs is not showing any malware at present. However, it is missing a few logs. Did you allow it to run to completion? Did you not get a pop up to run HJT? Did you disable all your AV and AS programs including Teatimer before you ran any of the scans?

    Please re-run the MGTools.exe and attach a new MGLogs.zip.
     
    TimW, Aug 25, 2009
    #2
  3. Lorihop

    Lorihop Private E-2

    Re: Safe mode, trojans, Personal AV

    TimW

    I am running in safe mode and as far as I can tell no AV or AS is running. I can't run Spybot to disable Teatimer.

    MGTools ran to completion. No HJT popup, but it's running in black window with C: not as usual program. Same when I run AVG which log shows downloader Trojan zlob.

    I can barely get booted up without safe mode and I don't have access to internet unless I am in safe mode.

    Thanks, hope this log helps.

    Desperate!
    Lori
     

    Attached Files:

    Lorihop, Aug 25, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re: Safe mode, trojans, Personal AV

    You are missing system files. I don't know if this is malware caused or something removed by a registry cleaner program or your AV program.

    You need to tell me exactly what AVG is reporting...the entire path.

    C:\Users\Bobby\Desktop\D.exe --> Do you know what this is? If you do, then remove it from the Avenger fix. below.
    Let's try this....download and save this XPsp3bu.exe to your C:\ root folder. You must do this properly. Now run the XPsp2bu.exe program by double clicking on it. You may or may not notice a quick flash of a black window. This is normal. The program runs quickly and just extracts some files we need.

    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract+ avenger.exe from the Zip file and save it to your desktop

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    * Run avenger.exe by double-clicking on it.
    * -Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:


    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    -
    Now run Ccleaner to clean out only temp files and nothing else!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\Avenger.txt
    * C:\MGlogs.zip
     
    TimW, Aug 29, 2009
    #4
  5. Lorihop

    Lorihop Private E-2

    Re: Safe mode, trojans, Personal AV

    Thanks for much Tim for all your hard work. I am learning a lot!

    Too bad, but I tried to install Live One Care, and system crashed, wouldn't boot and needed a repair disk. I just didn't have any way of continuing and after 2 weeks was ready to pay for repair.

    Now I am reading what to do with starting new computer and was trying to figure out if I could image it as it was set up. Also reading the forum to keep it maintained and maybe I will have better luck, although it's my son's computer.

    Keep up the good work. Many Thanks!

    Lori
     
    Lorihop, Aug 29, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Sep 2, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds