tagasausus and others

i have tagasaurus and other virus i will post logs in next post

 

will be waiting ...

 

ok i have 3 logs done but my computer a bit messed and says that im not admin so i cant download MGtools ill post these three till you tell me what to do

 

View attachment combo.txt

View attachment Report-Scan-20080112-184007.txt

View attachment SpybotSD.Results.txt

 

Hi nicksimec!
Did you have Spybot fix everything it found? Do you normally have administrative rights? Can you get to the administrator account in Safe Mode? If so, please try to get the MGtools.exe downloaded. It will produce a log called MGlogs.zip as per the instructions.
abri

 

spybot fixed everything, i normally have a administrative rights but since my last malware infection they were gone, there is no admin account there is only one account in the computer. i didnt go in safe mode but you cant go on the internet on safe mode i thought.

 

if i disable UAC would that give me admin right

 

Hi Nicksimec,
You're partially right. The MGTools will install directly into the C drive. What you can do is to download three scans onto a second computer -transferable deviced like a cd or flash drive. The three are hijackthis, shownew and getrunkeys. Then install them onto the infected computer this way. I don't know if this will work but it's worth a try. I will give you the instructions here. If you can't do something, go to the next thing.

1:If possible, you MUST be sure that MSconfig is not being used to control Startups. Note: That some Window's OSs (like Win 2K) do not have MSconfig!

• MSConfig Startup Mode
  Please go to Start > Run > type msconfig and click OK!
  Select the General tab and select Normal Startup.

Thenclick Apply and OK and reboot PC before continuing.​

Remain in this Normal Startup mode while your PC is being cleaned of malware.​

Download and install CCleaner

• • 
    [*]MAKE SURE you download from the above link to avoid getting the Yahoo Toolbar version. We do not want to install any unnecessary baggage.

2: Enable viewing of hidden files, system files and file extensions


Some programs hide themselves by making their files invisible in normal Windows settings. Run the steps in the below link (has steps for ALL Win OS's) to make them easier to find.

How to view hidden, system files & folders!​

Not doing this would allow file extensions commonly used by trojans and spyware to be hidden, for example a file ending in .exe or dll making manually finding it, if needed, difficult to impossible.

Download GetRunKey.Zip and ShowNew.Zip from the below links and extract all files from both ZIP files into a folder of their own. You can extract both ZIP files into the same folder. Like C:\MGTools While these tools will run from your Desktop, we strongly recommend that you DO NOT extract them to your Desktop. Please install them where recommended. Do not run the scans yet!!!

• Using GetRunKey
• Using ShowNew

You will need to print or save these instructons locally in a text file so you can refer to them while offline. Do this before continuing!

• Reboot into safe mode: Starting your computer in Safe mode
• Physically unplug your cable to the internet (even if you have dial-up, unplug modem)
• Shut down ALL unrequired applications including browsers
• Run Ccleaner with the default options to clean out temporary files. Only use the Default Scan on the Windows Tab and select Run Cleaner. Do not run any other options from other tabs.
• DO NOT use Sybot's Teatimer. If you already have Teatimer enabled, see this to disable it: How to disable Spybot's TeaTime

3: Scanning for Additional Info

Now REBOOT INTO NORMAL BOOT MODE: locate the folder where you downloaded GetRunKey.Zip and ShowNew.Zip and then run the below steps.

• Locate the getrunkey.bat file and double click on it to run it. It will create a file named runkeys.txt in the root of drive C: (C:\runkeys.txt) DO NOT attach any other file. The log is named runkeys.txt. We do not need any of the other 20 or so temp files that are created. They will all be deleted when you terminate GetRunKey by closing the notepad window. This log will also popup in a notepad window which your can just close. Upload the runkeys.txt file here as an attachment when you come back to post your results. See: HOW TO: Attach Items To Your Post
• Please make sure you close the popup notepad window with the runkeys.txt log in it before running ShowNew in the below step.
• Locate the shownew.bat file and double click on it to run it. It will create a file named newfiles.txt in the root of drive C: (C:\newfiles.txt) . This log will also popup in a notepad window which your can just close. Upload the newfiles.txt file here as an attachment when you come back to post your results.

4: HijackThis log posting

You must install HijackThis properly per the instructions in the below link. We are growing tired of saying this. If you do not listen, you are at risk of having problems if something is deleted and should not be. It will be YOUR FAULT if you do not install HijackThis properly.

***** MAKE SURE YOU CLICK THE BELOW LINK AND FOLLOW DIRECTIONS! TOO MANY PEOPLE ARE SKIPPING IT! *****

Downloading, Installing, and Running HijackThis

If you get any of the above logs, please attach them with your next post.


abri

 

is there any way i can get admin rights i really dont want to doenload stuff on the old computer
couldnt i just download the three on this computer?

 

i just read that spybot may be causing admin problem so im uinstalling it now. didnt work

 

Hi nick!
Sorry I missed your UAC comment. There's a delay in when I see people's posts. Yes, that would help. In the READ & RUN ME FIRST there are specific instructions for Vista users. The MGTools is supposed to turn off the UAC. Did you follow the instructions in the READ ME for Vista users? If they are not working for you, then turn off the UAC yourself and when you get the pop-up to enable it, just ignore it until the cleaning procedures are done.

Please see if this will work.

 

i think i did it right

View attachment MGlogs.zip

 

Hi nicksimec!

What are these files and what is in this folder which are on your desktop? Do not open any files.

This folder:
C:\Users\nick simec\Desktop\ÿ

These two files:
C:\Users\nick simec\Desktopn.odp
C:\Users\nick simec\Desktopn.ppt

If you do not know, please have the above two files scanned at jotti or VirusTotal and let me know the results.

Also, see if you can use the Manage Attachments button. Sometimes it is necessary to clear your browser cache. Also, you must click on the "Remember Me" button when you log in to Major Geeks.

Thanks.
abri

 

yeah i scaned those they all they found nothing

 

Hi nicksimec!

I'm having a time here. In your logs, Spybot didn't find anything. AVG Antispyware didn't find anything. Combofix didn't find anything. I haven't been able to find anything in your MGTools logs. What malware symptoms are you having? Are they gone since you ran all the various tools?

abri

 

the symptoms im having are very slow computer sometimes ok but somtimes i have to restart the computer and internet crashes i definly still have the symptoms and i did a spyware doctor scan yestorday and it still showed them want me to try the read me over?

 

Hi nicksimec!

I think we should start by finding out what the strange folder is. You mentioned you thought it was your hidden file but you didn't name it this. Can you open it? If so, tell me what's in it. If you can open it, don't open any files unless you know what they are. If you're not able to open it, please right click on it and see if there is any information about it in properties.

This folder:
C:\Users\nick simec\Desktop\ÿ

abri

 

i can open it i have exam notes in it desktop.ini and passwords on txt format that is now delted i used a alt code to name it so im not sure if that made a invisble weird y or what ill try to find the alt code i used

 

Hi nicksimec!

I wonder if your C:\Windows\system32\SearchIndexer.exe might be behind the slowness you've been dealing with. You can go to Start / Run and type in services.msc and look through the list until you find exactly that program -- Searchindexer - and disable it. I don't know if this will help and in any case, I recommend that you post in the Software Forum and ask them for more information about this.

abri

 

i couldnt find it and we removed one virus over this time but tagasaur and generic are still here

 

should i delete my hidden file with killbox?

 

Hi nicksimec!
You can delete the y folder or not. If it contains things you put in there yourself, it's unlikely they are infected. Your logs don't show any signs of your having malwre problems. If you have virus warnings in reports, please post them. We do not take all the warnings from Spyware Doctor seriously, because they produce false positives, which means, they declare something a virus which is not. The problem remains that your computer is slow and that your internet crashes. This can be caused by a number of factors and unfortunately, sometimes these factors don't come alone. Is it possible for you to go back to a restore point which preceeds the problems you've been having? This is one way to test whether you might be having a problem caused by a software conflict. Vista is new territory for most people and some of the software is not yet Vista compatible. Also there are bugs. Please take the time to visit the Software Forum and then if necessary, the Networking Forum, where you will have more than one person to get ideas from. If you want to attach specific reports with specific virus information, I'll look at that.
Thanks.
abri