windows crash after following malware remove directions

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by archenstone, Dec 23, 2010.

  1. archenstone

    archenstone Private E-2

    Hi everyone, I went through the instructions in the remove malware section. Unfortunately I can not get root repeal or mgtools to works. Furthermore I am having booting issues [I'm in safe mode right now] If I need to move this to the software forum just let me know.

    Anyways here are logs. I'm hoping you can help me.

    last thing deleted mohccak.sys. It was in my drivers and deleted by Avast.

    OS: Windows 7
    Status: Fully updated
    I added the dump file for good measure. the zip is really 7z as thats the program I used ^^; I hope thats okay
     

    Attached Files:

    archenstone, Dec 23, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Did you disable Daemon Tools as requested in step 6 of the READ & RUN ME? If not, do so right now.

    Also did you set MSconfig to Normal Startup as requested in step 4 of the READ & RUN ME? If not, do so right now.

    What is the below? And why is it running from the Windows folder??? It is not part of Windows and should not be here!!
    "Aero Explorer"="c:\windows\Fullglass.exe" [2009-12-31 484319]


    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Dec 23, 2010
    #2
  3. archenstone

    archenstone Private E-2

    http://windows.microsoft.com/en-US/windows7/products/features/aero
    aero explorer is a feature of windows 7. It makes things pretty but sometimes I turn it off. It can get annoying.

    I had disabled daemon tools...but I will rerun the combo fix with the txt file you listed and post results

    As an update...my computer has since booted normally. The last time I booted up and logged in I didn't see the crazy 5141.exe 641.exe etc etc in task manager that had alerted me to something amiss. I'm used to malware being sneaky...not blatantly showing itself XD. But I doubt all the bugs are gone. Thank you for your quick reply chaslang.

    after typing this I figured I'd just go do it before sleep. Combofix ran through with the nice little script addition. Pc restarted, blue screened, then booted normally.

    mgtools worked this time hooray! Zip included
     

    Attached Files:

    archenstone, Dec 23, 2010
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You still did not put your PC into normal startup mode with MSconfig as I requested in my last message and also in step 4 of the READ & RUN ME. You need to do this.

    Your logs look much better but there is one leftover item that did not get removed so let's try another fix.

    I very strongly recommend that you stop loading utorrent at startup. It is opening up many connections to your PC from the internet. If you really need this program ( not recommended) then you should only run it, when you want to use it and not allow it to always be running.


    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


    Now attach the below log:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: Dec 24, 2010
    chaslang, Dec 24, 2010
    #4
  5. archenstone

    archenstone Private E-2

    thank you for your hard work, I had to leave over the holidays so I had simply reinstalled the OS...since it was a near fresh install that became infected. I thought I should at least let you know what I did. Since reinstalling the OS again, I immediately got a firewall, did not install utorrent, and added some firefox plugins to block scripts from sites I don't trust. I warned my fiance about playing in certain sites too.... since it acted up after he touched it.

    But once again, thank you! I had forgotten to do normal startup like you said, but with me having to leave for an extended period I just felt like I needed to wipe it.
     
    archenstone, Dec 29, 2010
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Dec 29, 2010
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds