Help with removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by polarb3ar, Jul 4, 2008.

  1. polarb3ar

    polarb3ar Private E-2

    Situation, i got back home (night time) then when i accessed my pc kaspersky was giving me pop ups regarding wak.cmd. I think that my sister's usb might have been infected with it and possibly a few other malware/adware.

    Thanks for those who help people like us :D

    hmmm I think I should indicate that my hdd is currently partitioned into two, the first would be for the system and the second would be for the files. I found both partitions to contain wak.cmd and autorun.inf in their root directories.

    Attached are the logs required to be attached :p
     

    Attached Files:

    polarb3ar, Jul 4, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You need to attach the log from SUPERAntiSpyware.

    Also it appears that you stopped MGtools before it was finished or you received error messages that you did not mention. To get a new log do the following.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below log:
    • C:\MGlogs.zip


    Now look on all of your drives (including external/usb drives) for any of the below files and delete them if found. Otherwise you will reinfect your system when any external drive is plugged in again. You can also infect USB cameras ....etc if not careful.
    autorun.inf
    Document.exe
    fool0.dll
    fool1.dll
    ieso0.dll
    kxvo.exe
    New Document.exe
    wak.cmd
     
    chaslang, Jul 5, 2008
    #2
  3. polarb3ar

    polarb3ar Private E-2

    @Chaslang
    thanks for the advice.. hmmm well i did finish the MGTools I left it running this morning while i was eating my breakfast but i will do it again later as soon as i get home :D

    Oh yeah i think i was unable to attach one of the logs since only 3 files are allowed to be attached per post and i had to go to school as soon as i created this thread :p
     
    polarb3ar, Jul 5, 2008
    #3
  4. polarb3ar

    polarb3ar Private E-2

    attached is the MGlogs.zip as requested and also the SASlogs which i was not able to attach earlier today due to the attachment limit
     

    Attached Files:

    polarb3ar, Jul 5, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The below is a quote from the READ & RUN ME ;)
    MGtools is still not running properly. You must be getting some kind of error. Possibly one of the ones mentioned on the Using MGtools instructions page. Please do the below.

    Click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

    cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
    GetLogs <-- this will try to run all of the scans of MGtools. Tell me what error messages, if any, you see.



    I do see that you did not put your PC into Normal Startup mode with MSconfig as requested in step 1 of the READ & RUN ME. You must do this now and remain in normal startup mode.
     
    Last edited: Jul 5, 2008
    chaslang, Jul 5, 2008
    #5
  6. polarb3ar

    polarb3ar Private E-2

    This is the error messege i get from MGTools

    Start of the program

    'GetUnKeys.bat' is not recognized as an internal or external command,
    operable program or batch file.
    'C:\MGTools\analyse.exe' is not recognized as an internal or external command,
    operable program or batch file.

    File: "config.reg" does not exist"

    End of the Program

    The system cannot find the file specified.
    updating: runkeys.txt (188 bytes security) (deflated 81%)
    The C:\MGTools\temp\GRKflag.txt exists. Deleting it!

    Getting System Information
    Zipping C:\MGTools\sysinfo.txt
    updating: MGTools/sysinfo.txt (188 bytes security) (deflated 71%)

    'C:\MGTools\processdll.exe' is not recognized as an internal or external command
    ,
    operable program or batch file.
    The system cannot find the file specified.
    Could Not Find C:\Documents and Settings\Home\Desktop\procdll.txt

    I also redid the steps again, attached 4 logs.
    By the way... is c:\QooBox made by ComboFix and what to do with the said folder?

    Thanks again sir :D
     

    Attached Files:

    polarb3ar, Jul 6, 2008
    #6
  7. polarb3ar

    polarb3ar Private E-2

    2nd part of logs
     

    Attached Files:

    polarb3ar, Jul 6, 2008
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Something appears to have blocked MGtools from self-extracting from the executable file properly. You do not have all of the files in the C:\MGtools folder that you should have. Based on your ComboFix log it looks like you did not get a complete download of MGtools.exe. Please download it again ( from here: MGtools.exe ) and make sure that you get the whole file. It should be 1211 KB in size and if you right click on it and select properties it should indicate that Size is 1,239,875 bytes. If you get this size then double click on the MGtools.exe file to run it. Then attach the new C:\MGlogs.zip file.
     
    Last edited: Jul 6, 2008
    chaslang, Jul 6, 2008
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds