got another infection "again"

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please attach it.

You need to disable Spybot's Teatimer as requested in the READ ME.

You must always put MGtools where we ask you to put it which is C:\MGtools.exe not the below:

C:\Documents and Settings\chris.CHRIS-D6DDAA924\Desktop\spy stuff\MGtools.exe


Now we need to use ComboFix.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

This may be of use if you lost the ability to get to the internet since it would at least let you run something. However, it is not a good idea for normal conditions when you are going to work in the forum since all tools and even the instructions in the READ ME may be out of date. They change all the time to keep up will malware and to correct things like you mentioned below.

Thanks! Fixed it.

You forgot to tell me how things are working. Your logs are clean.


If you are not having any other malware problems, it is time to do our final steps:

2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\cf" /u
     • Notes: The space between the cf" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\cf folder from combofix.
3. If we had you run Avenger, you can delete all files related to Avenger now.
4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
7. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

No! You should run the READ ME before bothering to post since in most cases it is the starting point anyway.

Why are you running Avenger and what are you doing with it? You should never run this on your own. You can make your PC unbootable if you do the wrong thing. Avenger is not a scanner, it is only a tool used to do removals of files, folders, and registry keys.

 

Avenger is only used in special instructions given in a cleanup procedure the directly relates to the problem at hand and they only apply to the individual person they are posted for. The only place you would be running it is in this thread if requested. It is not part of the READ & RUN ME.

 

I don't know since I don't know what you did with Avenger. Perhaps it did not delete anything at all since the thread you mentioned has nothing to do with you.

 

Avenger did not delete anything in this case since none of thos folders had anything to do with your PC.

You should delete Avenger and never run it again without specific instructions that were written for you.

 

You're welcome. Surf safely!