Can't kill Vundo Variant - going Krazy

Welcome to Major Geeks!

MGtools will run but it just will not run properly. If you have not run it then run it any way so that it creates the MGtools folder. I will be giving you a 64 bit version of GetRunKey.bat which is part of MGtools. The 64 bit version will need to be put into the MGtools folder with all other tools.

Please download GRK64.zip into the MGtools folder. Then extract the contents of the ZIP file into the C:\MGtools folder. This will add a file named GRK64.bat to the folder. Try double clicking the GRK64.bat file. If it runs a notepad window will popup with a runkeys.txt log. Also it should add the runkeys.txt log to the C:\MGlogs.zip file. Attach the C:\MGlogs.zip file to your next message.

Also please attach the requested logs from SUPERAntiSpyware and Malwarebytes as requested in the READ ME. Also (even though we don't request on in the READ ME, could you please attach a log from Spybot if it is still detecting anything.

 

You did not run the GRK64 procedure that I gave you last time, however it does not matter since you are incorrect about using a 64 bit OS. You are using a 32bit version of Windows.

You still have malware to fix, but I cannot help you until you follow the instructions properly. Go back to step 1 of the READ & RUN ME and put your system into Normal Startup mode using MSconfig. Then run C:\MGtools\GetLogs.bat by double clicking on it. Then attach the new MGlogs.zip file.

 

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot, copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

No! Your logs are clean. I would only would ask if you created the below policies yourself?

If you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntiSpyware now.
2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
4. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\cf" /u
     • Notes: The space between the cf" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\cf folder from combofix.
5. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
6. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
9. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
10. Go to add/remove programs and uninstall HijackThis.
11. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
12. If you are running Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
13. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!