Read & Run, Cleaning Completed - Looking for Review 1/2

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by madtownryan, Mar 4, 2009.

  1. madtownryan

    madtownryan Private E-2

    Good evening,

    A few months back one of our two computers (the lesser used) was infected with GetModule and Gadcom. McAffee claimed to have caught one of them but I wasn't so sure.

    I finally got around to reading your amazing instructions and executing them step-by-step. No exceptions. What I found was startling to say the least though not surprising; all sorts or spyware and malware.

    I would greatly appreciate review of the attached files. I hope I am following the correct procedure (1st time posting). A second post with similar name contains the other three files.

    Look forward to your resonse!
     

    Attached Files:

    madtownryan, Mar 4, 2009
    #1
  2. madtownryan

    madtownryan Private E-2

    OK, I think I figured this out in time. Second set of attachments is posted in a reply in the same thread.

    Thanks!
     

    Attached Files:

    madtownryan, Mar 4, 2009
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Thanks for you patience during this time.

    In the meantime: whilst I check your logs over: Please ensure that you follow the below:

    You are way out of date with your version of SUPERAntiSpyware. So just to be safe, you should get the current version installed and run a new scan. It may come up clean but it is better to be safe than sorry.

    • Please uninstall your current version (this is necessary).
    • Then download this SUPERAntiSpyware
    • Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
    • After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
    • Now run a new full scan of your system. And attach this new log.


    Kes13!
     
    Kestrel13!, Mar 7, 2009
    #3
  4. madtownryan

    madtownryan Private E-2

    Thank you so much! I have to leave in about 15 minutes to return later this afternoon. I will download the most current version and repost as soon as I can.

    I really thought I checked for updates before running all programs...oops.
     
    madtownryan, Mar 7, 2009
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    No Problem :) Also we have to clean up some remnants left behind from Symantec. But I'll include instructions for doing that in my next post.

    Kes
     
    Kestrel13!, Mar 7, 2009
    #5
  6. madtownryan

    madtownryan Private E-2

    Uninstalled and then reinstalled most recent version of SUPERAntiSpyware. New log attached.

    Just an FYI for the future in case somebody else claims the same; SAS did in fact check for updates immediately following the installation and claimed to have updated successfully. However, the program did not have a recent recent definitions file on its main program page. I then checked for updates once SAS was running and everything worked perfectly.

    Thanks again, look forward to your response.

    Ryan
     

    Attached Files:

    madtownryan, Mar 7, 2009
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Looks like the scans took care of everything.

    1) Please go to Add or Remove programs and uninstall the following softwares:

    • J2SE Runtime Environment 5.0 Update 6
    • Java 2 Runtime Environment, SE v1.4.2
    • Java 2 Runtime Environment, SE v1.4.2_05
    • Java 2 Runtime Environment, SE v1.4.2_06
    • Viewpoint Media Player <--- as per requested in step 1 of the R&R.

    2) Please use Windows Explorer to find and delete the below directory and it's contents:

    and also delete some combofix remnants:

    C:\32788R22FWJFW

    3) Please give the Norton Removal Tool (SymNRT) a run > reboot your machine and then run it again for good measure.

    4) Install the most current and up to date version of Java available here at the below link:

    Java Runtime 6

    5) Now Run Ccleaner!

    6) Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now.
     
    Kestrel13!, Mar 8, 2009
    #7
  8. madtownryan

    madtownryan Private E-2

    Was the 'Gator.com' a suggestion or an identified directory? I have not been able to locate it. I am missing something or a different than normal way to seach and delete for a directory?

    Thanks.

    I will post updated files on my next post.
     
    madtownryan, Mar 8, 2009
    #8
  9. madtownryan

    madtownryan Private E-2

    Followed all steps, though I couldn't locate the Gator file you described.

    Will await further instructions.

    Thanks!
    Ryan
     

    Attached Files:

    madtownryan, Mar 8, 2009
    #9
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.


    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    Kestrel13!, Mar 11, 2009
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds