VirusBuster goldcodec 753 removal question

Hello gurus:

I got the Virus Bursters malware on my PC quite some time ago and, on my own, found the Smit fix and applied it. Then I came to this site and discovered that you are supposed to do a more thorough process to make sure that your PC is completely clean of the malware. Unfortunately, I have been so extremely busy over the past year that I have not had time to follow the instructions posted here, but I finally found time to get back to it today.

The question is this: The instructions posted here for the Smit fraud fix (i.e., Virus Bursters) assume that the end user has not taken any action yet to clean his PC, but I ALREADY have run the Smit fix and it seemed to take care of the problem. So at what step am I supposed to begin? Your instructions say to run hijackthis, reboot into safe mode, run hijack this again, make note of the items in the log file, and then run the smit fix and then do the online scan. But if I've already run the Smit fix, at what step in this process am I supposed to begin with now in order to make sure my PC is clean?
Thanks for your help.

 

Welcome to MajorGeeks.com!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

Read & RUN ME FIRST Before Asking for Support

 

You mean, you want me to run the Smit fix again?

 

Not at this point, right now I need you to read and follow the instructions in the READ ME as given in my previous post. I need you to attach the file "MGLogs.zip" created by running MGTools from the READ ME.

 

I did read those instructions actually. They said that I should go to the instructions specifically written for the particular problem that I have, i.e., Virus Busters. So that is what I did. And THAT SET OF INSTRUCTIONS said that I have to run hijack this, the smitfraud fix and then do a few other things (I may be mistaken, but I don't remember that particular set of instructions saying anything about MGLogs.zip).
So my question was: Since I ALREADY HAVE run the smitfraud fix in the past, should I follow all the instructions from beginning to end once again, or start at a certain point from the beginning, e.g., after the smitfraud fix is run?

Don't misunderstand: I'm happy to do whatever you think I should do. I just want to make sure that you understand my unique situation, so that I do the right procedure for it. Thanks.

 

I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

ATTACH THE FIRST LOG NOW BEFORE CONTINUING OR YOU WILL OVERWRITE IT!!!! And then immediately continue on to the below steps.

How are things working now?

 

bjgarrick:

Thanks for your help with this. Here is my rapport.txt

 

I need the log from the second scan, using Option 2.

I also need MGLogs.zip created by running MGTools from the READ ME.

 

Ok. Here's my rapport.txt after doing step 2.
I'll go and do that MGTools procedure now.

 

If you have Windows XP, read from the below thread and you will see the MGTools.

Windows XP Cleaning Procedure

 

bjgarrick:

Thanks for your help with this.
Please stand by. I don't have a lot of free time so I may have to spread this procedure out over a couple of days, but I WILL get to all of it.

 

bjgarrick:

Ok, I just completed the entire procedure described in your post.
I did; however, encounter 2 problems:
1. After running the AVG Antispyware scan, no report was created, even though I selected the option to create one.
2. I could not find a EnableUAC.reg file.
I don't know how significant these problems are.
Anyway, here is the zip file you asked for.
Thanks again for your help with this.

 

bjgarrick:

Do you have a diagnosis for me? Thanks.

 

See the thread below and attach the requested logs.

Removing Zlob aka SmitFraud, SpySheriff, Infections

After you complete the above, run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this

 

Here's the first rapport.txt

 

Here's the 2nd rapport.txt

 

Here's the MGLogs.zip.

BTW, how much longer do you expect these tests to take? Will I have to run many more of them?

 

First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.

Step 1:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed.

Step 2:
Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.

Step 3:
Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Step 4:
Next Reset Web Settings & Default Security Settings

Note for IE 6 users:
To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites. For IE 7 users, simply click the "Reset all zones to default level" button.

Note for IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.


Step 5:
Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

Step 6:
Finally, I would like you to install the current version of Sun Java: Sun Java Runtime Environment

Step 7:
Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

bjgarrick:

Thanks for your help with this.
Here is the MGlogs.zip.
The PC seems to be running smoothly.
The only problem I encountered is that I do not know what you mean by the "Avenger log."

Can you tell me how things look so far, based on the logs I have sent? Does it look like I had any malware left on my PC?

 

Your logs are clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete C:\MGlogs.zip
10. If you are running Windows Vista, Windows XP or Windows ME, do the below:
    • Disable and Re-enable System Restore
    • Follow the link above to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

bjgarrick:

So does this mean that I'm all done; that I'm completely clear of nasty Malware?

 

bjgarrick:

You wrote:
"go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points."

Where exactly is this? I do not even see a Step 8 in the READ & RUN ME post.

 

bjgarrick:

I forgot to ask: Is it OK to reinstall the software that you asked me to uninstall in Step 1, i.e., Spybot Search and Destroy and AVG Antispyware?
After all, the thread on how to avoid Malware recommends using 1 of these tools.

 

Yes! Everything looks good at this point.

 

bjgarrick:

Thanks for your patience and fortitude with this.
Do you have an answer for my other 2 questions?
Thanks.

 

Should be Step 4 in the "Windows XP Cleaning Procedure" thread. I'll change that, thanks!

 

You can reinstall these if you like, just so you know AVG AntiSpyware is a 30 day trial so unless you purchase it, it will be useless after 30 days.

 

bjgarrick:

Thanks again. Just a few more questions please:

Whenever I open Internet Explorer, I get the message "Internet Explorer has encountered a problem and needs to close." Then I have to use the Task Manager to manually close it. I do not know why this is happening. Can you advise me please?

When I used the "A squared" software, as recommended, it detected some possibly problematic files, which it labelled as low risk.
First of all, I'm not sure if I am supposed to quarantine these files or not. What are the guidelines?
Secondly, if I do quarantine them, what needs to be done to them afterwards? Is there a thread that explains exactly how to use this software?

1 minor problem: When I was doing the System Restore procedure, after I clicked on the "Turn off system restore" check box and clicked OK, I was NOT prompted to restart the computer, as the instructions said I would be. So I had to reboot manually. This is probably not a problem, but I just wanted to bring it to your attention. Thanks.

 

Since your issues are no longer Malware related I am going to request you post in the Software Forum. Create a new thread there with the problems you're having and those guys will help you.

What is is detecting? I am not familiar with a squared so the Software Forum would be a better place to ask questions about the use.

It doesn't prompt, you have to manually reboot.

 

bjgarrick:

Thanks very much for all your help with this. It is greatly appreciated.

 

Your Welcome!

Surf Safely!:major