Trojan.WinREG.Disabler.h while running MGTools

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by wbaldwino, Feb 4, 2009.

  1. wbaldwino

    wbaldwino Private E-2

    Hi. I was carefully following the Major Geeks malware removal guide for Vista O/S, and while running MG Tools, Kaspersky popped-up with a severe warning that the file "c:\MGtools\temp\xlmpolexp.txt" had a trojan "Trojan.WinREG.Disabler.h". The initial Kaspersky warning asked if I wanted to delete this, and I chose yes.

    Then it came back with another critical warning stating, that "..file contains Trojan program and cannot be deleted: object is not found". It lists the same location as given above in a MGtools temp file. The only option it offers now is to "Skip: Attempt of access to the file will be blocked. File will not be changed or deleted." I have checked the C:\MGtools\temp folder and it's empty. All hidden files are exposed, per your earlier instructions in the guide.

    I haven't chosen that option yet as I want to be sure that 1)the Kaspersky warning is not a false positive (I can't find anything useful on this when I search on the internet), and 2) if this is the real thing, I'd like to leave it open to being removed from my system.

    I know MGtools would not habor any trojans. I know you guys are careful and I've never had a problem with anything from your site in the past. (BTW, thanks for the volumes of info and software you share. It's helped me tremendously in the past, and I trust your site!)

    Please help me! Between the earlier problem (which I believe is fixed but I'm using your malware removal guide just to be sure) and this one, I'm just about at that "place". I've carefully followed all the instructions for removing malware as dictated in your guide, and this was the last step. All the prior steps showed negatives for malware.

    Thanks in advance for this help!
     
  2. wbaldwino

    wbaldwino Private E-2

    Re: Trojan.WinREG.Disabler.h DOWNLOADED in MGTools????? Please help!!!

    I meant to stress yesterday that Kaspersky notified me of this Trojan while I was installing MGTools. Any history of trojans being download through MGTools? I can't believe this is a real issue, but I need some expert comment on what to do next. Is this a false positive???

    Please reply as soon as you can. Just to be sure, I'm going through the entire Major Geeks malware removal process from the beginning!
     
  3. wbaldwino

    wbaldwino Private E-2

    Re: Trojan.WinREG.Disabler.h DOWNLOADED in MGTools????? Please help!!!

    I've just completed the cleaning procedure and the files are attached. I ended up disabling Kaspersky (after I disconnected from the internet) before I ran MGTools, since Kaspersky thinks that something in MGTools is or behaves like a Trojan (I can see this).

    The logs are attached. Thanks for any help!
     

    Attached Files:

  4. wbaldwino

    wbaldwino Private E-2

    Re: Trojan.WinREG.Disabler.h DOWNLOADED in MGTools????? Please help!!!

    Here are the last two logs attached. Thanks!
     

    Attached Files:

  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Trojan.WinREG.Disabler.h DOWNLOADED in MGTools????? Please help!!!

    Kaspersky is totally offbase. That is just a temporary text file log containing a listing of a few registry keys that we use in putting together the final runkeys.txt log which is in the MGlogs.zip file. That particular file contains a listing of some keys from your HKLM Policies for Explorer. If the keys themselves were a problem, Kaspersky should have been complaining about what is in your real registry files. The text files are not problems. Simply put Kaspersky is wrong.

    Why were you running the READ & RUN ME? Were you having malware problems?

    Your logs are clean but I would uninstall the below:
    Music - 50 Free MP3 offer

    Also you should update SpywareBlaster 4.0 to the current version ( get it here: SpyWare Blaster ). And you should get something better than SpywareGuard for antispyware protection. SpywareGuard is way too out of date with the state of current malware.
     
  6. wbaldwino

    wbaldwino Private E-2

    Re: Trojan.WinREG.Disabler.h DOWNLOADED in MGTools????? Please help!!!


    First, thank you for your response. After some online research, I determined that indeed Kaspersky was in error. So thanks for your validation on that!

    Yes, I did have a malware infection, which brought me to Major Geeks (I've visited lots before). Kaspersky prompted me that something wanted access and I didn't check the details (first time) and got a trojan (IE hijacker). By the time I wrote you, I'd already run all but the MGTools. And I certainly will get better spyware. What do you recommend?

    Again, thanks for all of your help! Major Geeks is an invaluable asset for anyone who owns a computer! I deeply appreciate your expertise and passion for helping out. You guys are the BEST!!! :major

    Great good fortune to you all!!! Keep up the great work!
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Trojan.WinREG.Disabler.h DOWNLOADED in MGTools????? Please help!!!

    You're welcome.

    SUPERAntiSpyware paid version.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds