Using MGtools

Discussion in 'Malware Removal FAQ' started by chaslang, Sep 12, 2007.

Thread Status:
Not open for further replies.
  1. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you have not already downloaded MGtools, download it from here: MGtools and save to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading)

    FYI to Firefox users: New versions of Firefox will falsely tell you that MGtools.exe is a virus and it will not let you download it. It also does not let you override this false accusation. Do the below to fix this issue:

    • In Firefox's Menu ( if you don't see the Menu bar then right click on the top area of the Firefox window and select the Menu Bar selection to enable it. Also something that should be enabled by default in my opinion )
    • Now on the Menu Bar select Tools. Then select Options
    • On the Options form select the Security tab.
    • Now uncheck the below check boxe
      • Block reported attack sites
    • Now click OK to save the change
    • Now see if you can download MGtools.exe
    FYI to Chrome users: Similar to the above with Firefox, you will have to disable some protection in Chrome since their software developers neglected to give you an option to bypass their false detections so that you can still download when you know the browser is wrong.

    See the below to disable the Phishing and Malware Protection feature so that you can download MGtools.exe. You can renable it afterwards if you wish but anytime you try to download some file that they don't recognize, you will have this problem.

    https://support.google.com/chrome/answer/95572




    Important Update Note:
    • Recent bugs in many antivirus programs are detecting MGtools.exe as malware. Disable your antivirus program while you download and run MGtools if you have this problem. Rest assured that it is clean. Your AV is incorrect.
    • If disabling does not work or help then uninstall your antivirus program since it is getting in the way of cleaning up your PC from malware.
    • If you don't know how to disable your AV or other protection, see the below link:
    Instructions for Vista & Windows 7 Users ( other users skip to Windows Users ):

    • Make sure that yo have already disabled User Account Control per the READ & RUN ME instructions and that you have rebooted after disabling UAC. Also keep UAC disabling until cleaning of your PC is finished.
    • Run the MGTools.exe program by right clicking on it and selecting Run As Administrator.
      • It will create a folder named MGTools in the root folder of the hard disk where Windows is installed ( typically C:\MGTools ).
      • It will also automatically extract a bunch of files into this folder.
      • It will try to automatically start running scripts to get logs.
        • If it runs okay, you will see a notice at the end telling you about the creation and location of the MGlogs.zip file and you should continue on to the General Information section below.
        • If it does not run okay, see the below Vista and Win 7 Debugging section
    Vista and Win 7 Debugging - If MGtools did not run properly
    • Again it is extremely important that you have disabled your protection software and that you have already disabled UAC and rebooted. If you have not done this, it can be why MGtools is not running.
    • Right click Start and select Explore to open Windows Explorer
    • Navigate into the \MGTools folder just created in the root of your Windows boot drive.
    • If you have already disabled User Account Control per the READ & RUN ME instructions then you can skip this current bullet list item since you should have UAC disabled already. If you still need to disable UAC, locate the DisableUAC.reg file in the C:\MGtools folder and double click on it.
      • This registry patch is used to disable the User Account Control feature which would get in the way of running the tools
      • UAC will popup to say Windows needs your permission to continue. This is normal for editing the registry.
      • Click Continue and the OK to edit the registry to the message are you sure you want to continue
      • This will apply the registry patch to disable UAC
      • You will see a Security Center icon in System Tray alerting you to turn UAC back on. DO NOT do this now. You will enable it after completing malware removal on your PC.
      • Now you need to reboot your PC. You must Reboot now.
      • After reboot continue with the below steps.

    • Now locate the GetLogs.bat file in the MGTools folder and right click on it and select Run As Administrator this should begin the scan process.
    • This will sequentially run all the tools/scans that are part of MGtools. Each of these scans will create logs in the MGtools folder. You will notice a command prompt window open and messages will appear in this window. This window will close when the scans are complete.
    • You should close all other windows while running scans and avoid doing anything else so that scans will run faster and will not get interrupted.
    • You may see a popup window with a license agreement for TrendMicro HijackThis. Make sure you click the I Accept button.
      • You need to click it twice to get it to accept.
      • If you see HijackThis open and/or a log from HijackThis open in notepad, just close HijackThis and the notepad window.
      [*]While GetLogs.bat is running, logs will be created in the MGtools folder. You don't need to do anything with these file unless requested. The log files will also automatically be put into a ZIP file named MGlogs.zip
    • that will be created in the root folder of your Windows boot drive ( normally C:\MGlogs.zip ). This is the file that you will be uploading as an attachment to your message in the forum. Unlike older versions of the programs, no popups of the logs will appear when they finish running during this initial installation. At a later time, running any of the individual batch files will still cause the logs to automatically pop up.
    • After you are sure that the scans have run properly and the MGlogs.zip file has been created.
    • Continue on to the General Information section below.
    Instructions for all other Windows Users:
    • run the MGTools.exe program by double clicking on it.
      • It will create a folder named MGTools in the root folder of the hard disk where Windows is installed ( typically C:\MGTools ).
      • It will also automatically extract a bunch of files into this folder.
      • It will the automatically start running three batch ( .bat files are batch programs ) programs in that folder.
      • This will sequentially run all the tools/scans that are part of MGtools. Each of these scans will create logs in the MGtools folder. You will notice a command prompt window open and messages will appear in this window. This window will close when the scans are complete.
      • You may see a popup window with a license agreement for TrendMicro HijackThis. Make sure you click the I Accept button. You need to click it twice to get it to accept.
      • If you see HijackThis open and/or a log from HijackThis open in notepad, just close HijackThis and the notepad window.
      • These log files while be placed in the root folder of your Windows drive. The log file will also automatically be put into a ZIP file named MGlogs.zip which you will be uploading as an attachment to your message in the forum. Unlike older versions of the programs, no popups of the logs will appear when they finish running during this initial installation. At a later time, running any of the individual batch files will still cause the logs to automatically pop up.
      • Continue on to the General Information section below.
    General Information for Vista and other Windows Users

    When all scans are finished running, the command prompt window will look something like the below snapshot depending on whether some of the last few logs being Zip'ed exist or not:

    GetLogs-Final.jpg

    Don't forget to attach the MGLogs.zip file to your message in the Malware Forum. (See: HOW TO: Attach Items To Your Post )

    At a later time to get new logs as requested, you can individually run any of the batch files by double clicking on them from a Windows Explorer window. Windows Explorer is easily opened by right clicking Start and selecting Explore. The batch file will create a new log and will also update the MGlogs.zip file with each new log created. The person helping you may either request the MGlogs.zip file or any of the individual log files created by the scans. If you rerun GetLogs.bat (which is the easiest thing to do), it will create new logs to be easely uploaded via the MGlogs.zip file.

    Notes: Possible Error Messages

    Error Message Type 1


    If any of your logs appears to be empty or semi-empty or if you get an error message similar to the below when running any of the three batch files and you are running Windows XP or Windows 2000, follow the steps further down that relate to your OS.
    To fix the above error message, choose the download below which is appropriate for your system and extract the files into the default folder which will be either C:\Windows\system32 or C:\Winnt\System32 depending on how you installed windows. Do not extract the below fix files to the MGTools folder as it will not help to fix the problem that way.
    • For Windows XP Pro: download and run XPproFix
    • For Windows XP Home: download and run XPHomeFix
    • For Windows 2000: download and run: W2KFix
    Another possible solution for Windows 2000 and 2003 systems is provided from Microsoft in the below link. The above fixes attempt to do at least part of this automatically:

    http://support.microsoft.com/kb/305521


    Error Message Type 2
    Error Message Type 3

    The below error message is not a problem and you could see none of these or a few of these. It just means a registry key we are checking for does not exist. The scan will continue after any of these occur.
    After attempting to fix Error Types 1 & 2, run batch file again and attach the log.

    Error Message Type 4

    If you receive a message similar to any of the below. It just means that you do not have the Microsoft .NET Framework software installed from Microsoft Update. You should install this as many .NET type applications require it. The processdll.exe program which is part of MGtools will not run without this software being installed. You don't have to install it but the output from processdll.exe can sometimes be critical in getting your malware removed. Just click any key or OK to continue and ignore the error. To fix it, install the .NET software.
    Also if you see a message like the below, it is again due to missing the Microsoft .Net Framework software. USERNAME will be the user account presently being used.

    could Not Find c:\Documents and Settings\USERNAME\Desktop\procdll.txt

    You can install the .NET Framework software from Microsoft by clicking the Download button in the below link and then running the dotnetfx.exe file once it is downloaded.

    http://www.microsoft.com/Downloads/details.aspx?FamilyId=262D25E3-F589-4842-8157-034D1E7CF3A3&displaylang=en

    Error Message Type 5

    If you see a popup message similar to the below (double click the thumbnail to enlarge), it also means you do not have the Microsoft .NET Framework software installed as stated in the Type 4 error message above.
    procdll-err.jpg
    Just click the OK button to continue and consider installing the .NET Framework software at a later time since it can be quite useful.
     
    Last edited: Mar 17, 2015
Thread Status:
Not open for further replies.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds