Browsers Stopped Working Properly. Help!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by iSheesh, Sep 18, 2012.

  1. iSheesh

    iSheesh Private E-2

    It was yesterday 17 of September 2012, when i was downloading a song from "http://www.2shared.com/" clicked on the link and then it automatically downloaded a software instead it was dxDownloader or something i can't remember as i unistalled it, when i am done installing it,
    Google Chrome that was still running crashed so i closed & open to access to the net eventually prompts from Microsoft Windows kept popping out saying "Google Chrome has stopped working", same goes to my Internet Explorer & Firefox ever since.

    This are the scan logs that i did as following:

    • RKreport.txt from RogueKiller
      Malwarebytes Anti-Malware log
      TDSSKiller log - : No threats found(i will post when requested)
      HitmanPro log
      MGlogs
     

    Attached Files:

  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    We need to correct log from MGtools which is C:\MGlogs.zip as stated in the instructions. What you attached is a hijackthis log that you renamed to MGlogs.log

    Also you need to attach the correct log from RogueKiller.
     
  3. iSheesh

    iSheesh Private E-2

    I hope this the right one, by the way i am running on a Windows Vista, 32 bit
     

    Attached Files:

  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you mean the below which I see on your PC? I need to know exactly before continuing:

    http://www.portablefreeware.com/?id=1217


    I do see the below in your RogueKiller log:

    [TASK][SUSP PATH] WxDFastUpdaterTask{45BCB617-994D-431D-9837-38BDF6650BA1}.job : C:\ProgramData\Premium\WxDFast\WxDFast.exe -> FOUND
    [TASK][SUSP PATH] OptimizerPro1UpdaterTask{9E8F7B10-91C8-4FE7-887E-4D232701C2C0}.job : C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe -> FOUND

    And the below shows in your installed programs list
    WxDFast

    And I see the below was recently installed. Why and are you sure it is not the cause of your problem?
    sprotector 1.62


    See things it can do >>http://grvq.com/showpad.php?title=Network%20Security%20Protector&company=Getfreefile


    Also Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"

    After clicking Fix, exit HJT.

    Then delete the below folder
    C:\Program Files\Common Files\Spigot
     
    Last edited: Sep 19, 2012
  5. iSheesh

    iSheesh Private E-2

    I followed the steps as instructed but problems isn't resolved:


    Yes it's the WxDFast that is seen on my PC and while it was installing somehow OptimizerPro1 also automatically installs
    there's another Microsoft Windows prompt which i am getting is :
    Windows host process (RUNdll32) has stopped working

    And as for sprotector 1.62 i don't remember installing it any any point of time, it's a malware shown when i scan my PC with HitmanPRO but i don't know how to deal with it

    This two were identified treats to HitmanPro:
    sprotector.dll
    C:\Program files\Sprotector\
    sprote~1.dll
    C:\progra~1.dll\sprote~1\
     
    Last edited by a moderator: Sep 20, 2012
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    So go to Add/Remove Programs and uninstall each of the below:
    OptimizerPro1
    sprotector 1.62
    WxDFast

    Then reboot your PC. After reboot, do the below.

    Rerun Hitman and allow it to fix anything it finds from the above programs. If it does find anything to remove, reboot afterwards and then run a new Hitman scan to and save a new log to attach.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the new Hitman log
    • C:\MGlogs.zip
     
  7. iSheesh

    iSheesh Private E-2

    Done as instructed, everything seems to be normal now all browsers worked perfectly
    my google homepage was back and the stubborn automatic gadgetbox homepage was gone!

    Here are the logs :
     

    Attached Files:

  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Excellent news.

    I would also delete the below folder:
    C:\ProgramData\SpeedyPC Software


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
    2. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    7. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds