removal of smitfraud

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by legolass, Aug 3, 2008.

  1. legolass

    legolass Private First Class

    Hello!
    I used your Smitfraud removal tool, and it seems to have worked at least as far as enabling me to sign into MajorGeeks, which I was unable to do before. I couldn't start a thread, so I saved my rapport logs to My Documents, and am attaching them to this post.

    Altho' I am able to now log into things like here and my email, when I ran A2, it still found a Hoax file, which it seems to have deleted. I understand this is still part of the Smitfraud thing. Do I need to do anything else to get rid of this @#$%^ thing?
    Thanks for your help.
     

    Attached Files:

  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That is only the first log from SmitFraudFix. You need to attach the log from step 2 which actually attempts to remove problems. Did you run the second part?


    Also if you are still having problems, please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

    READ & RUN ME FIRST. Malware Removal Guide


    Note: If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

    Starting your computer in Safe mode
     
  3. legolass

    legolass Private First Class

    Hi! Here is the second part - I guess I didn't attach it properly. I am going thru' the Read Me stuff, and I got scared when my scan picked up the problems.
    Thanks!

    I can't seem to get the file attached. I will review How to Attach and try again!
     
    Last edited: Aug 3, 2008
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Don't worry about the other log from SmitFraudFix. The READ & RUN ME logs will be much more useful anyway. Also please do the below anytime before running the Spybot part of the READ & RUN ME.


    Download HostsXpert and then follow the below steps.
    • Unzip HostsXpert.zip
    • It will create a folder named HostsXpert in whatever folder you extract it to.
    • Run HostsXpert.exe by double clicking on it.
    • Click the Make Writeable? button if seen. If you only see Make ReadOnly? , it is already set properly.
    • Click Restore Microsoft's Hosts File and then click OK.
    • Click the X to exit the program
     
    Last edited: Aug 3, 2008
  5. legolass

    legolass Private First Class

    Hi! I'm in the file, but there is no Make Writeable button, only a Make ReadOnly? button. Does this mean it's already in Writeable mode and that I should continue with your instructions?
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes it is already writeable. They changed how the program works and I have now updated my procedure (thanks for letting me know of the change). Just continue.
     
  7. legolass

    legolass Private First Class

    Hi! I'm attaching my logs after running the READ ME operation. I'm not sure if everything is OK. My computer is working OK, but there were some things in the scans. More logs to follow.
    Thanks!
     

    Attached Files:

  8. legolass

    legolass Private First Class

    OK, here's the last one. Please let me know what to do next, and if/when I should remove all the stuff I installed. Also, I now have two IE icons on my desktop - is it OK to delete one?
    Thanks very much for all your help and patience!
    Legolass
     

    Attached Files:

  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    We have a little more to do. First let's cleanup after Symantec.

    Then run this Norton Removal Tool (SymNRT) then immediately reboot your PC and then repeat this step again!!



    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...80/&filename=jinstall-6u7-windows-i586-jc.cab
    O18 - Protocol: bw+0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw+0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw-0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw-0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw00 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw00s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw10 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw10s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw20 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw20s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw30 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw30s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw40 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw40s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw50 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw50s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw60 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw60s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw70 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw70s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw80 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw80s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw90 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bw90s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwa0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwa0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwb0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwb0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwc0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwc0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwd0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwd0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwe0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwe0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwf0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwf0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwg0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwg0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwh0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwh0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwi0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwi0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwj0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwj0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwk0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwk0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwl0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwl0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwm0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwm0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwn0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwn0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwo0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwo0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwp0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwp0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwq0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwq0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwr0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwr0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bws0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bws0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwt0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwt0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwu0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwu0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwv0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwv0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bww0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bww0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwx0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwx0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwy0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwy0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwz0 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: bwz0s - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
    O18 - Protocol: offline-8876480 - {0DA3E25C-7919-47DA-A9A3-AAF2D11A87A0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

    After clicking Fix, exit HJT.

    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  10. legolass

    legolass Private First Class

    OK, Chaslang, let's just PRETEND that I have no idea what I'm doing, so that you won't roll on the floor laughing at this question: I can find MGtools.exe on my C drive, but not MGtools/analyse.exe. How do I access that, and, while we're at it, how do I select the lines once I have?
    Sorry.
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    How are you finding MGtools.exe? I assume with Windows Explorer. Just look for the C:\MGtools folder and double click on it to get into the MGtools folder. There you will find analyse.exe (along with many other files).
     
  12. legolass

    legolass Private First Class

    Hi Chaslang! OK, I found the file, but not sure how to select the lines. Please help! Thanks. And stop laughing!!!
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This is me: :-D:-D:-D:-D:-Droflmao

    Just click the check box.
     
  14. legolass

    legolass Private First Class

    Hi Chaslang - you have such a contagious laugh!
    I'm attaching the MGlog thing, but I can't find the Combo log in C:. I had a bit of a problem with running it this time - when it finished, it said it couldn't find some Windows32 file. Then when it rebooted, it didn't give me any icons in the startup tray. I waited for about 10 mins, then rebooted manually because that's what it said to do in the original instructions. My icons came back EXCEPT FOR AVAST, although it seems to be installed. And now I can't find the log file, which, incidentally, it didn't mention when it ran. So what's next??

    Almost forgot - I did get a success message on the registry thing!
    Legolass
     

    Attached Files:

    Last edited: Aug 5, 2008
  15. legolass

    legolass Private First Class

    Hi Chaslang! I also noticed earlier today that my clock is still in hundred hours, so I guess that didn't change back after Combofix ran, either. Thanks for any assistance.
    Legolass
     
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This is because ComboFix never really finished running which is also why you did not get a log. It does not matter anyway since the fix worked based on your logs which are clean.

    You can fix your clock from Control Panel ->Regional and Language Options and then on the Regional Options tab click the Customize button then on the next form click the Time tab. Then change the Time format to what you want. It explains there what the lower case and upper case letters will do. Upper case H is giving you 24 hour clock settings.


    If you are not having any other malware problems, it is time to do our final steps:
    1. You can uninstall SUPERAntiSpyware now.
    2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combo-fix folder from combofix.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
  17. legolass

    legolass Private First Class

    Hi Chaslang!
    Everything seems to be OK. I went thru' all the above, but have a question re SunJava. I am trying to 'empty the Sun Java cache' - not sure what that means. I located the Java icon under Other Control Panel Options, but when I tried to rightclick to open it, I got a message saying that it couldn't open because it can't find c:/ProgramFiles/Java/jre1.6.0_07/bin/javacpl.exe. What does this mean, or is this a software question?

    Thanks again for all your help. I think it's time that the prevailing image of the lonely computer geek, sitting pecking at the keyboard into the wee hours, be replaced by something more suitable: how about a geek in shining armour, still pecking away, but surrounded by a host of happy, grateful people - one of whom is ME!!:wave
     
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Yes it is a Software Forum question. If the version of Sun Java you have installed is still 6 Update 7 then that file is supposed to be in that folder. Did you check to see if the file is there? You may need to reinstall or you could update to the Beta version which is version 6 Update 10 available from the link given in step 1 of the READ & RUN ME.
     
  19. legolass

    legolass Private First Class

    Thanks again, Chaslang. Now I just have one more thing (PLEASE stop rolling your eyes and remember how grateful I am).

    As per your helpful sticky, I disabled Guest acct, put the kids on restricted user, etc. Then I shut down for the night. This a.m. I started running all my scans (WinDef, Malawarebytes, Spybot). They didn't find anything. Then I updated and immunized Spyware Blaster, then ran a-squared. That found 2 things. I have quarantined the items and attach the report. Should I delete these? Thanks for your advice.
    Legolass
     

    Attached Files:

  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I suggest that you uninstall A-Squared as it is way to prone to false positives which is what those are.
     
  21. legolass

    legolass Private First Class

    If I hold down the Thanks button for a while, will it send you the million thanks you deserve? I've faithfully done everything you suggested, and am now :celebrate.

    Sincerely,
    Legolass
     
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds