Fixing for a friend, multiple malware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Lnkenjke, Nov 1, 2014.

  1. Lnkenjke

    Lnkenjke Private E-2

    Hello

    I'm fixing a friends computer with multiple malware and toolbars and such. at start up there are optimizers, cleaners, backups, and such that pop up.

    I couldn't say when it started but it seem to be around September and May of this year.

    Followed instructions and am attaching logs per your request since some of the problems persist.

    Looking forward to your wise reply.

    Lnken
     

    Attached Files:

    Lnkenjke, Nov 1, 2014
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You didn't make the agreement to run HiJack this as it is missing from your MGlogs.

    Rerun RogueKiller and have it fix all the items under:
    Code:
     ¤¤¤ Registry : 95 ¤¤¤

¤¤¤ Tasks : 8 ¤¤¤

¤¤¤ Web browsers : 9 ¤¤¤
    Then rerun Hitman and have it fix everything it finds.

    Use add/remove programs to uninstall:
    Pro PC Cleaner

    Download OTM by Old Timer and save it to your Desktop.


    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.


    Code:
    :Processes
explorer.exe

:files
C:\Users\Wheneisha\AppData\Local\nsbECBB.tmp
C:\Users\Wheneisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.2
C:\ProgramData\adf80ae5fb1c0699
C:\ProgramData\ShopperPro
C:\ProgramData\speedbrowser
C:\ProgramData\ParetoLogic
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
C:\Program Files (x86)\AnyProtectEx
C:\Program Files (x86)\AskPartnerNetwork
C:\Program Files (x86)\Bull Softwares
C:\Program Files (x86)\Groovorio
C:\Program Files (x86)\Pro PC Cleaner
C:\Program Files (x86)\Search Extensions
C:\Program Files (x86)\ShopperPro
C:\Program Files (x86)\snipsmart
C:\Program Files (x86)\Spyware Clear
C:\Program Files (x86)\SupTab
C:\6999bf02f24189bf2004
C:\7F68A003.il
C:\85ecf3aebc8de245017ae5915980
C:\alotserviceruntime.log
C:\eac6411ce6271fe9599526
C:\end
C:\grldr
C:\Windows\TEMP\*.*
C:\Users\Wheneisha\AppData\Local\Temp\*.*

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Optimizer Pro"=-

[HKEY_USERS\S-1-5-21-1418551171-3612087309-3932582185-1000\Software\Microsoft\Windows\CurrentVersion\run]
"Optimizer Pro"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9d18b218-6967-44c7-961f-c8710bf24559}]

:Commands
[purity]
[ResetHosts]
[emptytemp]
[start explorer]
[Reboot]

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).Make sure that you watch for the license agreement for TrendMicro HijackThis and click on the Accept button TWICE to accept ( yes twice ).

    Now after a reboot, rescan with both RogueKiller and Hitman.
    Then attach the below logs:

    * RogueKiller
    * Hitman
    * C:\MGlogs.zip
    * OTC Log

    Make sure you tell me how things are working now!
     
    TimW, Nov 1, 2014
    #2
  3. Lnkenjke

    Lnkenjke Private E-2

    Hello

    Thanks for the prompt reply.

    attached are the logs requested. the MG tools log will be in the following post.

    Also there was a dll error while trying to uninstall Pro PC Cleaner, the uninstall stalled.

    Thank you.
     

    Attached Files:

    Lnkenjke, Nov 1, 2014
    #3
  4. Lnkenjke

    Lnkenjke Private E-2

    Attatched is the log from MGtools.

    Thank you.
     

    Attached Files:

    Lnkenjke, Nov 1, 2014
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can try using Revo Uninstaller to remove that program.

    Things look good, what issues are you still having, if any?
     
    TimW, Nov 1, 2014
    #5
  6. Lnkenjke

    Lnkenjke Private E-2

    Hello

    Thanks for the awesome instructions and programs. Your advice cured all ailments with the computer. Only IE has a odd update error. It's no problem as the client only wishes to use chrome!

    Thanks and blessing for your knowledge.

    Lnken
     
    Lnkenjke, Nov 3, 2014
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    There is still come crap we can remove.

    You add/remove programs to uninstall:

    • AnyProtect Still installed
    • RocketTab
    • Updater

    Did Revo uninstall Pro PC Cleaner?


    Rerun Hitman and have it fix the host files.



    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now use windows explore and delete these:
    C:\Windows\tasks\APSnotifierPP1.job
    C:\Windows\tasks\APSnotifierPP2.job
    C:\Windows\tasks\APSnotifierPP3.job
    C:\Program Files (x86)\globalUpdate
    C:\ProgramData\Updater
    C:\ProgramData\Optimizer
    C:\Users\Wheneisha\AppData\Roaming\aps.scan.quick.results
    C:\Users\Wheneisha\AppData\Roaming\aps.scan.results
    C:\Users\Wheneisha\AppData\Roaming\aps.uninstall.scan.results

    Tell me what these are if you know:
    C:\Users\Wheneisha\AppData\Roaming\BVB.exe
    C:\Users\Wheneisha\AppData\Roaming\TKKNCCPE.exe
    C:\Users\Wheneisha\AppData\Roaming\WB.CFG
     
    Last edited: Nov 3, 2014
    TimW, Nov 3, 2014
    #7
  8. Lnkenjke

    Lnkenjke Private E-2

    Hello

    I've already returned the computer, but have uninstalled those very programs. When can get it back I'll finish the clean and reply as directed.

    Thanks again
     
    Lnkenjke, Nov 3, 2014
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Ok, then I can give you the final clean up to remove the programs and processes you downloaded for the fixes.
     
    TimW, Nov 3, 2014
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds