virus/adware/malware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by 48lowes, Feb 13, 2015.

  1. 48lowes

    48lowes Private E-2

    I hope I'm doing this right if not someone please direct me. I've had virus's before and this machine has one, but it's like none I've seen.
    I started scanning a friends computer as directed malware removal instructions.
    ccleaner didn't finish
    rogue killer ran and i just docked it
    malwarebytes ran for 6 1/2 hours found like 44 instances

    rogue killer and the malwarebytes have just disappeared I can't locate rlreport[1].txt
    but I did manage to copy and paste malwarebytes report into a word document
    Norton AV just came up with SAPE.Downware.e7 I figured it was time to ask for some further direction
    thanks
     
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I can only help you if you attach the requested logs.
     
  3. 48lowes

    48lowes Private E-2

    READ & RUN ME FIRST Malware Removal Guide seems to tell me to ask for assistance before proceeding. Shall I start over on the procedure? Rogue Killer never gave me a log
    Malwarebytes took 6.5 hs. and no log. If I'm in the wrong forum please tell me what I should do and where?
    thank you for your time and efforts
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Do the Read and Run First instructions and attach what logs you can get. I especially need the log from running MGTools.exe.
     
  5. 48lowes

    48lowes Private E-2

    I'll start running the scans again tonight
     
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I will be here when you are ready.
     
  7. 48lowes

    48lowes Private E-2

    Default Using Malwarebytes Anti-Malware
    04-21-2014 : See new procedure above by Kestrel13!
    Last edited by chaslang; 04-21-14 at 15:12.. Reason: New version of MBAM

    I cannot find any new procedure, maybe a broken link? I did search for it etc.
     
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Just run it and when done, save it to a txt file. Then attach it along with the rest of the requested logs.
     
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    http://forums.majorgeeks.com/showthread.php?t=154672
     
  10. 48lowes

    48lowes Private E-2

    got thanks
     
  11. 48lowes

    48lowes Private E-2

    problems after running the scans
    Internet explorer not responding. Chrome is slow but works. Intuit sync manager stopped working popup 10? minutes after startup. This is a friends machine so I don't know when things started, norton antivirus from comcast has been running but am unsure when it was installed. This machine has had little to no maintenance since purchase approx. 5 yrs. ago, given to me when nothing productive could be done. When I first got the machine it was a battle getting anything to run, close a program and it would still be in processes menu of task manager.

    CCleaner-wouldn't run
    malwarebytes-ran 2x 1st found 12 malicious items 44 non malware items
    I uploaded scan #2
    MG tools- wouldn't run
     

    Attached Files:

  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun RogueKiller and have it fix these items:
    Code:
    ¤¤¤ Registry : 10 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D} -> Found
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.coupons.com/  -> Found
    [Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-1249420082-2847667958-3436259562-1001\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found
    Rerun RogueKiller and attach the new log after doing the following.


    Download OTM by Old Timer and save it to your Desktop.


    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Paste the following code under the [​IMG] area. Do not include the word Code.


    Code:
    :Processes
    explorer.exe
    
    :files
    C:\Users\jm\AppData\Local\Temp\*.*
    
    :Commands
    [purity]
    [ResetHosts]
    [emptytemp]
    [start explorer]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

    Please download the latest version of FRST the below link.
    Farbar Recovery Scan Tool and save it to your Desktop.


    Note: Make sure you download the proper version ( 32 bit or 64 bit ) for your PC. Only one will run, the correct one. So it you make a mistake and download the wrong one, go back and get the other.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
     
  13. 48lowes

    48lowes Private E-2

    did everything up to
    Now navigate to the C:\_OTM\MovedFiles folder
    I didn't find any log so I figured maybe I had to close OTM, now that won't close. I can try to force a restart but figured I'd see what you think.
     
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Force a restart and then get me a new RogueKiller log.
     
  15. 48lowes

    48lowes Private E-2

    User: jm
     

    Attached Files:

    Last edited by a moderator: Feb 16, 2015
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please do not post logs inline!

    Ok, looks much better. Let's just do this:

    Save fixlist.txt to your flash drive.

    • You should now have both fixlist.txt and FRST.exe on your flash drive.

    Now reboot back into the System Recovery Options as you did previously.
    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt).
    Please attach this to your next message. (See how to attach)

    Then tell me how things are running so I can give you the final clean up.
     

    Attached Files:

  17. 48lowes

    48lowes Private E-2

    Not to belabor the point as your instructions are pretty darn good. When I saw how large this OTM cut and past was, I made a .txt file and tried to attach it, this .txt was to large to upload. I can only imagine dealing with the general public and various levels of computer knowledge, you handle it well. I should have and will in the future ask your advice in such maters. Sorry.

    Copy everything in the Results window (under the green bar), and paste it in your next reply.
    Which brings me to the current situation.

    Save fixlist.txt to your flash drive.

    Are we talking about the fixlist.txt file on my machine? Or the one attached to your post?

    Now reboot back into the System Recovery Options as you did previously.
    Please elaborate, I may have been in the Sys .Recovery options but am unaware when or how.

    Thanks for burning the midnight oil (time stamp post #16, 23:45).
     
  18. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sorry for the confusion;
    Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

    • You should now have both fixlist.txt and FRST64.exe on your Desktop.
    • Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
    • Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
    • Click the Fix button just once and wait.
    • Your computer should reboot after the fix runs.
    • Reconnect your internet connection after reboot so you can come back here to continue.
    • The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

      Use the Fixlist from my previous post.
     
  19. 48lowes

    48lowes Private E-2

    I used the fixlog.txt from the desktop, I hope it works, if not please advise.
     

    Attached Files:

  20. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    OK, that looks good. Are there any issues remaining?
     
  21. 48lowes

    48lowes Private E-2

    There's quite a few things I don't consider normal, maybe not related to malware. I'm going to do some playing around with it and then I'll be able to tell you exactly what is happening. Probably a day or two.
    many thanks
     
  22. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    That's fine. I will be here. ;)
     
  23. 48lowes

    48lowes Private E-2

    I think the malware issues are history. This machine was still buggy as all get out. I aggressively deleted as many programs as I dared, stopped all apps. from auto upgrade, running on startup, and anything else I thought of. Now besides minor software glitches my only problem seems to be internet explorer, it is trashed. I tried three methods of restoration without success. Any suggestions on internet explorer? I'm thinking windows install disk.

    Thank You for your efforts and generosity.
     
  24. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Are you having issues with other browsers?

    Try this ( Be aware it takes a long time to run....so go do something else while it runs ):

    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

    • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
    • Now select the Start Repairs tab.
    • The click the Start button.
    • Create a System Restore point if prompted.
    • On the next screen, click the Unselect All button to first deselect all repairs.
    • Now select the following repair options:
      • Reset Registry Permissions
      • Reset File Permissions
      • Register System Files
      • Repair WMI
      • Repair Windows Firewall
      • Remove Policies Set By Infections
      • Repair Winsock & DNS Cache
      • Repair Proxy Settings
      • Repair Windows Updates
      • Set Windows Services To Default Startup

    • Now on the lower right side check the box to Restart/Shutdown System When Finished
    • Then make sure the Restart System radio button is enabled.
    • Shutdown any other programs that you are running now before continuing.
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • It should reboot automatically when finished.
     
  25. 48lowes

    48lowes Private E-2

    Are you having issues with other browsers?
    I loaded firefox and it's working great. I'll try your suggestions and get back to you when finished
    Be aware it takes a long time to run....so go do something else while it runs
    hey it took hitman pro 20hrs to scan, so I'll hang in there till explorer works.
     
  26. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let me know what happens.
     
  27. 48lowes

    48lowes Private E-2

    I've run Windows Repair two times. The 1st time I let it run for 13 hrs or so, it stalled at repair job 2/10. Trying to figure out what was going on, I managed to open a 2nd windows repair. Everything takes extremely long to process and while trying to stop the 2nd instance of windows repair I shut down the 1st stalled windows repair. I then started windows repair and it seemed to start off where it stalled at job 2/10 and ran to completion. Explorer still didn't work so I ran windows repair again. It has now been running for 24hrs + and again stalled at job 2/10. Win repair is still running and still stalled, the program warns of shutting the repair down while processing but it seems I have no alternative.
     
  28. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It sounds like you are having system issues. I suggest you post in the software forum for further assistance as this is not a malware issue.
     
  29. 48lowes

    48lowes Private E-2

    I appreciate you're help the majority of the issues are fixed.
    thanks again
     
  30. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
  31. 48lowes

    48lowes Private E-2

    TimW
    A job well done my man. My thanks again, again.
    I was still screwing around trying to fix win ie when I get an update message from windows, "Internet explorer ver. 8 security bla bla bla.
    I went ahead and did the update then went to try their fix. The IE Icon on the desktop and the one in the start menu had diapered. So I went to start IE 11 via. the .exe file, Gone no .exe file! After all these years, my trying to eliminate IE, Microsoft did the job for me! thanks bill

    I gave the laptop we were working on back to my friend, all is well. Now it's off to work on my wife's machine.

    case closed
    thank you
     
  32. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You're welcome. Safe surfing. :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds