Antivirus programs wont open

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by multimedia, Aug 20, 2009.

  1. multimedia

    multimedia Private E-2

    All right so another of my computers is infected.

    I saw that Personal AV somehow made it on there even though I havent used the computer in months. So I deleted the folder in the Program Files. Also in there is a folder called sFX which I cannot delete

    However there is still a problem. Firefox does not work as it gives me the timed out message. When it does work, all search engines do not work. Although I can go to the sites such as google.com or yahoo.com, search results do not show up.

    Also, when I try to doubleclick on the usb drive, it brings up Notepad and gives me an error with Catalyst Control Centre. Another error is with Generic Host Process for Win32 Services.

    Did everything in the read and run me first except step 6
    This is because even after installing these programs they will not run.
    Superantispyware just wont install, giving me an error

    Any ideas?
     
  2. multimedia

    multimedia Private E-2

    btw here are the MGlogs which I forgotten to attach
     

    Attached Files:

  3. multimedia

    multimedia Private E-2

    new MGlogs
     

    Attached Files:

  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What is the below huge file? If unknown, you should delete it.
    Code:
    C:\Documents and Settings\Hiep\My Documents\
    nf1258.exe    Jun 18 2009   449548956  "NF1258.exe"

    Now you need to edit your C:\Windows\win.ini file and delete the below line at the end of the file.
    DLL_PATH=C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290



    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll
    O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (file missing)
    O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll (file missing)
    O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stb0.dll (file missing)
    O4 - HKLM\..\Run: [PersonalAV] C:\Program Files\PersonalAV\pav.exe
    O4 - HKLM\..\Run: [MSDRV] NetFilter.exe
    O4 - HKLM\..\Run: [pp] C:\windows\pp11.exe

    After clicking Fix, exit HJT.



    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now see if you can run SUPERAntiSpyware, Malwarebytes, ComboFix, and RootRepeal.


    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\avenger.txt
    • the logs from SUPERAntiSpyware, Malwarebytes, ComboFix, and RootRepeal if they ran.
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  5. multimedia

    multimedia Private E-2

    Well I did everything you said but theyre still not working. Firefox is also opening another tab that looks like an ad everything I start it.
    I did however get RootRepeal to work after a number of errors saying it could not read the boot sector.
     

    Attached Files:

  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay the infection may have corrupted some of your downloads and installations. So we will uninstall a few things and delete some previous downloads. Then we will get new copies and install them after a reboot. Follow the steps below in the exact order written.

    Uninstall SUPERAntiSpyware and Malwarebytes now.


    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.


    Now download and install and update the below tools again:
    Now try to run SUPERAntiSpyware, Malwarebytes and ComboFix per the cleaning instructions.

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\avenger.txt
    • the logs from SUPERAntiSpyware, Malwarebytes and ComboFix if they ran
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  7. multimedia

    multimedia Private E-2

    Well I've run into a problem, that is I cannot uninstall Malwarebytes either by using the add/remove programs or by trying to delete the folder in Program Files.
    Should I use Spybot's File Shredder to try to delete them (not sure if it will works) or no? And since SUPERAntiSpyware wasnt ever installed in the first place thats done

    I did the next step but I still cant run the programs besides CCleaner although it always shows up with 24KB in IE Temp Internet Files even after a few runs.

    Although, this computer has two accounts. Would that be a problem
     

    Attached Files:

  8. multimedia

    multimedia Private E-2

    I tried again and managed to uninstall Malwarebytes after trying again. Ran through the steps again and CCleaner had 0 bytes removed instead of the 24KB before I uninstalled Malwarebytes.

    Still cant install those programs, Malwarebytes included. Should I uninstall Spybot as well? There is still the ad site that pops up along with the FirefoxStart homepage everytime I open Firefox or click home
     

    Attached Files:

  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First please run this: Resetting Registry and File Permissions

    Then continue with the below.
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  10. multimedia

    multimedia Private E-2

    Well I did everything. Still having the same problems though, cant install anything.
    The malwarebytes installer runs but stops at the end of the percentage bar so I dont think it actually installed
     

    Attached Files:

  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What happens if you log in using the Mimi user account instead of the Hiep user account?

    Also what happens if you boot in safe mode and use the Administrator user account?
     
  12. multimedia

    multimedia Private E-2

    Same thing. Nothing works in either account in regular mode or safe mode.
    I also cant get into the Administrator account in safe mode since I forgot the password to that.
    Also google searches are now being redirected while an ad showing a fake virus scan showed up once

    Gah is there anything I can do now?
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First please run this: Resetting Registry and File Permissions

    Now try installing the below ExploreXP program and tell me what exactly happens?

    ExplorerXP


    Please run this Win32KDiag - How to run and attach the requested log.


    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


    Now attach the below log:
    • C:\MGlogs.zip
     
  14. multimedia

    multimedia Private E-2

    All right I did everything.
    Installing ExplorerXP went fine, no problem in installing and it runs too
    However, the Win32KDiag didnt seem to work
     

    Attached Files:

  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    So it looks like you can install programs. You just cannot install certain programs. Can you install and run the below?

    Avira AntiRootkit Protection


    Also please try running the below online scan:

    http://www.superantispyware.com/onlinescan.html

    Reboot immediately after scanning if it finds and removes anything. Let me know if anything was found. It does not save a log.


    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  16. multimedia

    multimedia Private E-2

    Well I cant install that first one. Gives me an error about the application configuration is incorrect

    The second link worked liked a charm though. It managed to work and found plenty of stuff. After using that everything seems too work including malwarebytes, spybot and combofix.

    I reinstalled malwarebytes and it seems to work. Only did the quick scan and the logs are attached. Will run through the entire cleaning procedures tomorrow and attach logs (I hope this is the correct decision)

    Hopefully I'll be able to get rid of the ads that popup along with firefox homepage every time I open firefox
     

    Attached Files:

  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: Sep 18, 2009
  18. multimedia

    multimedia Private E-2

    Still getting that popup everytime I open firefox
    Doing the steps and will post later
     

    Attached Files:

  19. multimedia

    multimedia Private E-2

    And here are the logs from the cleaning procedures.
    Nothing found! And I fixed the popup by changing my homepage.
    Guess I'm in the clear?
     

    Attached Files:

  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That was going to be my next suggestion since your combofix log showed you had the below in your home page setting:

    hxxp://www.theprizeday.com/today.php


    Since your logs are clean, and if you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
  21. multimedia

    multimedia Private E-2

    Thanks a bunch chaslang!:-D
     
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds