Rogue Killer found Malware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by bane, Jan 7, 2013.

  1. bane

    bane Private E-2

    This started with noticing weird behavior in my mouse. In firefox the scroll click to open/close a tab would not work. In Chrome the scroll click would open multiple tabs, sometimes to random sites. Sometimes the left button will stop working. If I open Task Manager and left click on the Task Manager window then the left button begins working normally again.

    I ran MSE and it didn't find anything, but the weird mouse behavior continued. I downloaded and ran AVG and it found and removed some files, but the weird behavior continued. I downloaded and ran AVAST and it found and removed some files, but the weird behavior continued. I reinstalled windows and the weird behavior continued. I backed up all my files on an external hard drive, formatted C drive (the only drive), and reinstalled windows, but the weird behavior continued. Which brings me to your wonderful forum.

    I followed all of the steps in the READ & RUN ME FIRST. Rogue Killer found malware, but as in the instructions, I did not remove the malware. I attached all the logs I could find. Let me know if anything is missing.

    Thanks!
     

    Attached Files:

    bane, Jan 7, 2013
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    No it didn't. It's all valid.What happened with Malware Bytes, can I see the log for that too please?

    Re run Hitman and have it delete Potential Unwanted Programs.

    Now delete these folders if they exist:
    • C:\Program Files (x86)\Wajam
    • C:\Program Files (x86)\Coupon Companion Plugin
      [*]
    Still having problems?
     
    Kestrel13!, Jan 7, 2013
    #2
  3. bane

    bane Private E-2

    Attached is the MB log.

    I removed the Potential Unwanted Programs found by Hitman (appeared to be Wajam) and attached is the log from that.

    I deleted C:\Program Files (x86)\Coupon Companion Plugin by moving it to the Recycle Bin and emptying the Recycle Bin.

    Now I'm going to restart and see how things are going.
     

    Attached Files:

    bane, Jan 7, 2013
    #3
  4. bane

    bane Private E-2

    I restarted and Windows downloaded and installed 94 Windows Updates.

    Then it said Configuring Updates

    Then it shut down

    Now it's restarted and the mouse is still behaving weirdly. Sad face.

    It just froze (cursur stopped blinking and mouse didn't work at all) as I was typing that. Ctrl alt dlt and opening task manager unfroze it.
     
    bane, Jan 7, 2013
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You can post about it in the software forum if you like :) I am not seeing anything else to do here in the malware forum.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Press and hold the Windows key [​IMG] and then press the letter R on your keyboard. This opens the Run dialog box.
      • Copy and paste the below into the Run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove, you can delete these files now.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Kestrel13!, Jan 8, 2013
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds