c: \windows\system32\gzmrotate.dll

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by baringer3, Oct 4, 2007.

  1. baringer3

    baringer3 Private E-2

    Does anyone have a removal solution for getting rid of this adware?
    c: \windows\system32\gzmrotate.dll
    Thanks
     
    baringer3, Oct 4, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This infection adds keys to your registry to load at start up. If you have this infection, you could have other problems too. It would be best if you follow the below procedure.

    Read & RUN ME FIRST Before Asking for Support - New Version!!!!

    Then attach the requested logs when you complete these steps.
     
    chaslang, Oct 4, 2007
    #2
  3. baringer3

    baringer3 Private E-2

    Thanks chaslang,
    I did everything in the "Read & RUN ME FIRST Before Asking for Support" but had problems with the running " MGTools " in Vista OS.
    Problems started at " DisableUAC.reg " When I double clicked on the file, kept getting Message: Windows needs your permission to continue. If you started this action continue. Registry Editor.
    I kept ckicking continue until it was finished, but don't think it ran through all the subsecqent files.
    Also, I can't find the " MGlogs.zip" file. Another reason I don't think it installed correctly.
    Thanks for all your Help!
     
    baringer3, Oct 5, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What about the logs from ComboFix and AVG Antispyware?

    After running the MGtools.exe file you needed to double click on the DisableUAC.reg file and then you need to double click on the GetLogs.bat file to run the scans and create the MGlogs.zip file. See the instructions again.
     
    chaslang, Oct 6, 2007
    #4
  5. baringer3

    baringer3 Private E-2

    This is the report from the AVG AS:
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 1:21:12 PM 10/5/2007

    + Scan result:



    C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Cookies\butch@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Cookies\butch@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Cookies\butch@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Cookies\butch@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.


    ::Report end

    and ComboFix is attached.

    I did double click on the DisableUAC.reg file and the GetLogs.bat file but still didn't seem to go through. I'll try running it again.
    Thanks again!
     

    Attached Files:

    baringer3, Oct 6, 2007
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please remember that all logs should be posted as attachments.

    Please explain exactly what happens.
    • Do you see a command prompt window open and a messages printed in this window?
    • What is the last message you see in this window?
    • Does a HijackThis log popup and does HijackThis open?
    Look in Add/Remove Programs for Adssite Advanced Toolbar and uninstall if found.


    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Now boot into safe mode and use Windows Explorer to delete the below:
    C:\Program Files\Adssite Advanced Toolbar <-- the whole folder
    C:\Windows\System32\rightonadz-uninst.exe
    C:\Windows\System32\gzmrotate.dll
     
    chaslang, Oct 6, 2007
    #6
  7. baringer3

    baringer3 Private E-2

    Thanks chaslang! That did it, no more gzmrotate.dll
     
    baringer3, Oct 6, 2007
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Make sure you follow the last steps from the READ ME :
     
    chaslang, Oct 6, 2007
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds