Possible Malware Symptoms

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and attach the requested logs when you finish these instructions.

• **** If something does not run, write down the info to explain to us later but keep on going. ****
• Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual update Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only RogueKiller and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run the rest of the READ & RUN ME FIRST instructions on the infected account.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
​

 

Oh so you are capable of analysing all of those logs? You didn't really need us then?

 

If you attached all of the requested logs, if there was malware there we as malware removal experts would more than likely see it, but it's up to you of course. I just do not understand why you posted here really if you do not need help and you do not need your logs analysed... :confused

 

Certainly.

 

No, I am not seeing any signs of malware.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove them, you can delete these files now.
3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
   
7. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
   
   
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You would have to attach the log for us to take a peek at. I would more than likely consult with Chaslang who would know better than I.

 

Are you using a Netgear router?

FYI Chaslang is the Malware Removal forum leader. He is the author of the removal procedures and the creator of MGTools.exe

 

Well that's the IP address from your router.

 

Yes, it's normal. It's because hidden files and folders are set to show as you ran MGTools.

 

Yes.

 

Yes indeed.

 

Yes!! It's just an INFORMATION gatherer. I ALWAYS have hidden files and folders set to show anyway, it's much safer! Chaslang will be along shortly to address your query but he is extremely busy. You could always ask about it in the Networking forum if you chose to. I am definately not seeing malware in the logs that you provided me with...

 

Yes that is basically all it did. Did you run the MGclean.bat instructions Kestrel13! gave you? If so, this should have restored everything back to Windows defaults.

Perhaps you still have viewing of System Files enabled.

 

Show or hide file name extensions

 

This is not going to help. The problem is not with file extensions. The problem is with Hiding or Unhiding of protected operating system files which should be reverting back to disable ( the Windows default ) after running MGclean.bat as long as nothing stopped it from running properly. Thus see the below:

http://www.sevenforums.com/tutorials/394-hidden-files-folders-show-hide.html