MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 03-28-10, 19:35
Pete22's Avatar
Pete22 Pete22 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 139
Thanks: 97
Thanked 3 Times in 3 Posts
Red face I've got malware

I was working on my computer and all my usb equipment stopped working. I thought it was a hardware issue. After I gave up trying to fix them, I opened my browser and it opened to an advertisement. So I decided to run SAS. It found a trojan Gen-SVC(fake)

I decided I better do the read me and run routine.

I updated ad ran MB. It found a bunch of stuff.

Before I went on I uninstalled avg and disabled my firewall and other monitors. I noticed my firewall has not been updating like it should have been.

I downloaded and ran combofix.

I then tried to go back to majorgeeks to get RR but could not. A message popped up and said that my firewall was stopping me from going to majorgeeks. However, this message did not look like the messages I get from my firewall. I checked and sure enough my firewall was not even running.

So I ran ccleaner and was then able to go to majorgeeks.

I downloaded and ran RR and MGTools.

I then tried to reinstall avg but it got two errors. I rebooted and ran it again and it did install.

I reinabled my firewall.

I then got several popups that wants to change my brower to IE and to change my home page.

So I ran ccleaner again.

Unfortunately, I am still getting the popups asking to change my browser to ie.

Thanks for helping me out.
Attached Files
File Type: log SUPERAntiSpyware Scan Log - 03-28-2010 - 14-28-04.log (591 Bytes, 2 views)
File Type: txt mbam-log-2010-03-28 (15-31-17).txt (1.3 KB, 2 views)
File Type: txt ComboFix.txt (21.9 KB, 1 views)
File Type: txt RRlog.txt (568 Bytes, 2 views)
Reply With Quote
Sponsored links
  #2  
Old 03-28-10, 19:37
Pete22's Avatar
Pete22 Pete22 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 139
Thanks: 97
Thanked 3 Times in 3 Posts
Smile Re: I've got malware

Here is my last log.


pete22
Attached Files
File Type: zip MGlogs.zip (116.7 KB, 1 views)
Reply With Quote
  #3  
Old 03-28-10, 19:57
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,450
Thanks: 62
Thanked 7,697 Times in 4,150 Posts
Default Re: I've got malware

You're logs are clean.

Quote:
Originally Posted by Pete22 View Post
I then got several popups that wants to change my brower to IE and to change my home page.

Unfortunately, I am still getting the popups asking to change my browser to ie.
Normal. After the cleaning process, some settings my be returned to Microsoft defaults out of necessity. You just need to setup your default brower as desired and tell it not to ask anymore.

Your USB problem may be missing drivers based on the below two lines seen in ComboFix:
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]



Since you are not having malware problems, it is time to do our final steps:
  1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
  2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /uninstall
      • Notes: The space between the combofix" and the /uninstall, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
  5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  6. Go to add/remove programs and uninstall HijackThis.
  7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
  8. After doing the above, you should work thru the below link:
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
The Following User Says Thank You to chaslang For This Useful Post:
Pete22 (03-28-10)
  #4  
Old 03-28-10, 21:25
Pete22's Avatar
Pete22 Pete22 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 139
Thanks: 97
Thanked 3 Times in 3 Posts
Smile Re: I've got malware

Wow Thanks Chaslang!!!!

Thats the fastest response I have ever got.

Many thanks for the info.

I will do what you say.
Also thanks for telling me that my usb is a driver issue, I will reinstall them.


Pete22

Last edited by Pete22; 03-28-10 at 21:32.. Reason: ,
Reply With Quote
  #5  
Old 03-28-10, 23:04
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,450
Thanks: 62
Thanked 7,697 Times in 4,150 Posts
Default Re: I've got malware

You're welcome.

Right now, we just happen to be pretty caught up on threads needing help which is why you were answered so quickly. It will not always be that way.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware Defender and System Security malware and trojans Pete22 Malware Removal 11 02-03-10 16:17
Very bad virus/malware situation ZLOB DNS hijacker, Malware BHO RichardHungwell Malware Removal 1 07-17-09 20:32
unable to run any anti-malware tools and also cant open any anit-malware related site kallam238 Malware Removal 6 01-21-09 15:07
Trying to follow malware removal procedure, but malware is preventing me? eagerinsight Malware Removal 4 12-12-08 01:17
PLZ HELP!!!!! TROJANS AND MALWARE TR/Vundo.Gen, TR/Click.HD, HEUR/Malware Female Body Investigator Malware Removal 5 06-24-08 01:06


All times are GMT -5. The time now is 05:41.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright © MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger