Hi there, question about a huge download

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by tierracorrazon, Oct 4, 2007.

  1. tierracorrazon

    tierracorrazon Private E-2

    Nice to find this site, it has been very helpful so far. I am in the process of doing this: http://forums.majorgeeks.com/showthread.php?t=35407 (the READ & RUN ME FIRST Malware removal guide) and I am in in step 4 trying to download counterspy. Is this correct? a 56MB file to use only once??? I am on a decrepit old phone line, running 21 to 24 Kbps so this thisn is going on 5 hours!

    Please tell me I'm not doing something wrong or tell me I am very soon because I'm only at 11%:p
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Yes that is the size of CounterSpy. I'll do you a favor while you do us one at the same time trying our new version of the READ ME.. Use the below new version of the READ ME which is much smaller and faster to run but it will still be slower for you than people with high speed connections.

    Read & RUN ME FIRST Before Asking for Support
     
  3. tierracorrazon

    tierracorrazon Private E-2

    Well I do thank you! My modem lost its connection soon after and I lost it anyway. I will inform the source for the older link that there has been a procedural update!
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I am the source of the old and the new. The new is not officially put on the main page yet because it is in a sort of beta state. It will be much less time consuming to run this new initial procedure. But based on what problems are detected in your logs, other scans may or may not need to be run.
     
  5. tierracorrazon

    tierracorrazon Private E-2

    I meant on another website, oops was that a gun-jump? I will edit that - should I remove the link or just note that it is a beta situation?

    While I'm here I was running the combofix.exe thingy (sorry) and it popped up an error message after stage 21 was completed. It was a box that said "windows - no disk" in the title bar and had a message in the box of "Exception processing message c00000013 parameters 75b6bf9c 4 75b6bf9c 75b6bf9c"
    with three buttons to choose from, "cancel", try again", and "continue" - none of which worked, nor did the little "x" in the upper right. I finally decided to close the combofix window and that made both go away. Where am I at now? - it changed my clock, but nothing else seems to be different.
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you saying another site it hot linking to our READ & RUN ME procedure?

    Shut down your antivirus program and any other protection software you may be running and try ComboFix again. I assume you are running it based on our cleaning procedures and are running it on a Windows version that supports it?
     
  7. tierracorrazon

    tierracorrazon Private E-2

    Um, as you may be able to tell, I am kind of a moron - I can follow directions ok, but I don't know what much of this stuff is or means. I am not sure what hot link actually means? here is where the discussion is (hope I'm not doing anything wrong): http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=242x16599

    yes I was following the new procedure you posted - for xp Step 2: Installing Tools and Running Scans

    I have avg and I am not sure how to shut it off - it scans daily in the morning, and the windows firewall is off. Could there be anything else? Does spybot s&d have something I need to shut down?

    Sorry to be so slow, I am also having a problem with my monitor - it is dying and has a very dark screen. Hope to replace it in the next week or so. In the meantime please have patience with me and I promise to read all the introductory info for this site when reading doesn't require highlighting everything! I thank you for your help so far.
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The only thing you are doing wrong is posting at that site while trying to work your problems here. We are the ones who can help you to remove any malware using our procedures. That is also why they referred you here. Also when the same person sent you here mentioned that a format is required (in answer to some one else's problem I think), he is totally wrong and is basing that decision on inadequate information. We rarely have to format a PC and usually when we do it is because the user tried to do things on their own and did something catostrophic to their system.

    You just right click on the icon in the System Tray and exit or close....etc.

    Are you using another firewall? You should try to keep your firewall enabled. It should not interfere with ComboFix. Later we will however tell you that you need a better firewall than the Windows firewall.

    What antiovirus program do you have installed?

    No!
     
  9. tierracorrazon

    tierracorrazon Private E-2

    format advice wasn't for me (I'm Kali at that site)
    I believe he posted the link to your "old" version because a lot of people were having some similar issues with malware. That is a politcal discussion site but there are some really great, patient folks in the computer forum there - they have helped me (and others) many times over the last few years - that is why I am here, because I trust their advice and it carries over to here. I would never start downloading all this stuff from some random google search for help.

    not using another firewall, - I read earlier here about alternatives and will get to that if I ever finish this clean-up.

    AVG is my antivirus program, unless I am using incorrect terminology again?

    thanks again for taking all this time with me. I am going to go to bed now, and I have to take care of some business in the morning, I hope to check back tomorrow afternoon and get back to this project.
    :zzz
     
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay I thought you were referring to AVG Antispyware which is part of the READ & RUN ME procedure earlier. I did not know you were referring to AVG Antivirus which is a separate program.

    If you continue to have problems getting ComboFix to run, just skip it and continue.
     
  11. tierracorrazon

    tierracorrazon Private E-2

    Hi, I am back. I'm going to continue with this cleaning, but apparently my ISP is having some kind of spaz today so I can't get my e-mail or access their website, but so far the rest of the fabulous 24Kbps connection seems to be functioning for now.

    I will probably just go ahead without waiting, but for my personal education, is there a shut off function for the regular AVG free antivirus program (thingy!) that I use? If, so how do I turn it off? Back to the project! Talk to you at my next problem.
     
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should not need to shutdown AVG Antivirus to run ComboFix so don't worry about it.
     
  13. tierracorrazon

    tierracorrazon Private E-2

    Hello! What a day - and you guys seemed to have gone down for a while yesterday. Probably because you were helping me - happens to everybody, heh heh.

    I think I finished and everything came out right. One small issue was the AVG antispy did not generate a log file. It did seem to catch a small batch of cookies and deleted them, but no log. I am pretty sure I set things as instructed, but maybe not.

    I will try to atach the combofix log and the zip file from MGTools. I think I am clean but will let you tell me for sure or not.

    Thanks again.
     

    Attached Files:

  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You have to create the log yourself as shown in the link give that tell you how to use AVG Antispyware ( Running AVG Anti-Spyware ).

    Your logs are clean, what exactly is the reason you came here for help. The only thing I notice thus far is that you need to update your Sun Java version. But note that the new version is about 14 MB in size. Uninstall the old J2SE Runtime Environment 5.0 Update 5 version first. And then download and install the new version from Sun Java Runtime Environment
     
  15. tierracorrazon

    tierracorrazon Private E-2

    I came here because I was paranoid. On Wednesday I got the first pop-up "thing" I had seen in years. I couldn't make it go away and went to the DU computer forum for help. I also found another site that had instructions to get rid of it. (the thread: http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=242x16587 )

    The next day one of the members there posted the link to the "old" version of your Malware removal guide. I decided to go through it and see if I had any other junk hiding away in my computer, got to that big download and started this thread.

    Your newer procedure was obviously easier for me due to the largest DL being only 11 MB as opposed to 56. I have a couple of questions that other inexperienced people might find usefull as well, if you were to add to the end of you instructions.

    If nothing is found in the logs and problems seem gone, do we still do the System Restore Toggle?

    Do we keep all these tools that were downloaded and if not, which to keep or dump and steps for removal would be helpful. (I had DLed getrunkey and shownew from the first procedure, but I think they were part of MGTools from the newer procedure???) Again I can follow directions (most of the time) but have limited understanding of what is actually happening.

    Do we return hidden files to hiding or leave them "exposed"?

    Anyway, this site is now bookmarked and I will certainly be recommending it. I thankyou yet again; this has been informative and a positive experience.

    :heart
     
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    LOL! A little paranoia can be good. It will keep you safe. ;)


    No and I have added this to the procedure now. Thanks for bringing this up. Note since you did have what sounds like a SmitFraud infection before you came here. You should toggle system restore.

    Some of this is covered in our normal final instructions which I will put below in a quote box. It will need to be updated when we go public with the new form of the READ ME because of the automatically created MGtools folder. There will also be another program added to the MGtools.exe file at some point that will be used to automatically cleanup much of the miscellanous stuff we may use to remove malware from your PC; however this will not be added until a later time when the new version of the READ ME is more mature. :) You should work thru the below steps in the quote box and add to it that you can delete the C:\MGtools folder and the C:\MGlogs.zip whenever you want.

    Not necessary and I really don't recommend it for the simple reason that doing so, gives malware the ability to easily hide from you. However, everyone has to decide for themselves what their preference is here, but mine is to make it harder for malware to hide from you. ;) There is a hide.reg file in the C:\MGtools folder that you can double click on and it will quickly rehide everything. There is also a unhide.reg file in that folder to unhide things. When you delete this folder, obviously those files will be gone. ;)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds