MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 09-09-10, 06:40
SweetLD215 SweetLD215 is offline
Private E-2
 
Join Date: Sep 2010
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default JS:FakeWarn-E [Trj], please, please help!

Hello,

I am not sure what I did, but I got something called JS:FakeWarn-E [Trj], and I cannot do anything except use Mozilla. I tried clicking internet explorer and every website generates a windows security alert with a green shield at the bottom of the screen. I tried to run Ad-Aware, but can't. I tried to run Hi-Jack this, but can't. It'll pop up for a short second, then disappear, and give me an error alert. I can't even run regular applications like paint shop pro, Microsoft Word, etc. I'm assuming you need a HijackThis log or something of the sort, but I have no idea what to run since nothing works. Please help! I truly need a functioning computer since I have an online class to attend.
Reply With Quote
Sponsored links
  #2  
Old 09-09-10, 08:55
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 27,088
Thanks: 686
Thanked 3,325 Times in 3,253 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

Quote:
I cannot do anything except use Mozilla.
Now run this:
Using ESET's Online Scanner
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #3  
Old 09-09-10, 17:25
SweetLD215 SweetLD215 is offline
Private E-2
 
Join Date: Sep 2010
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

Hi there. I went to that site, but it wants me to download ESET Smart Installer. I am able to download it but when I try to install, the computer thinks it is another security threat and kicks me out of the install.

Is there anything else I can run online using Mozilla that doesn't need an install?

I can't even do a system restore because it reads that as a security threat too.
Reply With Quote
  #4  
Old 09-09-10, 17:29
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 45,924
Thanks: 400
Thanked 4,450 Times in 4,226 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

Try to do as much of this as you can. You may need to do most of it in safe mode:
READ & RUN ME FIRST. Malware Removal Guide
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #5  
Old 09-09-10, 20:01
SweetLD215 SweetLD215 is offline
Private E-2
 
Join Date: Sep 2010
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

Safe mode was great! I was able to do a bunch of things.

- I went through the add/remove programs and was able to remove the Viewpoint Media Player.

- Then went to the java step and here is what I got...
Computer will not uninstall either of the following:
Java(TM) 6 Update 15
Java (TM) SE Runtime Environment 6
The error message says:
"The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance."
I also cannot install the latest version in safe mode which is the only way I would be able to install at the moment.

-I ran CCleaner

- I don't have Norton Antivirus but do have Avast; however, it doesn't work even in safemode. I think Avast may have a virus? I don't know if that's possible but it was just generating errors saying it couldn't run because of a virus.

-I have Windows Vista
Running on 32 bit Operating System
Intel Core 2 Duo CPU E6550 @ 2.33 GHz (if any of that is helpful)

-I made sure MSconfig is in normal setup mode.

-I clicked the link and went through the list. I didn't see any of those items listed in my add/remove programs

-I ran the Defogger program and it worked

-I downloaded the Vista Cleaning products
For Malewarebytes, I tried to find where to rename it from mbam-setup.exe to mb.exe, but I could not find that option.
I got combofix.exe downloaded but it says that Avast is intereferring with it because Avast is still running. I checked and don't see anywhere that Avast is running. I even checked the task manager applications and processes and did not find it.
RootRepeal gave me this error: "Error - FOPS DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x00000 100)" But it looks like it is working anyways.

-Disabled User Account Control

I ran SUPERAntiSpyware but I don't see a log saved to attach. It did find issues and I followed the instructions on the forum to get rid of everything though.

I ran Malwarebytes and attached the results.

I ran HijackThis and attached the results

I have a zipfile of MGlog and attached that as well.


I couldn't run the RootRepeal. I got this error
DeviceIoControl Error! Error Code = 0x0

The security error doesn't keep popping up, but Internet Explorer does not seem to work. It will only direct me to the mypoints search page. I can't go to google or any other page. Even if I type the web address in directly, it simply diverts me back to my mypoints search page.
Also, should I get rid of Avast?
Attached Files
File Type: log hijackthis.log (8.1 KB, 1 views)
File Type: txt MBlog.txt (3.2 KB, 2 views)
File Type: zip MGlogs.zip (198.3 KB, 2 views)
Reply With Quote
Sponsored links
  #6  
Old 09-10-10, 08:30
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 27,088
Thanks: 686
Thanked 3,325 Times in 3,253 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

Try and complete my instructions in normal mode from now on if possible.

Uninstall the below outdated java:
  • Java(TM) 6 Update 15
  • Java(TM) SE Runtime Environment 6

Mirar <--- uninstall this crap.

Mozilla Firefox (3.0.19) <--- Update this!

If you did not deliberately set this proxy yourself then please include it in the HJT fix below:

Quote:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

Quote:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
O4 - HKCU\..\Run: [ovchavqv] C:\Users\New Account\AppData\Local\xyatrbsfy\kjousffuqiw.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
After clicking Fix exit HJT.

Now download The Avenger by Swandog469, and save it to your Desktop.
  • Extract avenger.exe from the Zip file and save it to your desktop
  • Run avenger.exe by double-clicking on it.
  • Do not change any check box options!!
  • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
Quote:
Files to delete:
C:\Users\New Account\AppData\Local\Temp\0c765250-ba05-4a6e-a8e2-3dc1bb05004d.dmp
C:\Users\New Account\AppData\Local\Temp\a.dat
C:\Users\New Account\AppData\Local\Temp\Cab7CB2.tmp
C:\Users\New Account\AppData\Local\Temp\Ebb.exe
C:\Users\New Account\AppData\Local\Temp\ebc.exe
C:\Users\New Account\AppData\Local\Temp\Ebd.exe
C:\Users\New Account\AppData\Local\Temp\Ebe.exe
C:\Users\New Account\AppData\Local\Temp\google.exe
C:\Users\New Account\AppData\Local\Temp\MAR50CD.tmp
C:\Users\New Account\AppData\Local\Temp\MAR5199.tmp
C:\Users\New Account\AppData\Local\Temp\MAR9D38.tmp
C:\Users\New Account\AppData\Local\Temp\MARA006.tmp
C:\Users\New Account\AppData\Local\Temp\MARD93E.tmp
C:\Users\New Account\AppData\Local\Temp\MARDA19.tmp
C:\Users\New Account\AppData\Local\Temp\MARE243.tmp
C:\Users\New Account\AppData\Local\Temp\MARE38B.tmp
C:\Users\New Account\AppData\Local\Temp\nssAF86.tmp
C:\Users\New Account\AppData\Local\Temp\STS77BF.tmp
C:\Users\New Account\AppData\Local\Temp\STSFF07.tmp
C:\Users\New Account\AppData\Local\Temp\Tar7CB3.tmp
C:\Users\New Account\AppData\Local\Temp\tmp2wwnt2
C:\Users\New Account\AppData\Local\Temp\tmpklylqz
C:\Users\New Account\AppData\Local\Temp\tmpq4nhxh
C:\Users\New Account\AppData\Local\Temp\tmpwqnrd3
C:\Users\New Account\AppData\Local\Temp\_iu14D2N.tmp
C:\Users\New Account\AppData\Local\Temp\_PR79CB.tmp
C:\Users\New Account\AppData\Local\Temp\_PR9516.tmp
C:\Users\New Account\AppData\Local\Temp\_PRE41E.tmp
C:\Users\New Account\AppData\Local\xyatrbsfy\kjousffuqiw.exe

Folders to delete:
C:\Users\New Account\AppData\Local\xyatrbsfy
C:\Program Files\Gamevance
C:\Program Files\Viewpoint

Registry values to delete:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ovchavqv

Registry keys to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer
  • Now click the Execute button.
  • Click Yes to the prompt to confirm you want to execute.
  • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
  • Your PC should reboot, if not, reboot it yourself.
  • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Reboot your machine and install the most current and up to date version of Java available here at the below link:

Java Runtime 6

Now I would like for you to run a FRESH version of ComboFix, the one you have on your desktop is outdated.

Download the new version, let it overwrite the old, and run it as per the instructions in the Read and Run Me First.

Rescan with SUPERantispyware and attach the log regardless of whether it found anything or not.

Run CCleaner.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.


Tell me how things are running?
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following User Says Thank You to Kestrel13! For This Useful Post:
SweetLD215 (09-11-10)
  #7  
Old 09-11-10, 15:07
SweetLD215 SweetLD215 is offline
Private E-2
 
Join Date: Sep 2010
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

I was able to uninstall both Javas once in regular mode.
I can't get Mirar to uninstall by using the Add/Remove program feature in the Control Panel. Is there any other way to get rid of it?

I updated Firefox, and at first, it would not work due to some issue with the proxy settings. I went to Tools, Network, Connection settings, and switched for "use proxy settings" to "Auto detect proxy settings for this network" and that got it to connect to the internet. Hopefully that's alright.

I've attached log files for ComboFix, Avenger, MGlogs, and SuperAnti Spyware

The computer seems to be doing really well. Internet Explorer even works! =) You are amazing!

I do have a question - should I get rid of Avast or is it a good program?
Attached Files
File Type: zip MGlogs.zip (215.4 KB, 2 views)
File Type: txt avenger.txt (894 Bytes, 2 views)
File Type: txt combofixlog.txt (17.3 KB, 1 views)
File Type: log SUPERAntiSpyware Scan Log - 09-11-2010 - 14-03-36.log (465 Bytes, 1 views)
Reply With Quote
  #8  
Old 09-12-10, 19:13
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 27,088
Thanks: 686
Thanked 3,325 Times in 3,253 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

Apologies for the slight delay in a response, very busy weekend at work.

Quote:
I can't get Mirar to uninstall by using the Add/Remove program feature in the Control Panel. Is there any other way to get rid of it?
Yes, try using Your Uninstaller!

Quote:
I do have a question - should I get rid of Avast or is it a good program?
You mentioned:
Quote:
I don't have Norton Antivirus but do have Avast; however, it doesn't work even in safemode. I think Avast may have a virus? I don't know if that's possible but it was just generating errors saying it couldn't run because of a virus.
Is this still the case? You could always uninstall and re-install to be on the safe side. Actually, looking at your logs you are using an outdated version of avast anyway. Avast 5 is the latest. So uninstall it, then carry out my instructions, and only reinstall after we are finished.

Before we continue I need for you to get combofix.exe directly onto your desktop and NOT in the below location:
Quote:
c:\users\New Account\Downloads\ComboFix.exe
Now we need to use ComboFix
  • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    • If it is not on your Desktop, the below will not work.
  • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
  • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
  • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
Code:
KILLALL::

Driver::
ASKService
ASKUpgrade
Viewpoint Manager Service
WPRO_40_1340

File::
c:\windows\system32\drivers\WPRO_40_1340.sys
c:\windows\TEMP\TMP000000A9AC736B62FEDE478B
c:\windows\system32\WPRO_40_1340woem.tmp

Folder::
c:\program files\AskBarDis
c:\program files\Viewpoint
C:\Users\New Account\AppData\Local\Temp\FCTB000060497
c:\users\New Account\AppData\Local\xyatrbsfy

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFscript.txt on top of ComboFix.exe



  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

Install the current version of avast.

Let me know if things are still running okay.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #9  
Old 09-15-10, 23:30
SweetLD215 SweetLD215 is offline
Private E-2
 
Join Date: Sep 2010
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

Hi there,

I haven't gotten to do this stuff yet (been insane at work and at school) but hopefully I'll be able to run these things tomorrow =)
Reply With Quote
  #10  
Old 09-16-10, 06:16
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 27,088
Thanks: 686
Thanked 3,325 Times in 3,253 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

No problem, I will be here floating about somewhere.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
Sponsored links
  #11  
Old 09-17-10, 23:58
SweetLD215 SweetLD215 is offline
Private E-2
 
Join Date: Sep 2010
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

Hello,

Ok I followed your instructions. I installed the Your Uninstaller and I think it worked in getting rid of Mirar. It was a bit confusing because it gave me an error (I had the error typed up, but when I ran ComboFix, it rebooted and I lost what I typed since I didn't save it). It basically said it couldn't find it, but then it asked if I wanted to continue uninstalling since it didn't finish. I think that did the trick.

I also installed the right combofix and got it on my desktop, and ran the MGtools. I've attached the logs.

My computer seems to be running properly now. Hopefully all the bad stuff is gone. =)
Attached Files
File Type: txt CF log.txt (18.1 KB, 2 views)
File Type: zip MGlogs.zip (216.0 KB, 2 views)
Reply With Quote
  #12  
Old 09-18-10, 08:13
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 27,088
Thanks: 686
Thanked 3,325 Times in 3,253 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

Hi.

Now we need to use ComboFix again
  • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    • If it is not on your Desktop, the below will not work.
  • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
  • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
  • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
Code:
KILLALL::

Driver::
WPRO_40_1340

File::
c:\windows\system32\WPRO_40_1340woem.tmp
c:\windows\system32\drivers\WPRO_40_1340.sys

Folder::
C:\Users\New Account\AppData\Local\temp\FCTB000060497
C:\Users\New Account\AppData\Local\temp\Low
  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFscript.txt on top of ComboFix.exe



  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

You need to install AV.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #13  
Old 09-18-10, 15:50
SweetLD215 SweetLD215 is offline
Private E-2
 
Join Date: Sep 2010
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

Hi there,

I followed your instructions and attached the two logs.

What is AV? Is that Avast? If so, I did install it.
It is the avast! Free Antivirus
Program version: 5.0.677
Virus definition version: 100918-1

Is this the right one?
Attached Files
File Type: txt CFlog.txt (30.7 KB, 2 views)
File Type: zip MGlogs.zip (222.8 KB, 2 views)
Reply With Quote
  #14  
Old 09-18-10, 19:02
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 27,088
Thanks: 686
Thanked 3,325 Times in 3,253 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

Yes, so you did, I missed it. Too tired and back from work now. I'll review those last logs tomorrow after work.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #15  
Old 09-18-10, 23:52
SweetLD215 SweetLD215 is offline
Private E-2
 
Join Date: Sep 2010
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

Ok, sounds great. Thank you so much!
Reply With Quote
Sponsored links
  #16  
Old 09-20-10, 06:52
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 27,088
Thanks: 686
Thanked 3,325 Times in 3,253 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

  • Run avenger.exe by double-clicking on it.
  • Do not change any check box options!!
  • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
Quote:
Folders to delete:
C:\Users\New Account\AppData\Local\temp\FCTB000060497
C:\Users\New Account\AppData\Local\temp\Low
  • Now click the Execute button.
  • Click Yes to the prompt to confirm you want to execute.
  • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
  • Your PC should reboot, if not, reboot it yourself.
  • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #17  
Old 09-22-10, 21:04
SweetLD215 SweetLD215 is offline
Private E-2
 
Join Date: Sep 2010
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

Hi there!

I followed your instructions. Hopefully my computer is good now. *crossing fingers*
Attached Files
File Type: zip MGlogs.zip (232.2 KB, 1 views)
File Type: txt avenger.txt (1.2 KB, 1 views)
Reply With Quote
  #18  
Old 09-23-10, 10:53
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 27,088
Thanks: 686
Thanked 3,325 Times in 3,253 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

Could you please go to VirusTotal.com and upload the following files for analysis:
  • C:\Windows\System32\WPRO_40_1340woem.tmp

Could you please get this: WPRO_40_1340woem.tmp into a zipped file and attach it for me in your next post? To do this, see the below:

Please go to start > Run and paste in the following:
Quote:
%systemdrive%\MGTools\zip "%systemdrive%\collect.zip" C:\Windows\System32\WPRO_40_1340woem.tmp

log retrievable @ C:\collect.zip


Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

Don't forget the collect.zip and the VT results.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #19  
Old 09-23-10, 11:30
SweetLD215 SweetLD215 is offline
Private E-2
 
Join Date: Sep 2010
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

Hi there!

I'll follow the steps when I get home this evening. You mentioned the ATF Cleaner is only for Windows XP and 2000. I run on Windows Vista, unfortuantely. Does this mean I should not do that step?
Reply With Quote
  #20  
Old 09-23-10, 11:36
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 27,088
Thanks: 686
Thanked 3,325 Times in 3,253 Posts
Default Re: JS:FakeWarn-E [Trj], please, please help!

*slaps head* yes, my bad. Run Ccleaner. You have alot of temporary files that should be flushed out.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 16:25.


MajorGeeks.Com Home Page
| Admin Tools | All In One | Anti-Spyware | Anti-Virus | Appearance | Backup | Benchmarking | BIOS | Browsers | Covert Ops |
Data Recovery | Diagnostics | Drive Cleaners | Drive Utilities | Drivers | Driver Tools Ergonomics | Firewalls | Games | Game Tweaks | Graphics | Input Devices | Internet Tools | Macintosh | Mail Utilities | Memory | Messaging | Monitoring | Microsoft | Multimedia | Networking | Office Tools | Process Management | Processor | Registry | Security | System Info | Toys | Video | Miscellaneous
|
Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger