I have a problem.....

I don't recall the guide telling you to rename MalwareBytes ...and certainly not before downloading. We do ask you to rename ComboFix after downloading to your desktop before running it.

However, I need to see the logs from
SAS
ComboFix ----this you should disable your F-secure program before running.
MWB's ---if you got it to run.
MGLOgs.zip --> after running the MGTools.exe

 

Yes it does Tim (in two locations ). Changed on 7/16/2008 to have the installer renamed to mb.exe because new malware was recognizing the real installer and blocking it from being run. I will be doing the same for SUPERAntiSpyware soon since we have been seeing similar issues with malware stopping it from installing. We may need to also rename the executables that are used for running the actual scans too since malware often stops those too (just like ComboFix).

 

You need to re-run MWB's and have it fix anything it finds. Please attach a new log from that as well as a new MGLogs.zip from running the C:\MGtools\GetLogs.bat file by double clicking on it.

 

What malware problems are you currently having?

 

Yes you can delete the quarantined items.

You can get instructions on installing the recovery console HERE.

If you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntiSpyware now.
2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)

* Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
* "%userprofile%\Desktop\combo-fix" /u
o Notes: The space between the cf" and the /u, it must be there.
o This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
* Delete the C:\cf folder from combofix.

4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
8. Go to add/remove programs and uninstall HijackThis.
9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
10. If you are running Vista, Windows XP or Windows ME, do the below:

* Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
* Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
How to Protect yourself from malware!

 

You are most welcome.....safe surfing.