Can Anyone Please Possibly Tell Me What This Is?

Discussion in 'Malware Help (A Specialist Will Reply)' started by grc123, Apr 24, 2008.

Page 3 of 3
  1. grc123

    grc123 MajorGeek

    Can you tell me how this looks now please?

    I'm believing I 'got `er dun' this time! :confused

    PS - OH, I just realized, that the first time I ran HJT I hadn't disabled the UAC, so I ran it again (WITH UAC disabled!) and it looks as if what I am sending now shows the second run ('files not found-failed'), but I think it ran successfully the first time, hence it would not find the files on a second run - right?
     

    Attached Files:

    grc123, May 9, 2008
    #101
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I believe you meant Avenger not HJT. ;)

    Your logs are fine.

    If you are not having any other malware problems, it is time to do our final steps:
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\cf" /u
        • Notes: The space between the cf" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\cf folder from combofix.
    3. If we had you run Avenger, you can delete all files related to Avenger now.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    chaslang, May 10, 2008
    #102
  3. grc123

    grc123 MajorGeek

    <<-- I'm not really sure exactly what I meant, at this point (?) ... when I opened one of these programs, HJT appeared, and was run/executed ...

    1. <<-- "ComboFix" was installed, fairly early on in this thread (when working with abri), and it is on the Desktop of the other UA ("Net" ... not this one, "1g", so I am not exactly certain how to accomplish this [?] additionally, I don't believe it was "renamed" (on the other Desktop) - the icon is named "ComboFix.exe". Does any of this, so far, matter in any way, shape or form, please? thanks ...

      I really am apologetic to you/MG ... to everyone here. This has proven as difficult for me as if learning a new language, simply by "reading" about it. I'm 48, and wasn't raised "learning or "communicating" this way - and again, the transition proves tough. Though I am not in any way using this as an "excuse" the fact that I'm fairly recently dealing with several disabling conditions is a reality for me, and complicates things a bit further.

      Thanks.
     
    grc123, May 10, 2008
    #103
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If it is still on the Desktop of another user account then just follow the instructions on that user account. Also if it is named combofix.exe instead of cf.exe then use "%userprofile%\Desktop\combofix" /u

    No need to apologize. We know that for some people computers and the procedures we give for malware removal can be a challenge.

    You're welcome.
     
    chaslang, May 10, 2008
    #104
  5. grc123

    grc123 MajorGeek

    Thanks.

    If I get an "Installation Failed" error message upon attempting to uninstall ComboFix - is there a remedy to that? I copy/pasted it into the run box (from your second post on what to do/how to handle that Desktop Icon I had named (or is named by default?): ComboFix.exe (with the capital "C" & "F".

    I tried it both ways - your way first ( "%userprofile%\Desktop\combofix" /u - all lowercase except the "D"), and then the way it actually appears on my Desktop- with the "D" and the "C" & "F".
     
    grc123, May 10, 2008
    #105
  6. abri

    abri MajorGeek

    Hi grc123,
    The Net user account does not have administrative capabilities. How were you able to install it there the first time? Was it enough to have UAC disabled? Or can the user install and uninstall software?
    abri
     
    abri, May 10, 2008
    #106
  7. grc123

    grc123 MajorGeek

    Hi abri ...

    The "Net" user account is the account that I normally use to access the internet, etc. (my understanding was/is that the less "privileges" an account has, the safer it is to go online??).

    In any event, that "user" (me ... "Net") can install/uninstall software, so I don't know if it was that, or having UAC disabled that allowed ComboFix (which I assume is why you're asking?).

    Thank you ...
     
    grc123, May 10, 2008
    #107
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Just go to the Desktop and delete the ComboFix.exe program.
     
    chaslang, May 10, 2008
    #108
Page 3 of 3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds