backdoor hu.pigeon,

Welcome to Majorgeeks!

See how much of the below you can get through and attach any of the logs you can get...

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

 

What Windows OS are you running?

If you look in the C:\MGtools folder, which of the below log files do you see (attach the ones you do see):

• GetUnKey.txt
• hijackthis.log
• newfiles.txt
• runkeys.txt
• procdll.txt

See this: HOW TO: Attach Items To Your Post

 

Know wonder you are having problems with the tools. You are badly infected.
Do you know what the below three items are for?
O4 - HKLM\..\Run: [LAAM] c:\agilent\bin\runit c:\Agilent\bin\s_user.exe
O4 - HKLM\..\Run: [adcius.exe] c:\Agilent\adci\adcius.exe
O4 - HKCU\..\Run: [adcist.exe] c:\agilent\adci\adcist.exe

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Now we need to stop and disable a bad service.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to WindowsService
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [waumgr] waumgr.exe
O4 - HKLM\..\Run: [AutomaticUpdates] AutomaticUpdates.exe
O4 - HKLM\..\Run: [csrss] C:\RECYCLER\S-1-5-21-484763869-1614574334-18083462561-100\run.bat
O4 - HKLM\..\Run: [svchost] C:\RECYCLER\S-1-5-21-484763869-1614574334-18083462561-100\svchost.exe
O4 - HKLM\..\RunServices: [waumgr] waumgr.exe
O4 - HKLM\..\RunServices: [AutomaticUpdates] AutomaticUpdates.exe

After clicking Fix, exit HJT.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\spittal\Local Settings\Temp\

Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created (hopefully it works okay now) by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

 

Well I cannot really help you in the Malware Forum with this new problem you have created. I will suggest you take look a make and using a CD as mentioned in the below to reset the passwords to blank.

http://home.eunet.no/~pnordahl/ntpasswd/

Other than that, you will have to look for help in the Software Forum for your current issue of not being able to log in.

 

The NTPassword reset works just fine if you understand everything to select while it loads up. Also you must not try to create a new password. Just use the option to blank out any existing password.

You would have to create a new thread for your current problem. That way once you get it fixed you can come back to this one that already has malware fixes in it.