Trojan.Win32.Genome.fwob / Windows XP

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by camez, Mar 27, 2014.

  1. camez

    camez Private E-2

    Greetings, and thanks in advance to you all for your time and awesomeness. I'll thank you at the end, too, but I just wanted to say that upfront, because regardless of how this turns out, like if my computer ends up melting from oldness and neglect, I just want you to know that I'm grateful that this option even exists in the first place.


    • Windows XP 32-bit
    • My computer slowed beyond its usual slowness, about October-? It's hard to remember because the changes were gradual and subtle, and with an old computer, nothing seems that weird. Firefox got slower and slower (also not that weird) and it was making me crazy.
    • I think it all started when I noticed that even though I had uninstalled AVG and its toolbar, there were (ARE) still a lot of files that I could not remove, temp files and .dll files, that I thought were causing the problems. That's why I was trying to do anything possible to remove them, notably the SlimCleaner shred, which never, ever worked on the AVG files.
    • I started downloading all kinds of cleaners and tools, MWB, Hitman Pro, CCleaner, Rogue Killer, RevoUninstaller, and SlimCleaner.
    • I really liked SlimCleaner (ironically, that's what the Trojan appears to have been attached to), but probably went a little crazy with the cleaning. 'Over-enthusiastic registry key purging' is what I'll call it.
    • Now, my computer has gone crazy, helpctr.exe can't be found so I couldn't open System info, I changed the startup items, so now I get what seems to be a fake System Configuration Utility message (at the end, the checkbox says, "Don't show this message...when Windows start." No 's' at the end of 'start'. Good one, guys.), and I have to battle to get on the internet, switching between the wireless card and a fob thingy, and using my phone as a hotspot.

    Speaking of internet, I couldn't get on at the time of the MWB updates, so I did the steps in this order:
    1. RK
    2. MWB (w/o updates)
    3. TDSS
    4. Hitman
    5. MWB (updated; and same results as first scan)
    6. MGTools



    Attached are my files.

    Standing by...
    Camille
     

    Attached Files:

    camez, Mar 27, 2014
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode. Things can hide from us in selective start up so prefer normal mode.

    What Hitman is finding is not malware, so do not have it fix anything.


    Please download AdwCleaner by Xplode and save to your Desktop.

    • Double click on AdwCleaner.exe to run the tool.
    • Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Attach the logfile to your next next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


    Now do this: Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
     
    Kestrel13!, Mar 27, 2014
    #2
  3. camez

    camez Private E-2

    Excellent! Thanks.

    Here are the files.
     

    Attached Files:

    camez, Mar 27, 2014
    #3
  4. camez

    camez Private E-2

    oooh, hang on. I forgot to switch to normal startup.

    I'll change the start-up mode and then re-run the scans.

    Be right back.
     
    Last edited: Mar 27, 2014
    camez, Mar 27, 2014
    #4
  5. camez

    camez Private E-2

    Okay, re-run.
     

    Attached Files:

    camez, Mar 27, 2014
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there.

    Re run Hitman and attach the log.
     
    Kestrel13!, Mar 28, 2014
    #6
  7. camez

    camez Private E-2

    Hai.

    Here 'tis.
     

    Attached Files:

    camez, Mar 28, 2014
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Can you let Hitman delete just this one:
    Then afterwards, rescan with it and attach the newest log please.
     
    Kestrel13!, Mar 28, 2014
    #8
  9. camez

    camez Private E-2

    Voila
     

    Attached Files:

    camez, Mar 28, 2014
    #9
  10. camez

    camez Private E-2

    uh oh. I think I have to take a nap before work. I slept somewhat before but I stayed up late/woke up early because I really didn't want to miss you. But I'm like a zombie right now and have to go back to sleep for a couple of hours.

    Maybe we have pretty different schedules. I generally work from 10-6 CST, Mon-Fri. hmm. Well, I guess just let me know what happens now. Do you guys swap cases sometimes for logistical purposes, or do you and I just write each other a message once a day until things are resolved? It seems like that could span a lot of days, though. My freelance stuff is all on my computer that has the issues. ugh.

    I'm so bummed. I so don't want to bring my computer to a place. Not just because of the money, but because I don't want a stranger fishing around in my computer, doing random things. I'm not going to learn anything if my computer's at the shop and I'm at home and not involved in the process on any level.

    oh i'm going to cry. Please tell me what happens next.

    Thank you for your help, Kestrel 13. :)
     
    camez, Mar 28, 2014
    #10
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there. I'm sorry things are not moving as quickly as you might like, but I am in the UK, so we at opposite ends of the scale. I do not permanently sit at my PC. You will find though, it's been more than just one post a day from each of us. ;)

    I am not finding any malware in there, and neither is Hitman now. Please explain, briefly, in bullet points or something, what exact malware issues you're having. :)
     
    Kestrel13!, Mar 28, 2014
    #11
  12. camez

    camez Private E-2

    Hi,

    Here are the things that were happening:

    • slow boot/response in general. long program load times, even if nothing else is open
    • helpctr.exe won't load--Windows can't find it
    • moved from default wireless to another network in the area (an HP laserjet printer that I've never seen in the list of avail networks before. ??) and have to fight to get back on, and sometimes can't. this has never happened before and is freaky
    • the sound disappeared for a while, and now I can't remember how I got it back. all this troubleshooting started last Saturday. I've read and done a lot of things, but didn't start taking notes or screen shots till Tuesday or so.
    • that fake trojan file was also on my macbook, which shares the wifi (but has like 1/15 of my stuff). I read a bunch of stuff and then put Avast on the mac, and used bitdefender, which deleted the file without asking me what I wanted to do with it. I know (now) that macs can't be harmed by .exe files, but it, too, is acting slow and weird at times

    That's all I can remember for the moment.

    I ran the Check Disk tool, once for each option (Automatically fix... and Scan for and attempt recovery...), and things don't seem that different.
     
    camez, Mar 29, 2014
    #12
  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    The problems that are left, are topic for the software forum. :) I've done all I can for you here in this forum.

    Best of luck!

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

    7. After doing the above, you should work thru the below link:
     
    Kestrel13!, Mar 29, 2014
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds