Trying to clean up dad's laptop

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ONEEYEMAN, Sep 30, 2015.

  1. ONEEYEMAN

    ONEEYEMAN Corporal

    Hi,
    My parents cam to visit and brought their laptops with them.
    One laptop I was able to fix, the other I couldn't.

    Just finished R&R. Here are the logs.
    Unfortunately they will be leaving soon back home, so I'd like to take care of this ASAP.

    Thank you.
     

    Attached Files:

    ONEEYEMAN, Sep 30, 2015
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Re run Hitman Pro and allow it to remove all that it finds.
    Re run Malware Bytes and have it fix what it finds too, there may be more.


    Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

    • cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
    • nwktst<-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
    • GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
    • ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
    • analyse <-- this attempts to run HijackThis. Be sure to click the Accept button twice in the license agreement popup or it will just sit there and wait.
    Now look for the C:\MGlogs.zip file and attach it no matter what happened while doing the above.
     
    Kestrel13!, Oct 2, 2015
    #2
  3. ONEEYEMAN

    ONEEYEMAN Corporal

    Kestrel13!,
    I re-run the scanners and fixed everything it found.
    Then I ran the batch files that you asked. The only issue I had was:

    Code:
    C:\MGtools>shownew


ShowNew.bat    - 08/06/2015 Version 3.20


    ************************** WARNING **************************
     If you see a popup saying that:

          SteelWerX WhoAmI application has stopped working

     do not click the Cancel button that first appears.  Wait for
     the Close program button to appear and click it to continue
    ************************** WARNING **************************

    Scanning please Wait.
Access is denied.
    ============= Finding copies of actxprxy.dll
    ============= Finding copies of beep.sys
    ============= Finding copies of csrss.exe
    ============= Finding copies of ctfmon.exe
    ============= Finding copies of eventlog.dll
    ============= Finding copies of explorer.exe
    ============= Finding copies of kernel32.dll
    ============= Finding copies of lsass.exe
    ============= Finding copies of netlogon.dll
    ============= Finding copies of ntfs.sys
    ============= Finding copies of powrprof.dll
    ============= Finding copies of proquota.exe
    ============= Finding copies of regedit.exe
    ============= Finding copies of scecli.dll
    ============= Finding copies of services.exe
    ============= Finding copies of spoolsv.exe
    ============= Finding copies of svchost.exe
    ============= Finding copies of termsrv.dll
    ============= Finding copies of userinit.exe
    ============= Finding copies of user32.dll
    ============= Finding copies of winlogon.exe
    ============= Finding copies of ws2_32.dll
    Checking for .COM files to Delete. They will only print if deleted

    Listing COM, DLL, EXE, and SYS file in C:\WINDOWS
    Locating COM files in C:\WINDOWS\system32 - recursive
    Locating DLL files in C:\WINDOWS
    Locating DLL files in C:\WINDOWS\system32 - recursive
    Locating EXE files in C:\WINDOWS
    Locating EXE files in C:\WINDOWS\system32 - recursive
    Locating SYS files in C:\WINDOWS
    Locating SYS files in C:\WINDOWS\system32 - recursive
    Zipping newfiles.txt
    Finished Zipping newfiles.txt
    Zipping ffdata.txt
    Finished Zipping ffdata.txt
    Zipping winfiles.txt
    Finished Zipping winfiles.txt

    All finished with ShowNew.  The log is in C:\MGtools\newfiles.txt
    Also, I'm attaching the "analyse" log.
    Please review.

    Thank you.
     

    Attached Files:

    ONEEYEMAN, Oct 2, 2015
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Remember I had said:

    Are you seeing a MGLogs.zip? (a new one not the one you attached at first)
     
    Kestrel13!, Oct 3, 2015
    #4
  5. ONEEYEMAN

    ONEEYEMAN Corporal

    Sorry, attached.
     

    Attached Files:

    ONEEYEMAN, Oct 3, 2015
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    What are these?

    • O4 - HKCU\..\Run: [Tetatet] "C:\Documents and Settings\Semen Korot\tetatet\tetatet.exe" auto
    • O4 - HKCU\..\Run: [Kuku] "C:\Documents and Settings\Semen Korot\kuku\kuku.exe" auto

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.


    How are things running now?
     
    Kestrel13!, Oct 3, 2015
    #6
  7. ONEEYEMAN

    ONEEYEMAN Corporal

    OK, log is attached.

    Those 2 are internet TV providers.

    Thank you.
     

    Attached Files:

    • JRT.txt
      File size:
      33.8 KB
      Views:
      2
    ONEEYEMAN, Oct 3, 2015
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    OK. Let me know how things are running please. :)
     
    Kestrel13!, Oct 4, 2015
    #8
  9. ONEEYEMAN

    ONEEYEMAN Corporal

    It still takes a lot of time to start FF. ;-)
     
    ONEEYEMAN, Oct 4, 2015
    #9
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Firefox takes a long time to fire up for me too, I usually open it then go and put the kettle on whilst it loads. Are there any actual malware problems remaining?
     
    Kestrel13!, Oct 4, 2015
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds