I've gone through the "Read & Run Me First malware removal guide," still problems

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by kayhanah, Sep 21, 2007.

  1. kayhanah

    kayhanah Private E-2

    I think I downloaded a virus. I went through the whole Malware Removal Guide and it found some problems, but I don't think it fixed everything. My laptop makes that loading sound constantly now and it's freaking me out!

    I'm on Windows Vista, and I have a HijackThis log, CounterSpy log, newfiles, and runkeys. I've attached three of the four on this post, and the last one in the second post. I do not have a BitDefender or PandaActiveScan log because I am using Vista.

    In case it helps, I thought I found the virus and it installed as "Video Codec" or something and I tried to uninstall it in the Programs section but it wouldn't let me. It said something like "The file could be corrupt or it could be a virus. It could be removed with the /NCRC command switch, which is not recommended." I tried deleted the files at the source manually, and I think that worked because when I tried to uninstall it again it said that it had been deleted and asked if I wanted to remove it from the programs list. I removed it, but I think the virus created another program called WebVideo Support because now I can't uninstall that and it was created today and I don't know where it came from.

    Thanks so much for your help, and let me know if any other information would be helpful.
     

    Attached Files:

  2. kayhanah

    kayhanah Private E-2

    Runkeys.txt attached.
     

    Attached Files:

  3. abri

    abri MajorGeek

    Hi Kayhanah!
    Welcome to Major Geeks!
    You do have a virus. Please be patient while we go through the logs for you and put together some instructions to remove it. This takes some time.
    Thanks.
    abri
     
  4. kayhanah

    kayhanah Private E-2

    Thanks so much!
     
  5. abri

    abri MajorGeek

    Hi Kayhanah!

    1) Please look in Add/Remove Programs for the following and uninstall them if found. If you get any errors just make a note and proceed.

    2) Now scan with HijackThis and check the boxes for the following entries:
    ( Make sure ALL browser windows are closed when you click FIX )

    3) Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save As type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.
    4)Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Check the 'Input script manually' box.
    • Click on the magnifying glass icon.
    • Copy everything in the Quote box below, and paste it in the box that opens:
    • Now click the 'Done' button.
    • Click on the traffic light icon and OK the prompt.
    • You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt
    5) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main ATF Cleaner menu to close the program.


    6) After you have completed ALL of the above in the correct order, please attach the following logs.
    • Avenger Log
    • ShowNew Log
    • GetRunKey Log
    • HijackThis Log
    abri
     
  6. kayhanah

    kayhanah Private E-2

    I went through all the steps EXCLUDING the avenger. It says "Fatal Error: Unsupported Version of Windows." I've attached the errorlog anyway.
     

    Attached Files:

  7. kayhanah

    kayhanah Private E-2

    Avenger Error Log attached
     

    Attached Files:

  8. abri

    abri MajorGeek

    Hi Kayhanah!

    Sorry! Vista - new territory!

    We need to delete the files that we couldn't delete with Avenger. We will try to delete the folders directly from Windows Explorer and then try to delete the files with Pocket Killbox. If Pocket Killbox cannot run on Vista either, then we'll try deleting them via the command prompt.

    1) Please go to Windows Explorer, find the following folders and delete them.
    2) Now please download the following: - Pocket KillBox

    Now run Pocket Killbox by doubleclicking on killbox.exe
    Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
    Then after it deletes the files click the Exit (Save Settings) button.
    NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.
    Select:
    • Delete on Reboot
    • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.
    If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).
    If Killbox does not reboot just reboot your PC yourself.

    3) Please run Shownew again and post a log for newfiles.txt. If the files are still there, I will then ask you to run a command prompt to delete them. We may have to run an additional tool to locate them.

    abri
     
  9. kayhanah

    kayhanah Private E-2

    Pocket Killbox works on Vista! I didn't get any error messages or prompts. I couldn't find C:\Program Files\Viewpoint, but I deleted Sunbelt Counterspy from the Program List in the Control Panel; I couldn't find it before because I was looking for Counterspy, not Sunbelt. I've attached newfiles.txt.
     

    Attached Files:

  10. abri

    abri MajorGeek

    Hi Kayhanah!

    1) Please look in Add/Remove Programs for the following and uninstall it. If you get any errors just make a note and proceed.[/b]
    2) Pocket Killbox ran nicely, but it only deleted one thing. Then it made backups of everything! So that won't work! We will try a straight cmd prompt delete this time and see if that will work.

    Please do the following:

    Click Start, Run, and enter cmd in the box and click OK. This opens a black command prompt window.
    Enter the following command lines one at a time. At the end of each line, hit the enter key.
    3) After the command prompt window is closed, please delete the contents of C:\WINDOWS\Prefetch.

    4) Then I would like for you to run CCleaner. You can see if it worked by checking your recycle bin. If there are still things in this, then try doing the following:

    5) As an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    - Temporary Files
    - Temporary Internet Files
    - Recycle Bin


    And Click OK.

    6) After you finish the above, please run ShowNew again so I can see if the files got deleted this time. Also, please run one more analyse.exe and post the new hijackthis.log so I can make sure the files aren't there either.

    - newfiles.txt
    - hijackthis.log


    abri
     
  11. kayhanah

    kayhanah Private E-2

    Ok, so I deleted Java(TM) SE Runtime Environment 6, but all the other files that I entered in the Command Prompt weren't found. For example, after cd C:\WINDOWS\Downloaded Program Files the next too prompts gave me "File not found - main_uninstaller.exe" and "Could Not Find C:\Windows\Downloaded Program Files\main_uninstaller.exe" so I guess they weren't deleted...?

    I ran CCleaner and nothing was in the Recycle Bin afterwards. I also did step 5.

    Thanks so much for your help.
     

    Attached Files:

  12. abri

    abri MajorGeek

    Kayhanah!
    The reason you didn't find them, is because I sent you to the wrong place to look for them. I'm so sorry! :cry Please try one more time. The files are under C:\WINDOWS not C:\WINDOWS\Downloaded Program Files, so the instructions will be basically the same, except that the change directory (cd) will be to C:\WINDOWS this time. Also, as long as we're doing this, we also need to pick up the backups that were made by Pocket Killbox, so I will do those for you too. I really do apologize for the inconvenience. Please follow the instructions below. This time you should find the files.

    Please do the following:

    1) Click Start, Run, and enter cmd in the box and click OK. This opens a black command prompt window.
    Enter the following command lines one at a time. At the end of each line, hit the enter key.
    2) After the command prompt window is closed, please delete the contents of C:\WINDOWS\Prefetch.

    3) Then I would like for you to run CCleaner. You can see if it worked by checking your recycle bin. If there are still things in this, then try doing the following:

    4) As an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    - Temporary Files
    - Temporary Internet Files
    - Recycle Bin


    And Click OK.

    5) After you finish the above, please run ShowNew again

    - newfiles.txt

    abri
     
  13. kayhanah

    kayhanah Private E-2

    Hahah, it's not a problem! I didn't get a "file not found" this time! Here's my newfiles.txt
     

    Attached Files:

  14. abri

    abri MajorGeek

    Now that looks better! :)

    For our final cleaning procedure, please go through the steps in the box. Be sure to set a new restore point as per the instructions. Then you'll have a clean point to come back to if you have other problems. You probably won't have to do step one, because I we did that manually already. Thanks for your patience. You were my first Vista.

    abri
     
  15. kayhanah

    kayhanah Private E-2

    Hmm... I don't think it's been completely fixed. My computer still sounds like it's loading like the crazy, and my CPU usage percentage is all over the place when I am not using any applications. Also, Symatec tells my every so often that "a recent attack on [my] computer has been prevented." When I clicked on "details" of the attack, it says the risk is "Goidr DNS Request." Because of this I haven't gone through step 8 of Read and Run Me First. Should I still follow the instructions even though the malware is still present? I've attached a hijackthis log. Is anything detectable from the log?
     

    Attached Files:

  16. abri

    abri MajorGeek

    No, if there's still malware present, it's right to wait.

    This is the next thing:

    Next, run the below...

    Download HostsXpert and then follow the below steps.
    • Unzip HostsXpert.zip
    • It will create a folder named HostsXpert in whatever folder you extract it to.
    • Run HostsXpert.exe, click Restore Microsoft's Hosts File and then click OK.
    • Click the X to exit the program
    Tell me how it's running now. Once your hosts are ok, we will need to reset the settings in IE. I'll post that after I hear back from you.
    abri
     
  17. kayhanah

    kayhanah Private E-2

    After I clicked OK on Restore MS Host File it said "ERROR: Cannot create file C:\Windows\system32\DRIVERS\ECT\hosts"
     
  18. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  19. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Open your Hosts file and tell us what is in there.
     
  20. kayhanah

    kayhanah Private E-2

    Where is my Hosts file?
     
  21. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    C:\Windows\system32\DRIVERS\ECT\hosts
     
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not really a good idea since it is 183622 bytes in size.;) Also Spy Sweeper is locking it!!!!
     
  23. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Then do a system search for ;
    Goidr

    Turn off spysweeper and try the Host reset again.
     
  24. kayhanah

    kayhanah Private E-2

    I ran a full scan with Norton and it didn't find Goidr, or anything at all. Host reset didn't work again after turning off Spy Sweeper. Should I try it with Norton off too? I'm hesitant to disable it because apparently it has prevented a couple attacks on my computer. Nothing was found in a system search for Goidr.

    I opened Hosts as a text file and I've attached it to this message.
     

    Attached Files:

    Last edited: Sep 23, 2007
  25. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Do not disable NOrton ....but do leave spysweeper off (or uninstall) and see if you still get the same messages from Norton.
     
  26. kayhanah

    kayhanah Private E-2

    Yeah, I'm still getting that message from Norton. Would a hijackthis or newfiles log help?
     
  27. abri

    abri MajorGeek

    Hi Kayhanah,
    This is the Symantec report on Goidr:
    I'm not sure that Goidr is the cause of the problems you are describing. However, I think it can be removed if it is in your system. First we will look for it and if we find it, then we will remove it. It's possible, if Nortons is blocking it, that we won't find it, because it's not getting into your system. Please do the following:

    First, let's look if Goidr is in your registry.

    Go to Start / All Programs / Accessories / Run
    In the dialog box that opens, please type in regedit.
    Being careful not to change anything - navigate to the following: HKEY_LOCAL_MACHINE:
    Once you get to Run, please look for Goidr. If you don't find it, simply close the registry and tell me.

    If you do find it, I would like for you to first make a back up of the registry key by continuing as follows:

    If you have questions about this, please ask.

    After you've backed up this registry key, please do the following:

    Please copy the bold text including the word REGEDIT4 below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it, double click it and allow it to merge with the registry. If you get any warning signs or cannot do any of these steps, just tell me.

    abri
     
  28. kayhanah

    kayhanah Private E-2

    abri, Goidr wasn't in the Run section. Ok, now I'm starting to get scared for my computer! It's brand new! Tell me there's always a way to fix it, abri! :cry
     
  29. abri

    abri MajorGeek

    I was hoping you would not find it, because this means your Nortons is working! That's a good thing! It means Norton's is doing what it's supposed to do.

    The place we are at now is as follows: your computer doesn't have any more malware files on it. It still sounds like it's loading like crazy and has a high CPU usuage. To begin with, I would like to tell you this. You have a lot of programs running. I can see this from your logs. All the high-powered security suites from different companies like Nortons, McAfee and Kaspersky are Very High on resources. They scan all the time whenever you connect to the internet, and many people connect to the internet as soon as they boot up their computer. This means that all the things loading at startup which are set to check on their updates, will be using resources to phone home, plus they will be being scanned by your security software, plus the security suite itself will be phoning home for its own updates. Some of this is not necessary.

    First of all, you do not need to be running Nortons, Spysweeper and Windows Defender all at once. If you use Spysweeper, don't use Windows Defender.

    Next, you have a number of programs loading at startup that don't need to load. All of these:
    Before we continue, I would like for you to follow the instructions in post 14 and set a clean system restore point. I am worried if you do not get rid of your previous restore points, the infections we removed will come back.

    Next, please open up CCleaner. On the left side of the CCleaner window, there's a column with four buttons: Cleaner, Issues, Tools, and Options. Click on tools. This will open up a new column next to the first column. In the new column you'll see two buttons: Uninstall and Startup.

    Click on Startup. There you will see a list of things which are starting up with your computer. In the above box, I've listed some of the items from your HijackThis scan which load on your computer at start up. The ones listed there are all items which do not have to load at startup. Please look through your startup list in CCleaner and delete those entries from the startup list. Then reboot and tell me if this gives you any improvement.

    It is very easy once you've had a brush with malware to become worried that everything that doesn't feel right with your computer could be a further malware problem. I know this feeling very well. However, a number of issues that feel like malware are actually related to programs designed to fight malware. Symantec provides a very complete security package, however, they are a real drain on the computer's resources. I stayed with Norton's for many years and finally gave them up because of this. If you have a backup software running in the background, whether an inbuilt Windows backup software or one provided by Symantec, this will also make it sound like your computer is working all the time.

    Try reducing the load your computer is carrying. After you take out the above startup items, please go to your most recent newfiles.txt log (the same one you posted to us) and open it. Scroll all the way to the very bottom of the page and there you will find an uninstalls list for all of your programs. What I see there is that a number of things are duplicated. Do you know why? You have two of the following:
    With all of your Office software, which itself phones home, and your dvd, sound, and photo softwares, plus all the Adobe and all the VAIO software, your computer is working very hard. Please determine why you have duplicates of software and see if this can be resolved. Do it slowly. After you take out the startup items, if you see some improvement in your computer and you are not missing anything you need, then defrag your computer. Then address the problem with the duplicated programs. If there's not a reason for them to be duplicated, then resolve this one or two programs at a time, and defrag again.

    Let me know if this helps and do not forget to read through "How to protect yourself from malware".
    abri
     
  30. kayhanah

    kayhanah Private E-2

    System Restore seems a little different for Vista. I right-clicked on Computer, went to Properties, and clicked on System Protection. There wasn't a tab called System Restore, but there was a button. I clicked it and it asked if I wanted to do a Recommended Restore or a Choose a Different Restore Point. Are there any directions for disabling System Restore for Vista? Also, how should I remove those unwanted start-up programs? With Hijackthis, msconfig, or the control panel? And those programs you named aren't the only ones I could remove, right? Because I see some more programs I don't care to have running at start-up, but I just wanted to make sure so I don't remove something important.
     
  31. abri

    abri MajorGeek


    Disabling system restore in Vista:
    This site has a tutorial with pictures. I am assuming that if you disable it and then enable it, that it will set a new restore point. If you have a number of restore points now, but only one when you re-enable system restore, then it should be the new one. The more ideal method would be if it were possible to get rid of the infected restore points, but so far there's no software that can do this.
    http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/



    As for the startup programs, using the control panel, you can only turn off things which are alreadly running. They will just start up again. Msconfig is only for diagnostics. If you turn something off in there, it should only be used to see if your computer will still work or if you are trying to eliminate some problem and want to try eliminating some problem in a methodical way. The best way to remove them is to use CCleaner if you can. After you click on Tools and then click on Startup, look at the list of startup items, mark the items you want to get rid of and click remove. Please tell me if that works for you.

    abri
     
    Last edited: Sep 24, 2007
  32. kayhanah

    kayhanah Private E-2

    Symantec charges for their support line, so if the duplicates are nothing serious then I'll save that for the last resort. I removed the mentioned startup programs, plus a few others. Can I go back to selective startup now, as opposed to normal startup?

    My computer still loads viciously. I promise you, it wasn't like this before the virus! I'm looking at Task Manager to see what is taking up all the CPU usage. My CPU usage is always at an average of 20%. That's normal too? Would you be able to tell me what programs I CANNOT remove from the startup so I could minimize the number of processes my computer is dealing with? If we're sure that it's not malware then would that be the most effective thing to do?
     
  33. abri

    abri MajorGeek

    Hi Kayhanah!
    Please do not remove anything else from the startup list for now. I'm not happy with the sluggishness of your computer and I'm getting a second opinion about it. This takes time, so please be patient.
    Thanks.
    abri
     
  34. kayhanah

    kayhanah Private E-2

    Thanks so much
     
  35. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    We have a new set of tools that we have not released for general use yet. I would like you to run this procedure Using MGtools and then attach the C:\MGlogs.zip file it will create to your next message. This procedure adds more specific checking for the Vista file systems.

    Also you mentioned in your first message that WebVideo Support was new. At first I believed this to be a normal application; however, now I'm not so sure. Are you positive that this is not something that you installed or use. Abri had also questioned (in conversations with me) TabIt since it appears to have been a new install. Did you install TabIt? I thought it was a music related program (like guitar tabs or similar). Is it possible that WebVideo Support is related to TabIt since they should up at the same time? I don't think they are related at all but I needed to ask since there is no evidence that WebVideo Support is truly bad.
     
    Last edited: Sep 24, 2007
  36. kayhanah

    kayhanah Private E-2

    I've attached MGlog.zip.

    Yeah, WebVideo Support definately wasn't something I installed. I'm guessing it was some kind of malware because at first, it wouldn't let me uninstall it. But earlier today, after everything we've done so far, I went to uninstall it again and it said "WebVideo could not be found, do you want to remove it from the list" or something like that. So I said yes, assuming the bad files had been removed during one of the cleansing procedures we went through earlier. Tabit is ok, I installed that. Yeah, it's a music tabbing program.

    I can't express how thankful I am that you guys are here every step of the way! I really appreciate it.
     

    Attached Files:

  37. abri

    abri MajorGeek

    Hi Kayhanah!
    Just a few thoughts off the top of my head and then Chas will get back to you. You still have the Viewpoint folder under Programdata. Please make sure anything related to Viewpoint Media Player is gone from your add/remove programs and then go into Windows Explorer and see if you can delete the Viewpoint folder manually under the Programdata directory. Before you delete it, see if there's anything in it.

    Second, your problems started on a day when Video Codec got into your computer. You installed TabIt yourself, and a program called WebVideo Support was installed on your computer around the same time. You have a program from Grouper Networks which appears to be for a wall paper in your computer. The company itself is a P2P file-sharing company. You also have software installed by Sony called PACE Anti-Piracy, which is part of Sony's effort against piracy. Are all of these programs familiar ones to you (except for WebVideo Support)?

    The hosts file you have was installed by Spybot S&D. It's not harmful.

    The duplicate programs you have may be related to a backup feature in your computer. If this is running, it's possible your computer is making a complete backup everytime it turns on, or on some other regular basis.

    The last thing is, the programs you removed from your startup with CCleaner can be replaced with a registry patch, which I will give to you, except for the Global Startup for Quick Books. If, when we're finished with everything here, you still want to delete further programs from the startup menu, it would be a good idea to use HijackThis. You can generate a startup list as follows:

    When you open HijackThis there's a "Configuration" button. Click on this. On the next screen click on the "Misc. Tools" button. Then click on "Generate Startup List". This will produce a list of your startup programs in Notepad. If you want us to recommend any other programs which could be removed from startup or if you have questions about items on this list, please post it to us.

    Except for the above instructions to try getting rid of Viewpoint, please do not remove or add anything further to your computer until we have a chance to post to you again.

    Thanks!
    abri
     
  38. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    These new logs also not show any malware problems. As Abri noted you need to delete that one folder and there is another left over from CounterSpy to delete. So delete the below two folders:

    C:\Users\Kayhan\AppData\Roaming\Sunbelt Software
    C:\ProgramData\Viewpoint

    Are you saying your problem with CPU useage is all of the time? Or is it only during startup?
    Does it also seem to be the same if you boot in safe mode?

    After answering the above questions, please do the below and then tell us if there is any change at all:

    • uninstall Spybot
    • use HijackThis to fix the below startup entry
      • O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    The only other items I would suspect next are Norton Internet Security Suite. It is a known resource hog and has added about 11 services and a few other running procesess to your PC. Also Sony VAIO has a ridiculous number of services being run (about 18 of them) which may also be adding to CPU useage. I have to wonder why all of these services are required for this PC and what all of their true functions are. Also why do they need to be run as services. While all laptops seem to have more junk like this running then regular desktop PCs, Sony goes way beyond what other laptops do.
     
  39. kayhanah

    kayhanah Private E-2

    It seems like it's getting better as more startup programs are being removed. Startup is definitely the busiest of all but after startup has shown improvements. It seemed normal in safe mode with a CPU usage percentage of about 3%. When I first got into safe mode, a little notifier popped up from the bottom right and said "Windows security is disabled, click here to enable it" and I clicked it and it said it was off, so I pushed the button that said "turn on" and it said "Windows cannot turn this on," not quite in the same words but just as uninformative. Should I be worried about that?

    I noticed all that VAIO stuff... does my computer need that stuff? Could I remove a few of those VAIO startup applications? Should I completely remove Symantec and use one of the free programs? It is a trail version anyway.
     
  40. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No!

    This is not a topic for this forum. You will need to discuss this in either the Hardware or Software Forum or do a bunch of research on your own to find out what all of those services are for and whether they are really needed.

    We never recommend using Symantec. If it is a trial, then don't wait. Just dump it now and make sure it uninstalls properly because most of the time it does not. You can find this out (after doing the uninstall) by attaching new logs from HJT and ShowNew for Abri to look. Any of the free programs we offer listed in the below link would be a better choice:

    How to Protect yourself from malware!
     
  41. kayhanah

    kayhanah Private E-2

    Ok, I deleted Symantec and the LiveUpdates for it, and I installed avast!, a2free, BOClean, and SpyWare Blaster. I tried all of the free software firewalls but none of them worked for Vista, but I do have a hardware firewall active from my router. Should I also enable Windows Firewall since none of those work? Also, do you know how to hide hidden files again? If not off the top of your head don't worry about it, I'll figure it out. I've attached the hijackthis and newfiles logs so you could make sure Symantec is completely gone. Thanks.
     

    Attached Files:

  42. abri

    abri MajorGeek

    Hi Kayhanah!
    Please delete the following folder.
    Also, check in your recycle bins and see if there is still a Norton Protected bin in there. If so, delete the contents of any of those which still exist and then try to delete the folders as well.

    To rehide your files, do this this:
    Turn on your Windows Firewall until you find another solution. I think Comodo works with Vista, but I see a lot of people having trouble with Comodo, so I would first allow your computer to work for awhile before trying anything else new. If your computer seems to be tolerating all the software changes, I would defrag, setting a new restore point for both before and after the defrag. In the long-run, you need a better software firewall. The problem with the Windows Firewall is that it doesn't check what's trying to get out of the computer, only what's coming in.

    I will post one more set of instructions to you for removing the tool package we installed on your computer. Let me check if there are any special steps for getting rid of those things or if it can be deleted directly.

    Thanks for working with us.
    abri
     
  43. kayhanah

    kayhanah Private E-2

    No, thank you!
     
  44. abri

    abri MajorGeek

    Hi Kayhanah!

    To remove the tools and logs we used while working on your computer, please delete the following:
    • MGtools.exe
    • C:\MGtools
    • C:\MGlogs.zip
    • C:\runkeys.txt
    • C:\newfiles.txt
    • C:\getunkey.txt
    • C:\Windows\System32\locate.com
    abri
     
  45. kayhanah

    kayhanah Private E-2

    Thanks! I'll be checking back for a software firewall that's more compatible with Vista.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds