MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal > Malware Removal FAQ
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal FAQ testing


Closed Thread
 
Thread Tools Rate Thread Display Modes
  #1  
Old 09-12-07, 02:06
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,611
Thanks: 62
Thanked 7,750 Times in 4,190 Posts
Default Using MGtools

If you have not already downloaded MGtools, download it from here: MGtools and save to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading)


Important Update Note:
  • Recent bugs in many antivirus programs are detecting MGtools.exe as malware. Disable your antivirus program while you download and run MGtools if you have this problem. Rest assured that it is clean. Your AV is incorrect.
  • If disabling does not work or help then uninstall your antivirus program since it is getting in the way of cleaning up your PC from malware.
  • If you don't know how to disable your AV or other protection, see the below link:
Instructions for Vista & Windows 7 Users ( other users skip to Windows Users ):
  • Make sure that yo have already disabled User Account Control per the READ & RUN ME instructions and that you have rebooted after disabling UAC. Also keep UAC disabling until cleaning of your PC is finished.
  • Run the MGTools.exe program by right clicking on it and selecting Run As Administrator.
    • It will create a folder named MGTools in the root folder of the hard disk where Windows is installed ( typically C:\MGTools ).
    • It will also automatically extract a bunch of files into this folder.
    • It will try to automatically start running scripts to get logs.
      • If it runs okay, you will see a notice at the end telling you about the creation and location of the MGlogs.zip file and you should continue on to the General Information section below.
      • If it does not run okay, see the below Vista and Win 7 Debugging section
Vista and Win 7 Debugging - If MGtools did not run properly
  • Again it is extremely important that you have disabled your protection software and that you have already disabled UAC and rebooted. If you have not done this, it can be why MGtools is not running.
  • Right click Start and select Explore to open Windows Explorer
  • Navigate into the \MGTools folder just created in the root of your Windows boot drive.
  • If you have already disabled User Account Control per the READ & RUN ME instructions then you can skip this current bullet list item since you should have UAC disabled already. If you still need to disable UAC, locate the DisableUAC.reg file in the C:\MGtools folder and double click on it.
    • This registry patch is used to disable the User Account Control feature which would get in the way of running the tools
    • UAC will popup to say Windows needs your permission to continue. This is normal for editing the registry.
    • Click Continue and the OK to edit the registry to the message are you sure you want to continue
    • This will apply the registry patch to disable UAC
    • You will see a Security Center icon in System Tray alerting you to turn UAC back on. DO NOT do this now. You will enable it after completing malware removal on your PC.
    • Now you need to reboot your PC. You must Reboot now.
    • After reboot continue with the below steps.
  • Now locate the GetLogs.bat file in the MGTools folder and right click on it and select Run As Administrator this should begin the scan process.
  • This will sequentially run all the tools/scans that are part of MGtools. Each of these scans will create logs in the MGtools folder. You will notice a command prompt window open and messages will appear in this window. This window will close when the scans are complete.
  • You should close all other windows while running scans and avoid doing anything else so that scans will run faster and will not get interrupted.
  • You may see a popup window with a license agreement for TrendMicro HijackThis. Make sure you click the I Accept button.
    • You need to click it twice to get it to accept.
    • If you see HijackThis open and/or a log from HijackThis open in notepad, just close HijackThis and the notepad window.
  • While GetLogs.bat is running, logs will be created in the MGtools folder. You don't need to do anything with these file unless requested. The log files will also automatically be put into a ZIP file named MGlogs.zip
  • that will be created in the root folder of your Windows boot drive ( normally C:\MGlogs.zip ). This is the file that you will be uploading as an attachment to your message in the forum. Unlike older versions of the programs, no popups of the logs will appear when they finish running during this initial installation. At a later time, running any of the individual batch files will still cause the logs to automatically pop up.
  • After you are sure that the scans have run properly and the MGlogs.zip file has been created.
  • Continue on to the General Information section below.
Instructions for all other Windows Users:
  • run the MGTools.exe program by double clicking on it.
    • It will create a folder named MGTools in the root folder of the hard disk where Windows is installed ( typically C:\MGTools ).
    • It will also automatically extract a bunch of files into this folder.
    • It will the automatically start running three batch ( .bat files are batch programs ) programs in that folder.
    • This will sequentially run all the tools/scans that are part of MGtools. Each of these scans will create logs in the MGtools folder. You will notice a command prompt window open and messages will appear in this window. This window will close when the scans are complete.
    • You may see a popup window with a license agreement for TrendMicro HijackThis. Make sure you click the I Accept button. You need to click it twice to get it to accept.
    • If you see HijackThis open and/or a log from HijackThis open in notepad, just close HijackThis and the notepad window.
    • These log files while be placed in the root folder of your Windows drive. The log file will also automatically be put into a ZIP file named MGlogs.zip which you will be uploading as an attachment to your message in the forum. Unlike older versions of the programs, no popups of the logs will appear when they finish running during this initial installation. At a later time, running any of the individual batch files will still cause the logs to automatically pop up.
    • Continue on to the General Information section below.
General Information for Vista and other Windows Users

When all scans are finished running, the command prompt window will look something like the below snapshot depending on whether some of the last few logs being Zip'ed exist or not:

GetLogs-Final.jpg

Don't forget to attach the MGLogs.zip file to your message in the Malware Forum. (See: HOW TO: Attach Items To Your Post )

At a later time to get new logs as requested, you can individually run any of the batch files by double clicking on them from a Windows Explorer window. Windows Explorer is easily opened by right clicking Start and selecting Explore. The batch file will create a new log and will also update the MGlogs.zip file with each new log created. The person helping you may either request the MGlogs.zip file or any of the individual log files created by the scans. If you rerun GetLogs.bat (which is the easiest thing to do), it will create new logs to be easely uploaded via the MGlogs.zip file.

Notes: Possible Error Messages

Error Message Type 1


If any of your logs appears to be empty or semi-empty or if you get an error message similar to the below when running any of the three batch files and you are running Windows XP or Windows 2000, follow the steps further down that relate to your OS.
Quote:
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Window applications.
To fix the above error message, choose the download below which is appropriate for your system and extract the files into the default folder which will be either C:\Windows\system32 or C:\Winnt\System32 depending on how you installed windows. Do not extract the below fix files to the MGTools folder as it will not help to fix the problem that way.
  • For Windows XP Pro: download and run XPproFix
  • For Windows XP Home: download and run XPHomeFix
  • For Windows 2000: download and run: W2KFix
Another possible solution for Windows 2000 and 2003 systems is provided from Microsoft in the below link. The above fixes attempt to do at least part of this automatically:

http://support.microsoft.com/kb/305521



Error Message Type 2
Quote:
16 bit MS-DOS Subsystem
drive:\program path
XXXX. An installable Virtual Device Driver failed DLL initialization. Choose 'Close' to terminate the application.

-or-

16 bit MS-DOS Subsystem
drive:\program path
SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers. VDD. Virtual Device Driver format in the registry is invalid. Choose 'Close' to terminate the application.
Error Message Type 3

The below error message is not a problem and you could see none of these or a few of these. It just means a registry key we are checking for does not exist. The scan will continue after any of these occur.
Quote:
Error: The system was unable to find the specified registry key or value
After attempting to fix Error Types 1 & 2, run batch file again and attach the log.

Error Message Type 4

If you receive a message similar to any of the below. It just means that you do not have the Microsoft .NET Framework software installed from Microsoft Update. You should install this as many .NET type applications require it. The processdll.exe program which is part of MGtools will not run without this software being installed. You don't have to install it but the output from processdll.exe can sometimes be critical in getting your malware removed. Just click any key or OK to continue and ignore the error. To fix it, install the .NET software.
Quote:
The application failed to initialize properly (0xc000007b). Click on OK to terminate the application.

Process DLL.EXE - Application Error The application failed to initialize properly (0xc0000135) Click on any key to terminate.
Also if you see a message like the below, it is again due to missing the Microsoft .Net Framework software. USERNAME will be the user account presently being used.

could Not Find c:\Documents and Settings\USERNAME\Desktop\procdll.txt

You can install the .NET Framework software from Microsoft by clicking the Download button in the below link and then running the dotnetfx.exe file once it is downloaded.

http://www.microsoft.com/Downloads/details.aspx?FamilyId=262D25E3-F589-4842-8157-034D1E7CF3A3&displaylang=en

Error Message Type 5

If you see a popup message similar to the below (double click the thumbnail to enlarge), it also means you do not have the Microsoft .NET Framework software installed as stated in the Type 4 error message above.
procdll-err.jpg
Just click the OK button to continue and consider installing the .NET Framework software at a later time since it can be quite useful.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter

Last edited by chaslang; 06-27-13 at 23:25.. Reason: New links for fixes of Error Type 1
The Following 186 Users Say Thank You to chaslang For This Useful Post:
1i1paco (04-09-11), aamedic (10-24-08), abz1nthe (12-29-09), adamberg (12-14-08), agcity (10-08-08), agtef (03-20-09), ajones7874 (07-13-12), alexgow1 (04-22-14), allexram (02-14-09), Allis_Chalmers (01-11-09), anaka (01-17-09), AnvilForge (10-31-12), AV_Issues (03-29-09), barbrx (09-28-08), beckylousiana (08-05-08), bettnott (01-18-09), Blinx (01-08-10), boogieman (12-26-09), brittanybri (07-29-13), bugsy1275 (07-27-12), butterfly090965 (03-04-09), Chazmataz (12-03-08), chellow (01-16-09), chemalian (09-15-08), Colin13 (07-08-08), compnewbie (01-21-11), concre+e (01-02-09), ConfusedRock (02-08-12), Copy1 (05-05-10), copyman_5 (09-02-08), cpauszek (08-09-08), cshbonawitz (01-31-09), csraposo (03-08-09), cwjones (05-20-13), dakesi (07-20-08), darrenforster99 (07-29-08), deanpants (01-19-09), Deathtoyou (12-20-13), DeeEmmTee (05-01-10), dhillenb (09-01-13), dittosaur (02-19-09), docpaulo (10-31-08), dondd (12-31-08), dragonpete (07-17-08), DRUMMERBUM (09-16-08), d_spice (07-17-08), eddieeffg (09-07-09), edgolfer7 (09-07-08), edwata (09-29-11), Eire32 (08-27-08), erosarriving (04-06-11), esszeeeye (01-31-09), falloutf8s (12-29-08), fangy (12-22-09), Fedatlarge (10-07-08), Fernando Magallanes (06-06-09), fightinharbaughs (12-07-11), Fish Bonz (05-06-09), fubsy (10-18-08), gago (08-30-12), GandalfTG (08-19-08), gilligan_85032@yahoo.com (12-11-08), got money (12-26-08), Grumbles (03-08-09), Gwho (07-02-11), HardCorps (12-14-09), Himo (10-29-08), iamadam (12-28-08), Ibsen3 (06-11-09), infernalinferno (07-27-08), InvisionNole (01-10-09), jasong9800 (07-09-08), jellytots55 (11-20-09), jhutsonhart (12-30-08), jjmontalbo (10-25-08), Josr (01-02-09), jshr (07-30-10), juantuu (05-19-09), Kaddock (06-10-12), KarKar (05-31-10), katornus (05-30-12), KCEngineer (01-19-09), keeferj2 (06-29-08), Kenkita (08-22-13), kevgeez (04-21-10), Kiholo (01-04-11), Kintelligence (08-01-13), Lava (07-27-10), Lavender (08-22-10), lmaliski (11-16-08), lodza (03-26-09), LostraliaN (08-02-08), luminosity (03-05-13), lwhitneysmith (02-12-10), MadDogg80 (01-02-10), marisuca (10-13-09), martiting (11-09-08), mbfranchi (03-05-12), Meilee (04-23-14), Metalflame (12-27-09), Mezzerrick (07-23-08), Mitchle (02-06-13), mnolan202 (07-06-08), Moley (08-20-10), Morphvr6 (05-01-13), mpetro1 (09-11-13), mrdappa (05-12-10), munkeyboi (08-18-08), nanabell1225 (09-23-09), natelaw (03-31-09), naturalagent (01-06-09), newmy51 (03-30-10), nilmar (03-18-09), NO CLUE (05-29-10), oldsimp (12-30-11), ookiepoo (04-12-10), orhalimi (06-26-13), otarpilot (12-28-08), p45cal (01-18-11), PCBeatMe (06-20-09), peteschulte (05-17-09), PhilosophicalCat (04-24-10), pncc29 (03-02-09), popaye85 (07-16-12), popinmid (09-15-08), Puffbunny (10-24-12), Ramachandrea (09-20-08), Reester (10-28-09), rengaw (12-10-12), Retiredndakota (03-18-11), retro-man (09-04-10), Rich_Lovina (10-16-08), rickardlindkvist (10-23-08), RideOn88 (03-30-13), risingTide (05-14-10), rison146 (07-18-12), RJS (12-15-09), robc1776 (07-05-09), rockmegently77 (09-20-08), SafariHat (02-26-09), scrapper1115 (01-29-09), shelbot (04-13-14), Sherbet (02-27-11), shikedo (07-25-08), Shunsui (05-06-09), sight7 (06-22-09), skanuga (09-09-08), smileycrossbones (05-06-14), Snaketattoos (04-23-12), soem (01-31-10), SonicV.1 (08-14-08), spoonlamp (01-12-09), SScytrome (03-08-11), steve_wilson (02-05-09), synth3tk (02-06-09), tanyanorthey (03-08-09), Texan2000 (09-28-09), tferrari (09-27-10), thechaz (03-10-09), thorir (06-18-09), tigertom520 (12-05-09), top10nla (04-13-09), totalpkg (09-12-08), trents@teslus.net (06-11-09), trwittig (11-26-08), tsugaman (01-07-12), Tucquan (02-16-09), Turbine (08-16-12), ureritemate (10-25-08), vacat (09-05-13), vinoo (03-31-10), vlashka (12-19-08), WalksAlone74 (09-03-08), waterboy2 (01-23-12), weagle87 (12-12-08), whs8360 (04-01-12), wilkal82 (08-04-09), Will DOS (04-13-13), winepooh (09-13-08), Wrenchman (01-19-09), xtraboost360 (09-01-11), yazzie0 (05-27-13), yolkboy (02-19-10), zDeadly (03-19-10), zela (12-16-09), zero0 (10-10-09)
Sponsored links
Closed Thread

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 19:06.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger