TR/Rootkit.Gen Trojan Removal

IMHO - to be truly well-versed in understanding and using the various tools to detect malware/ analyzing the logs they produce/ proper and complete malware removal techniques involves formal training.

I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

Thanks for your patience.
dr.m

 

Hello, Topspeed

The tools took care of the malware - just a couple of things to do:

Referring to the READ & RUN ME FIRST. Malware Removal Guide

• There are two anti-virus programs installed
  • AVG Free 9.0
  • Avira AntiVir Personal - Free Antivirus
• No Java installed

The desktop is the wrong place to have this: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe. Please delete it or move it elsewhere.

If you choose to keep Avira AntiVir Personal, then use Add/Remove to uninstall AVG Free 9.0 > go here AVG Remover > download the AVG Remover(32bit) (avgremover.exe) > run it and re-boot > run it again.

Now open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!

Then install the latest Sun Java Runtime Environment

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

Safe surfing!

 

To answer your questions in order:

1)

2) MSVCR71.dll is present on your machine - it's shown working with C:\Program Files\Common Files\Microsoft Shared\Works Shared, Photoshop Album Starter Edition, and Microsoft.NET\Framework. I would suggest that you post in our Software Forum about repairing your Logitech software.

3) Your machine should always be in Normal Startup Mode unless you are trying to diagnose problems -- msconfig should not to be used to permanently control startups.

4) Recent bugs in many antivirus programs are detecting MGTools as malware... as explained in the Windows XP Cleaning Procedure
The other warnings from Avira are not problems and many av's will give that same report/warning.

AVG Free 9 is a combined antivirus and antimalware engine, LinkScanner, and also provides e-mail scanning. You should NOT have two anti-virus program installed on your machine. I personally use Avira along with other layered defenses suggested in the How to Protect yourself from malware! link.

5) Info on "WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe" is found <click here>. A better location for this file save would be somewhere like "C:\Users\<your useraccount>\Downloads".

6) Running the steps in our "Final Cleanup" will remove the tools and logs you no longer need.

dr.m

 

You're very welcome, Topspeed.

No action is needed when you receive a warning from Avira AntiVir about C:\pagefile.sys.

*Pagefile (swap file) defined:
http://searchcio-midmarket.techtarget.com/sDefinition/0,,sid183_gci214300,00.html
http://searchwinit.techtarget.com/sDefinition/0,,sid1_gci213077,00.html

See you around the forums!
dr.m