MajorGeeks Support Forums IOBit Software

Go Back   MajorGeeks Support Forums > Majorgeeks.Com - Support Forums > Malware Removal
Reload this Page help with malware removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 09-22-09, 14:18
liggy liggy is offline
Private E-2
  
Join Date: Sep 2009
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default help with malware removal
Hey ..

I have a nasty malware virus on my computer .. usual situation .. making all anti virus prog. i.e hijackthis, spybot etc read only wont allow me to open and redirecting websites in google etc

my msn also keeps signing out after 10 seconds

attached is my log

any help appreciated

thanks
Attached Files
File Type: zip MGlogs.zip (205.2 KB, 2 views)
Reply With Quote
Sponsored links
  #2  
Old 09-27-09, 02:46
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
  
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 77,827
Thanks: 50
Thanked 6,742 Times in 3,518 Posts
Default Re: help with malware removal
Welcome to Major Geeks!

Quote:
Originally Posted by liggy View Post
usual situation .. making all anti virus prog. i.e hijackthis, spybot etc read only
Not true. HijackThis ran just fine as you can see inside the MGlogs.zip file you attached.

Why are you runningt with no protection installed?
Also what haven't you updated Vista to the current service packs? You don't even have SP1 and SP2 is already out.


First you must disable Spybot's Teatimer as requested in the READ & RUN ME. See this: How to disable Spybot's TeaTimer

Uninstall the below software:
Ask Toolbar
Java(TM) SE Runtime Environment 6

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [combofix] "C:\Windows\system32\CF16558.exe" /c "C:\ComboFix\C.bat"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PopRock] C:\Users\LIGGY\AppData\Local\Temp\a.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

After clicking Fix, exit HJT.

Now download The Avenger by Swandog46, and save it to your Desktop.
  • Extract avenger.exe from the Zip file and save it to your desktop
  • Run avenger.exe by double-clicking on it.
  • Do not change any check box options!!
  • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
Quote:
Drivers tp delete:
uacd.sys
gasfkyyhwmopdd.sys
gasfky
Files to delete:
C:\autorun.inf
C:\Windows\msa.exe
C:\Windows\msb.exe
C:\Windows\PFRO.log
C:\Windows\run.log
C:\Windows\win32k.sys
C:\Windows\system32\sdra64.exe
C:\Windows\System32\CF16558.exe
C:\Windows\System32\CF6794.exe
C:\Windows\System32\gasfkyaqsbmdva.dat
C:\Windows\System32\gasfkyvetpamqm.dll
C:\Windows\System32\gasfkytrpxspwv.dat
C:\Windows\System32\gasfkymhcqmbly.dll
C:\Windows\System32\gasfkyrnkbvujg.dll
C:\Windows\System32\drivers\gasfkyyhwmopdd.sys
C:\Windows\System32\drivers\UACd.sys
C:\Users\LIGGY\AppData\Local\Temp\a.dat
C:\Users\LIGGY\AppData\Local\Temp\a.exe
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

Folders to delete:
C:\ComboFix
C:\Windows\System32\lowsec

Files to move:
C:\MGtools\temp\VSP1\cngaudit.dllmg|C:\Windows\System32\cngaudit.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent DNA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
  • Now click the Execute button.
  • Click Yes to the prompt to confirm you want to execute.
  • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
  • Your PC should reboot, if not, reboot it yourself.
  • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\Users\LIGGY\AppData\Local\Temp


Now run Win32kDiag:
  • Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
  • Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log
C:\win32kdiag.exe -f -r

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Then attach the below logs:
  • C:\avenger.txt
  • Win32kDiag.txt on your Desktop
  • C:\MGlogs.zip
Make sure you tell me how things are working now!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
malware halps/malware removal not running missin Malware Removal 2 07-12-09 13:31
STOP 24 after removing malware and malware removal apps. hankyknot Hardware 0 02-19-09 09:21
Trying to follow malware removal procedure, but malware is preventing me? eagerinsight Malware Removal 4 12-12-08 01:17
Malware - Exists after running MalWare Removal DebFisher Malware Removal 2 10-08-08 15:26
Malware problem not fixed with Malware Removal instructions aagarwal584 Malware Removal 9 12-27-07 01:19


All times are GMT -5. The time now is 04:25.

Contact Us - MajorGeeks - Archive - Top

MajorGeeks.Com Home Page
| Admin Tools | All In One | Anti-Spyware | Anti-Virus | Appearance | Backup | Benchmarking | BIOS | Browsers | Covert Ops |
Data Recovery | Diagnostics | Drive Cleaners | Drive Utilities | Drivers | Driver Tools Ergonomics | Firewalls | Games | Game Tweaks | Graphics | Input Devices | Internet Tools | Macintosh | Mail Utilities | Memory | Messaging | Monitoring | Microsoft | Multimedia | Networking | Office Tools | Process Management | Processor | Registry | Security | System Info | Toys | Video | Miscellaneous|

-->
Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger