Tagasaurus infection

well, i downloaded some films and since then when ever i go to web mail ie .. yahoo mail; gmail; hotmail to get some secondary email my browser hangs in firefox 2.0.0.12 and i have to ctl alt del.. but other sites run well .. in ie 6 if i go to one of the above sites it runs but when ever i click on an email i get a pop saying accept or deny tagasaurus. if i click on deny i get the email message .. this happens with every email. here are the files attached from read and run me first. oh yes i deleted the movies.
i hope that u can help .. i'm at my wits end.:cry

 

o.k. so i've been bad does that mean no one is going to help?
now when i sign out of one the web mails ..its a beta version ... i get a runtime error so is it the site or am i infected with some thing nasty?
Ericbk

 

LOL

no ... however, I don't like Tagasaurus, so I've been hoping someone else would take your thread.

abri

 

Thank you: i'll sit tight and wait.
thanks.

 

Hi erikbk,

1) Did you have Zone Alarm disabled when you ran Combofix? If you had it running normally, please uninstall it and reinstall it.

2) Go to add/remove programs and uninstall the below:

Java(TM) 6 Update 2
Java(TM) 6 Update 3
MONyog Trial 1.1<---- do you know what this is?

3) Reboot after uninstalling the above.

4) Install the current version of Sun Java from: Sun Java Runtime Environment

5) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

6) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

If you already uninstalled MONyog via add/remove programs, this entry may not be here. If you did not uninstall it via add/remove programs and it's something you want to keep, then don't fix it here!

O23 - Service: MONyog - Unknown owner - C:\Program Files\MONyog\bin\MONyog.exe

After you click fix, just close hijackthis.

7) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

7) Now run CCleaner in the default setting with the Windows tab as the one on top.

8) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

thank you.
now firefox works in Classic view in Yahoo.com but as soon as i go to beta it hangs. there was a notice when i went to the site that they were experiencing trouble though. in ie 6 no problem except when signing out "runtime error" could be their site??:confused
any way here are the files:
not sure what to do next so i await your response.
thank you again,
Ericbk

 

Hi ericbk,

Please do the following:

1) Download and install Erunt. Use it to create a backup of your registry.

2) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Let me know if you get a success message after you run this and then tell me how your computer is doing?

abri

 

perhaps i spoke to soon. i rebooted after the last set of instructions avenger etc
and now i don't seem to have the problem. as i'll be snowed in this weekend i'll test the sites more often before i continue with your last set of instructions.
i'll let u know what happens. or should i do what u asked above and back up registry etc.
Ericbk

 

These two entries should be fixed and it would be a good idea to do the backup with Erunt before you run the registry patch. I delayed having you fix them because I had a question about them, otherwise I would have given you the patch in an earlier post.

Let me know if you get a success message with this.
abri

 

so now firefox is running well .. no hanging and loading and surfing faster.
but ie still gives run time error but only with yahoo mail not gmail nor hotmail.
what next? i don't use ie much .. only started using it since firefox was hanging before, so i could get email.
ericbk

 

Hi ericbk,
I'm not sure what this is. Please post in the Software Forum and see if they might have some ideas about it.
If you're not getting the Tagasaurus warnings anymore, please go ahead with the final cleanup instructions. You may wish to wait with the the restore points until you've posted in software.

abri

 

thank you arbi. i have done what u asked but when i made a restore point the pc didn't ask to restart. so i did it from again from start; help; and still no reboot.
monyog is a php editor much like drmwvr is a html editor.
thank you again
Ericbk

 

Hi ericbk,

You can just do the reboot manually. Turn off system restore. Reboot. Turn on system restore.

abri

 

Thanks Abri but one other thing if i may. my clock on the task bar is now 24 hr time .. i can't seem to figure out how to get it back to 12 hour time?

 

Hi ericbk,

Go to Start / Control Panel / Regional & Language

On the Regional Options click on Customize and then click on the Time tab.

Set the time the way you want it.

abri