E2Give Removal Procedure

Discussion in 'Malware Removal FAQ' started by chaslang, Apr 22, 2006.

Thread Status:
Not open for further replies.
  1. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This procedure is meant to be a generic fix for the latest form of E2Give that seems to be infecting many people. This procedure is only for Windows XP and Windows 2000 users. The procedure assumes you already have HijackThis installed. See the below link if you do not already have the current version of HijackThis installed: Please download The Avenger by Swandog46 to your Desktop.
    • Double click on Avenger.zip to open the file and extract avenger.exe to your Desktop
    • Copy the below quoted text (which is a script for Avenger) into your clipboard by highlighting it and pressing
      CTRL+C
    • Now, run The Avenger program by double clicking its icon on your Desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    The Avenger will automatically do the following:
    • It will Restart your computer. (When the script being executed contains "Drivers to Unload",
      The Avenger will actually reboot your system two times.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the reboot, it creates a log file that should open with the results of Avenger’s actions. This log
      file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped
      them and moved the zip archives to C:\avenger\backup.zip.
    Please attach the c:\avenger.txt file to your next message. Now continue with the below fixes!

    Copy the bold text below to notepad. Save it as fixE2G.reg to your desktop. Be sure the "Save as"
    type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
    O20 - AppInit_DLLs: iniwin32.dll

    After clicking Fix, exit HJT.:

    Now reboot your PC!

    Now check to make sure the O2 - BHO and O20 AppInit_DLLs lines for E2Give no longer appear in your HijackThis log.

    If you are still have problems, you must run ALL the steps in the below Sticky thread

    and then attach the logs from steps 6 & 7 to a message in the Malware Forum. You should also attach the C:\avenger.txt log that was created so we can see what happened.
     
    Last edited: Apr 22, 2006
    chaslang, Apr 22, 2006
    #1
Thread Status:
Not open for further replies.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds