Malware Cleaning/ a few concerns (RootRepeal etc.)

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Rebecca99, Nov 17, 2011.

  1. Rebecca99

    Rebecca99 Private E-2

    Hi folks, I'd like to let you know that your Malware Cleaning Guide has helped me out a lot in the past.

    Now, I have a used computer recently given to me by a relative and, after buying and installing Avira Antivirus, found that it had a Trojan Horse on it (Avira found and was unable to delete 338896.SYS).

    Note that I uninstalled Avira as part of my preparation to run the Malware Cleaning scans.

    Here are my concerns:

    1. After running Super Anti Spyware and maybe Malwarebytes but prior to running Combofix, I found that the computer would no longer reboot normally. In other words, choosing "restart" causes it to shut down to the point of getting an initial Intel screen, but I have to manually shut it off and turn it back on to get it to come up again. I have just tested it again and continue to have this problem.

    2. When running Combofix, I let the computer sit overnight before manually restarting it (I gave it time since the Combofix instructions said to let Combofix reboot it).

    3. In the interests of backing up the computer before doing anything, I bought a Seagate FreeAgent Goflex external hard drive, which shows as the F:/ drive on the computer. I am concerned that Combofix deleted the autorun and setup files off this new disk; I had backed up the C:/drive and not the new F:/drive and would like to get the files back that came with the new F:/drive. Also, after the scans as below, I am now getting periodic pop-up boxes that say: MemeoBackgroundService.exe - Application Error [I am quite sure this has to do with the Seagate background software]: The instruction at "0x74985dfe" referenced memory at "0x00000020". The memory could not be "read". Click on OK to terminate the program

    4. After running Combofix, in order to reconnect to the Internet I found it necessary to uninstall and reinstall my Netgear N600 Wireless USB Adapter WNDA3100. So for better or worse, I reinstalled this after running Combofix.

    5. I was then unable to run RootRepeal, which indicated it was initializing but would then hang. I rebooted and tried again with no luck. Maybe because of Netgear but I can't be sure?

    Therefore, I skipped RootRepeal and have now run MGTools. Attached please find the logs that I now have; I appreciate any input you can give me on this computer and how to resolve the few issues I have remaining.
     

    Attached Files:

    Rebecca99, Nov 17, 2011
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any malware in your logs. We can restore the files to your external.

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

DeQuarantine::
C:\Qoobox\Quarantine\F\Autorun.inf.vir
C:\Qoobox\Quarantine\F\Setup.exe.vir

QUIT::
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    [​IMG]
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Note: If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

    Make sure you tell me how things are working now!
     
    TimW, Nov 17, 2011
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds