I can't install antivirus software

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Xionga, Dec 26, 2013.

  1. Xionga

    Xionga Private E-2

    Dear Wonderful and Wise Geek people,

    I'm running Windows 7 32 bit on a little Asus laptop.

    How the mess started: I couldn't update Avira or even turn it on. I uninstalled it, tried to install a new version. Uninstalled that and tried to install Avast several times. Ran a full scan with Malwarebytes. Also cleaned the registry with Glary Utilities; it found lots of PuP things. But still unable to install any antivirus software. So here I am with no antivirus protection whatsoever. :cry

    I think I acquired this problem when downloading a Skype recording utility from Softonic. I see that Softonic turns up in some of the scans but so does the Orbit downloader.

    So then I found Majorgeeks. I followed all your instructions, including with CC Cleaner. I think I may have cleaned out all the malware by now but I believe it was HitmanPro that identified something new and nasty called Rocket something, seemingly different from malware.

    In the case of Roguekiller, no report or log was produced. Pressing "report" just produced a blank Notebook page. There were about a half dozen of the Pup items found in the registry, so I deleted them.

    As I said,I has already done a thorough cleaning with Malwarebytes so, as you can see, the quick scan log turns up clean but I am also attaching the one from my earlier cleaning.

    Attached TDDSkiller log,Hitmanpro log and MGtools log

    Any advice much appreciated. I'm not particularly geekish but in the past I have had rootkit problems and I figured out how to go into the registry to fix them.

    Season's greetings!
     

    Attached Files:

    Xionga, Dec 26, 2013
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there and welcome. :)

    Did you knowingly install Orbitdownloader?
    Also did you purposely install WinPcap 4.1.3?

    Re run Hitman and have it delete Potential Unwanted Programs.


    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.

    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.
    Code:
    :Processes
explorer.exe

:files
C:\Users\User\AppData\Local\genienext
C:\Users\User\AppData\Local\Mobogenie
C:\Program Files\Mobogenie
C:\Program Files\outobox
C:\Windows\System32\ab342~1 

:Commands
[emptytemp]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.



    You said you ran ccleaner, but there are chunks of temp files that could go. Re run it again (not the reg scanner - just the cleaner itself)


    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
     
    Kestrel13!, Dec 26, 2013
    #2
  3. Xionga

    Xionga Private E-2

    Thanks for your precise instructions. I think I followed every instruction exactly and have attached the logs. :)

    Yeah, I'm embarrassed about the WinPCap. When I saw your mention, I thought of un-installing it but then thought better of if. I have had Orbitdownloader for a long time but another program, besides WinPCap, that looks suspicious is Microsoft Visual C++ 2010 x86 redistributable 10.0.40219.

    I should have mentioned this in my initial post when I brought up the Softonic download as a cause of this whole mess. I must have gone too swiftly through the download process at that time because I ended up with a default tab with a strange search engine. Well, I have had those before, so I immediately went to programs and uninstalled the suspicious programs.

    There were a lot this time, though. Besides blah blah search, one of those was mobogenie that I now see advertised at the top of this page (maybe it was a similar name.). Another one was YouCam. That Microsoft Visual C thing with an Un-MS-looking logo had turned up when I unintentionally installed a previous annoying default search engine, so I uninstalled that as well as WinPCap ... but then when I did a quick check online, those two seemed legit (I must have reached a malware makers' sites?) and the installation dates were many months back ... so I actually did a restore and installed them! Should I uninstall both of them now if they still remain?

    I can't believe how many hours I have devoted to this already. I promise never to download any software again. At least not from Softonic.
     

    Attached Files:

    Xionga, Dec 26, 2013
    #3
  4. Xionga

    Xionga Private E-2

    Whoops. I didn't follow the instructions precisely. I forgot to run Hitmanpro and eliminate PUPs. I just did and it found two: that mysterious orbitdownloader.exe (malware) and mobogenie (not malware but "Rocketfuel"). Maybe this "orbitdownloader" thing is just trying to emulate the real Orbit downloader, which I think always just goes by "Orbit" and is still in my system tray and seems to be working.

    Thanks again.
     
    Xionga, Dec 26, 2013
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there. :)

    You did not attach the requested MGlogs.zip, you attached one, single file from the zip.
     
    Kestrel13!, Dec 27, 2013
    #5
  6. Xionga

    Xionga Private E-2

    Oops. I think this is the right one.
     

    Attached Files:

    Xionga, Dec 27, 2013
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Only if you do not use them.

    Can you see these folders? If so delete them. :)

    • C:\Users\User\AppData\Local\Mobogenie
    • C:\Users\User\Documents\Mobogenie
    • C:\Program Files\Mobogenie

    You need to run Ccleaner, not the reg scanner, just the cleaner itself to be rid of a bunch of temp files. (Did you run it?? I asked you a couple of times)
     
    Kestrel13!, Dec 27, 2013
    #7
  8. Xionga

    Xionga Private E-2

    OK, K. I removed the remaining traces of mobogenie.

    Yes, I used CC cleaner both times (not the registry cleaner). The main idea is to clean out temp files and other junk, correct? So I didn't let it clean cookies and saved passwords.

    From what I have read on MS and other legit sites, the Microsoft Visual C++ thing listed in the programs can be good or bad--something that helps process/operate a program. Might be a good program, might be a bad one. Well, I can take it out and if there is an ill effect, install it again.
     
    Xionga, Dec 27, 2013
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Dec 27, 2013
    #9
  10. Xionga

    Xionga Private E-2

    OK, then. I'll leave it alone but can remove WinPcap?
     
    Xionga, Dec 27, 2013
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is also a legit program; however it could be used for malicious purposes. Based on your logs, it appears that it was installed when you installed Orbit Downloader because Orbit requires WinPcap
     
    chaslang, Dec 27, 2013
    #11
  12. Xionga

    Xionga Private E-2

    I don't think Orbitdownloader is the real Orbit downloader, though. When Hitman turned it up as a PUP, I removed it but I still have Orbit in my system tray.

    Hmm I have folders called both Orbit and Orbitdownloader, both of them full of stuff--every program, it looks like.

    Orbitdm.exe must be the legit program.:confused
     
    Xionga, Dec 27, 2013
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It's legit. It just may be a Potentially Unwanted Program which is why Hitman is warning you. You are the one who has to decide if you want to use the program that you installed. When a person has not knowingly decide to install a program, the logical choice would be to remove it.
     
    chaslang, Dec 27, 2013
    #13
  14. Xionga

    Xionga Private E-2

    So I'm OK now? I should be able to install antivirus software?:confused
     
    Xionga, Dec 29, 2013
    #14
  15. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes, please do try and let us know how you get on.
     
    Kestrel13!, Dec 29, 2013
    #15
  16. Xionga

    Xionga Private E-2

    Thanks! It's all sparkling clean now and I'm going to try extra hard to keep it that way.

    Avira wouldn't install but Avast did and it has some nice extra little features.

    Happy new year!:wave
     
    Xionga, Dec 31, 2013
    #16
  17. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Happy New Year to you too! :)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

    7. After doing the above, you should work thru the below link:
     
    Kestrel13!, Dec 31, 2013
    #17

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds