I'm baaaack! Adware.SysGuard/FakeAlert

Discussion in 'Malware Help (A Specialist Will Reply)' started by bingo, Apr 9, 2009.

  1. bingo

    bingo Private E-2

    Hi Angels!
    I was at dailymotion watching turkish music videos and a rogue told me I had zlob-something: you can bet I got out of there as fast as I could!

    ...went directly to R'n'R Me, which caught a few things: logs attached.

    Apologies in advance for whatever degree I may have deviated from a rigorous run: I was a little punchy from lack of sleep to start with... Um, I never saw the part where I was supposed to physically unplug from the network; is that no longer part of the procedure, or did I just read over it blindly?

    Thanks in advance for your help: as a token of my gratitude I offer this totally OT video link that just absolutely slays me, inspired by !kittens!

    PS I've tidied up my desktop tremendously as per Chaslang's advice, down from what must have been 250 folders and apps to a mere 80 or so shortcuts... can you believe I'm actually proud of myself? Next I guess it's time to switch to avast and get a real firewall...

    PPS oh, congrats on upgrading your upload protocol to accommodate all 4 logs: must save a bit of grief there... I've been meaning to suggest also that y'all edit the top of the ReadandRun, as distressed newcomers (such as I was once) can be easily confused by the photo of Major Attitude followed by 121 thanks, and not be able to figure out to just scroll down for the "new procedure". Maybe you could make the line "See new READ ME PROCESS 10-09-05" into an anchor link or something... I know this seems silly from where you are but I was really confused at first and I've noticed that others have been as well... anyhow thanks again and enjoy the kittens thing :)

    many blessings,
    kc
     

    Attached Files:

    Last edited by a moderator: Apr 11, 2009
    bingo, Apr 9, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The scans took care of the infection. Your logs are clean.

    I will pass your comments along regarding the R & R instructions.

    I removed your vid...though cute, it best belongs in the lounge. :)

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Apr 11, 2009
    #2
  3. bingo

    bingo Private E-2

    Hi and thanks for the checkup!

    I have a question about malware protection: I've been using AVG for awhile but I'm ready to switch... your "protecting yourself" sticky has me a little dizzy, though.

    I'm broke and love freeware even when I'm not, so I was looking at:
    Avast (or Avira) + PCtoolsFW + BOClean (or Spyware Terminator)

    and then I started thinking:
    Comodo AV + Comodo FW + BOClean

    My questions are:
    1) why Avira over Avast?
    2) where do SAS and/or MBAM fit in?
    3) what's the overlap? ie do I need spybot, spywareblaster, BOClean AND SAS?
    4) what is "web security guard toolbar" in Spyware Term?
    4a) Are BOClean and Spyware Terminator both realtime blockers AND effective scan/removal tools?
    5) is there any integration-advantage in going "all Comodo"?
    6) do I have it clear that no matter what AV and FW tools I use, you recommend SpyBot and Spyware Blaster? Is SpyBot an effective scan/removal tool that would replace SAS or MBAM?

    I'm usually quite clever at sorting this kind of thing out but like I said, the sticky is making me a little dizzy... I appreciate whatever light you might shed.

    I knew the vid link was a little sketchy but it just made me so happy and I wanted to make you guys happy ;-)

    thanks again!
     
    bingo, Apr 11, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are quite welcome....safe surfing. You may wish to post in the software section to get other user opinions as to what protection plans they are using.
     
    TimW, Apr 14, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds